IDS mailing list archives
Crossover Error Rate (WAS "Intrusion Prevention")
From: "Rob Shein" <shoten () starpower net>
Date: Wed, 11 Dec 2002 11:17:25 -0500
In evaluating the accuracy of biometrics, there are similar concerns to those of IDS. Instead of false positives and false negatives, we have false rejects and false accepts. Just as with an IDS, you can reduce one at the expense of increasing the other, but unlike IDS, there's a commonly-known standard called the CER, or "Crossover Error Rate," at which point the system is tuned so that both kinds of false responses occur with the same frequency. That way, a vendor cannot say "Our biometric system will never accept an unauthorized user!" and leave it at that. Asking them for their CER will catch them in the act, if it turns out that when you tune the system properly it rejects 10% of valid attempts and accepts 10% of invalid attempts. Ok...the question I have is, how hard/easy would it be to come up with a similar yardstick for an IDS? I know that it's far more complex, owing to the number of signatures, but would it potentially be possible to come up with a standard set of attacks against which such a standard could be measured?
Current thread:
- Crossover Error Rate (WAS "Intrusion Prevention") Rob Shein (Dec 11)
- Re: Crossover Error Rate (WAS "Intrusion Prevention") Raistlin (Dec 11)
- RE: Crossover Error Rate (WAS "Intrusion Prevention") Rob Shein (Dec 12)
- Re: Crossover Error Rate (WAS "Intrusion Prevention") Bennett Todd (Dec 12)
- Re: Crossover Error Rate (WAS "Intrusion Prevention") Raistlin (Dec 11)