Which of the following is the BEST metric for evaluating the effectiveness of an intrusion detection
mechanism?
A.
Number of attacks detected
B.
Number of successful attacks
C.
Ratio of false positives to false negatives
D.
Ratio of successful to unsuccessful attacks
Explanation:
The ratio of false positives to false negatives will indicate whether an intrusion detection system
(IDS) is properly tuned to minimize the number of false alarms while, at the same time, minimizing
the number of omissions. The number of attacks detected, successful attacks or the ratio of
successful to unsuccessful attacks would not indicate whether the IDS is properly configured.