(solution) Intrusion detection systems. Refer to the Journal of Research of the National Institute of…

(solution) Intrusion detection systems. Refer to the Journal of Research of the National Institute of…

Intrusion detection systems. Refer to the Journal of Research of the National Institute of Standards and Technology (November–December 2003) study of a computer intrusion detection system (IDS), presented in Exercise 3.90 (p. 148). Recall that an IDS is designed to provide an alarm whenever unauthorized access (e.g., an intrusion) to a computer system occurs. The probability of the system giving a false alarm (i.e., providing a warning when, in fact, no intrusion occurs) is defined by the symbol a, while the probability of a missed detection (i.e., no warning given, when, in fact, an intrusion occurs) is defined by the symbol β. These symbols are used to represent Type I and Type II error rates, respectively, in a hypothesis-testing scenario. a. What is the null hypothesis H0? b. What is the alternative hypothesis Ha? c. According to actual data on the EMERALD system collected by the Massachusetts Institute of Technology Lincoln Laboratory, only 1 in 1,000 computer sessions with no intrusions resulted in a false alarm. For the same system, the laboratory found that only 500 of 1,000 intrusions were actually detected. Use this information to estimate the values of a and β. Exercise 3.90 Intrusion detection systems. A computer intrusion detection system (IDS) is designed to provide an alarm whenever someone intrudes (e.g., through unauthorized access) into a computer system. A probabilistic evaluation of a system with two independently operating intrusion detection systems (a double IDS) was published in the Journal of Research of the National Institute of Standards and Technology (Nov.–Dec. 2003). Consider a double IDS with system A and system B. If there is an intruder, system A sounds an alarm with probability .9 and system B sounds an alarm with probability .95. If there is no intruder, the probability that system A sounds an alarm (i.e., a false alarm) is .2 and the probability that system B sounds an alarm is .1. a. Use symbols to express the four probabilities just given. b. If there is an intruder, what is the probability that both systems sound an alarm? c. If there is no intruder, what is the probability that both systems sound an alarm? d. Given that there is an intruder, what is the probability that at least one of the systems sounds an alarm?