Skip to Main Content
Two of practical issues in designing a network-based intrusion detection system for denial-of-service attacks are; how to represent the distributions of detection probability, false alarm probability and miss probability; how to achieve a high detection probability, a low false alarm probability and a low miss probability for decision making. This paper gives the representations to describe three probability distributions. Based on them, the authors derive a detection region within which one may achieve a high detection probability, a low false alarm probability and a low miss probability by selecting a suitable threshold value. A case study is demonstrated.