Crossover Error Rate (WAS "Intrusion Prevention")

From: Rob Shein (shoten@starpower.net)
Date: 12/11/02

  • Next message: Terry Ziemniak: "Firewall Activity analysis"
    From: "Rob Shein" <shoten@starpower.net>
    To: <focus-ids@securityfocus.com>
    Date: Wed, 11 Dec 2002 11:17:25 -0500
    
    

    In evaluating the accuracy of biometrics, there are similar concerns to
    those of IDS. Instead of false positives and false negatives, we have
    false rejects and false accepts. Just as with an IDS, you can reduce
    one at the expense of increasing the other, but unlike IDS, there's a
    commonly-known standard called the CER, or "Crossover Error Rate," at
    which point the system is tuned so that both kinds of false responses
    occur with the same frequency. That way, a vendor cannot say "Our
    biometric system will never accept an unauthorized user!" and leave it
    at that. Asking them for their CER will catch them in the act, if it
    turns out that when you tune the system properly it rejects 10% of valid
    attempts and accepts 10% of invalid attempts.

    Ok...the question I have is, how hard/easy would it be to come up with a
    similar yardstick for an IDS? I know that it's far more complex, owing
    to the number of signatures, but would it potentially be possible to
    come up with a standard set of attacks against which such a standard
    could be measured?



    Relevant Pages

    • RE: PCI/DSS compliant Managed IDS
      ... So although the standard calls for the hosting company to be complaint, it is not their breach if they fail this standard, but the breach of the merchant. ... all service providers with access to cardholder data (including hosting ... If the monitoring of the IDS provide access to cardholder or transaction data, ...
      (Focus-IDS)
    • RE: IDS Correlation
      ... form of focus group or Vendor consortium is formed to define a standard and ... publish an open standard? ... for each Vendor to support? ... Right now I've seen Cisco's IDS roadmap and it only plays with Cisco and ...
      (Focus-IDS)
    • Re: new intrusion detection system
      ... The standard has taken so long to produce, ... focus to IPS and flow-analysis that exceed the initial design considerations ... with IDS vendors have already superceded the need for a standard IDS logging ... It's certainly a hard problem (look how far IDMEF came from CIDF) and it ...
      (Focus-IDS)
    • Re: OT - Name Mangling software
      ... My id2id package can be used to make consistent substitutions over ... a set of source files, ... To get a list of ids ... easily extracted from the xref with standard tools. ...
      (comp.lang.c)
    • Re: OT - Name Mangling software
      ... My id2id package can be used to make consistent substitutions over ... a set of source files, ... To get a list of ids ... easily extracted from the xref with standard tools. ...
      (comp.lang.c)