19 Intrusion detection systems. The Journal of Research of the National Institute of Standards and Technology

(November–December 2003) conducted a study of a computer intrusion detection system (IDS). An IDS is designed to provide an alarm whenever unauthorized access (e.g., an intrusion) to a computer system occurs. The probability of the system giving a false alarm (i.e., providing a warning when, in fact, no intrusion occurs) is defined by the symbol

a, while the probability of a missed detection (i.e., no warning given, when, in fact, an intrusion occurs) is defined by the symbol

b. These symbols are used to represent Type I and Type II error rates, respectively, in a hypothesis-testing scenario.

a. What is the null hypothesis H0?

b. What is the alternative hypothesis Ha?

c. According to actual data on the EMERALD system collected by the Massachusetts Institute of Technology Lincoln Laboratory, only 1 in 1,000 computer sessions with no intrusions resulted in a false alarm. For the same system, the laboratory found that only 500 of 1,000 intrusions were actually detected. Use this information to estimate the values of a and b.