Two intrusion detection systems IDS A and B are available

Two intrusion detection systems (IDS) – A and B – are available to block potentially harmful network events. Each IDS is prone to two types of errors. The table below summarizes the probability of these errors:

IDS

False Alarm Error Probability

Miss Error Probability

A

0.05

0.02

B

0.01

0.06

False Alarm error probability is defined as the conditional probability of blocking a harmless event.

Miss error probability is defined as the conditional probability of not blocking a harmful event.

Historical data suggests that 4 percent of the events are harmful.

Based on the information specified above, what is the conditional probability that:

An event blocked by IDS A is actually harmless? (2 Points)

An event not blocked by IDS B is actually harmful? (2 Points)

If the cost of not blocking a harmful event is 50 times the cost of blocking a harmless event, which IDS should a risk neutral rational decision maker use? Why? (3 Points)

We assumed that 4% of the events are harmful. At least how low must the percentage of harmful events be for a risk neutral rational decision maker to prefer IDS B? Assume that all other parameters remain as specified in (a) and (b). (3 Points)

We assumed that the ratio of the cost of not blocking a harmful event to the cost of blocking a harmless event is 50. At least how low must this ratio be for a risk neutral rational decision maker to prefer IDS B? Assume that all other parameters remain as specified in (a) and (b). (3 Points)

Solution

1. 0.03

2. 0.05

3. A a is less prone to miss a harmful event is more efficent than IDS B