Hosting Provided By

RE: Crossover Error Rate (WAS "Intrusion Prevention")

From: Rob Shein <shoten(at)starpower.net>
Date: Thu Dec 12 2002 - 09:55:50 EST

> -----Original Message-----
> From: Raistlin [mailto:raistlin@gioco.net]
> Sent: Wednesday, December 11, 2002 2:16 PM
> To: focus-ids@securityfocus.com

Actually, that depends. There are situations where a false accept is worse than a false reject, and vice versa. The point of the CER is merely to keep vendors from being able to cook the figures by tuning systems unrealistically for tests. (See under "IDS vendors who claim zero false positives.") In the end, however, it has proven true that the lower the CER, the more accurate and reliable the biometric system is, regardless of the specifics. And my hope is that a similar method can be developed for network-based IDS...it won't be a magic bullet for selection, but it would definitely clear some of the fog so that people who have to evaluate technologies can focus on their specific needs more than sorting out the truth from the half-truth. Received on Thu Dec 12 11:53:57 2002

This message: [ Message body ]
Next message: Yaakov: "ActiveScout (ForeScout) 100%?"
Previous message: Matthew F. Caldwell: "RE: Firewall Activity analysis"
In reply to: Raistlin: "Re: Crossover Error Rate (WAS "Intrusion Prevention")"
In reply to Matthew L. McGuirl: "RE: Intrusion Prevention"
Next in thread: Bennett Todd: "Re: Crossover Error Rate (WAS "Intrusion Prevention")"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:04 EDT