Alert Triage on the ROC

  • Francisco J. Martin
  • Enric Plaza
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2776)


This work proposes a formal framework based on ROC analysis for the evaluation of alert triage in intrusion detection.


Intrusion Detection Intrusion Detection System Decision Threshold Expected Cost Expect Value 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Martin, F.J., Plaza, E.: Alert triage on the ROC. Technical report, IIIA-CSIC Technical Report 2003-06 (2003)Google Scholar
  2. 2.
    Provost, F., Fawcett, T.: Robust classification for imprecise environments. Machine Learning Journal 42 (2001)Google Scholar
  3. 3.
    McHugh, J.: Testing intrusion detection systems: A critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Liconln laboratory. ACM Transactions on Information and System Security 3, 262–294 (2000)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Francisco J. Martin
    • 1
  • Enric Plaza
    • 2
  1. 1.School of Electrical Engineering and Computer ScienceOregon State UniversityCorvallisUSA
  2. 2.IIIA – Artificial Intelligence Research InstituteCSIC – Spanish Council for Scientific ResearchBellaterra, CataloniaSpain

Personalised recommendations