Audit records per day = 10 million = 10 * 106 = 107
Records reflected by attacks per day = 10 * 20 = 200
Probability of attacks (intrusions) per day = $\frac{200}{10^{7}}$ = 2 * 10-5
Probability of no intrusions = 1 - 2 * 10-5 = 0.99998
Using Bayes theorem,
Required probability = $\frac{0.6*2*10^{-5}}{0.6*2*10^{-5} + 0.99998*0.0005}$ = 0.0234
So, only 2.34 % of total alarms correspond to real intrusions.
