Skip to main content
Journal ArticleOPEN ACCESS

The Base-Rate Fallacy and the Difficulty of Intrusion Detection

ACM Transactions on Information and System Security (2000) 3(3) 186-205
DOI: 10.1145/357830.357849
481Citations
Citations of this article
347Readers
Mendeley users who have this article in their library.

Abstract

Many different demands can be made of intrusion detection systems. An important requirement is that an intrusion detection system be effective; that is, it should detect a substantial percentage of intrusions into the supervised system, while still keeping the false alarm rate at an acceptable level. This article demonstrates that, for a reasonable set of assumptions, the false alarm rate is the limiting factor for the performance of an intrusion detection system. This is due to the base-rate fallacy phenomenon, that in order to achieve substantial values of the Bayesian detection rate P(Intrusion | Alarm), we have to achieve a (perhaps in some cases unattainably) low false alarm rate. A selection of reports of intrusion detection performance are reviewed, and the conclusion is reached that there are indications that at least some types of intrusion detection have far to go before they can attain such low false alarm rates. © 2000, ACM. All rights reserved.

Author supplied keywords

References Powered by Scopus

An Intrusion-Detection Model

IEEE Transactions on Software Engineering
2395Citations
N/AReaders
Get full text

Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation

Proceedings - DARPA Information Survivability Conference and Exposition, DISCEX 2000
744Citations
N/AReaders
Get full text

A data mining framework for building intrusion detection models

Proceedings - IEEE Symposium on Security and Privacy
578Citations
N/AReaders
Get full text
View more at Scopus

Cited by Powered by Scopus

A detailed analysis of the KDD CUP 99 data set

IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA 2009
3798Citations
N/AReaders
Get full text

Anomaly-based network intrusion detection: Techniques, systems and challenges

Computers and Security
1450Citations
N/AReaders
Get full text

An overview of anomaly detection techniques: Existing solutions and latest technological trends

Computer Networks
1155Citations
N/AReaders
Get full text
View more at Scopus

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Cite

CITATION STYLE

APA

Axelsson, S. (2000). The Base-Rate Fallacy and the Difficulty of Intrusion Detection. ACM Transactions on Information and System Security, 3(3), 186–205. https://doi.org/10.1145/357830.357849

Readers' Seniority

Tooltip

PhD / Post grad / Masters / Doc 163

68%

Researcher 46

19%

Professor / Associate Prof. 18

8%

Lecturer / Post doc 12

5%

Readers' Discipline

Tooltip

Computer Science 185

80%

Engineering 32

14%

Psychology 9

4%

Business, Management and Accounting 6

3%

Article Metrics

Tooltip
Mentions
Blog Mentions: 2
News Mentions: 10
References: 2

Save time finding and organizing research with Mendeley

Sign up for free