Skip to main content

Bayes, Total Probability, and Base-Rate Reasoning

What This Concept Is

Two rules built on top of conditional probability do almost all the analytical work in probabilistic reasoning. They are complementary:

  • LOTP is a forward operator: given conditional probabilities on each branch of a partition, compute a marginal.
  • Bayes is a backward operator: given a marginal and a conditional, invert the direction of conditioning.

Most Bayes calculations are really one LOTP (to build ( P(E) )) followed by one division (to form ( P(H \mid E) )). If you see those two steps, you are doing Bayes correctly.

Law of Total Probability (LOTP). For a partition ( H_1, \dots, H_n ) of the sample space, [ P(E) = \sum_i P(E \mid H_i), P(H_i). ] LOTP lets you break a hard event ( E ) into cases you can compute, by conditioning on a variable that explains ( E ). It is the horizontal step in any tree diagram: sum over branches, weighted by branch probabilities. The art is picking the partition: a good choice makes each conditional probability easy, and a bad choice makes each conditional probability as hard as the original problem.

Bayes' rule. For any events with ( P(E) > 0 ), [ P(H \mid E) = \frac{P(E \mid H), P(H)}{P(E)}. ] Bayes is a rule for reversing the direction of a conditional. Given the forward mechanism ( P(E \mid H) ) ("how likely is this evidence if the hypothesis were true?"), Bayes tells you the inverse ( P(H \mid E) ) ("how likely is the hypothesis now that we see the evidence?"). The denominator ( P(E) ) is almost always computed by LOTP: ( P(E) = \sum_i P(E \mid H_i) P(H_i) ).

A cleaner form for updating is the posterior-prior ratio version: [ \frac{P(H \mid E)}{P(H^c \mid E)} = \frac{P(E \mid H)}{P(E \mid H^c)} \cdot \frac{P(H)}{P(H^c)}, ] which reads "posterior odds = likelihood ratio × prior odds." This form is what you actually reason with when comparing hypotheses.

A key simplification: when you see new independent evidence ( E_2 ) after ( E_1 ), the odds-form version updates multiplicatively: [ \text{posterior odds after } E_1, E_2 = \text{likelihood ratio of } E_2 \times \text{posterior odds after } E_1. ] That is why Bayesian updating can be done online, one piece of evidence at a time, without re-deriving from scratch -- a fact critical to streaming anomaly detection and to online A/B testing.

Why It Matters Here

Bayes is the mathematical tool that prevents almost every systematic reasoning error about rare events:

  • confusing test accuracy with posterior probability (the base-rate fallacy)
  • confusing "rare" with "impossible"
  • treating the strength of one piece of evidence as the final belief

In CS and SRE work this matters for anomaly detection, spam and fraud filtering, diagnostic reasoning after an incident, interpreting A/B test results, and calibrating alerts. The classic incident question -- "this alert just fired; what is the probability there is a real outage?" -- is literally ( P(H \mid E) ) and requires the base rate ( P(H) ) to answer.

The asymmetry Bayes exposes is the single most under-appreciated fact in probabilistic system design: a "99% accurate" detector is essentially useless at detecting rare events, because the base rate of the rare event dominates the posterior. Cluster 2 of this module exists partly to install this habit before Semester 5 introduces anomaly detection and Semester 8 introduces alerting.

A more operational framing: the precision of a detector -- the fraction of positive results that are true positives -- is exactly the Bayesian posterior ( P(H \mid +) ) and depends on the base rate, not just on the detector's internal metrics. Anyone reporting "98% accurate" without stating base rate and specificity is, from the Bayesian view, reporting an unfinished number.

Concrete Examples

Example 1 -- Medical test / rare-event alerting. A disease affects ( 1% ) of the population. A test is ( 99% ) sensitive (( P(+ \mid D) = 0.99 )) and ( 95% ) specific (( P(- \mid D^c) = 0.95 ), so ( P(+ \mid D^c) = 0.05 )). [ P(+) = P(+ \mid D) P(D) + P(+ \mid D^c) P(D^c) = 0.99 \cdot 0.01 + 0.05 \cdot 0.99 = 0.0594. ] [ P(D \mid +) = \frac{P(+ \mid D) P(D)}{P(+)} = \frac{0.0099}{0.0594} \approx 0.167. ] A positive test means about a ( 17% ) chance of disease, not ( 99% ). The base rate ( P(D) = 0.01 ) drags the posterior down because ( 5% ) of ( 99% ) of non-sick people is much larger than ( 99% ) of ( 1% ) of sick people.

Example 2 -- Alerting on real incidents. An outage monitor fires on 1% of hours when the system is healthy (false positive rate 0.01) and on 95% of hours when there is a real outage (sensitivity 0.95). Assume real outages occur in ( 0.1% ) of hours (( P(\text{outage}) = 0.001 )). Applying Bayes: [ P(\text{outage} \mid \text{alert}) = \frac{0.95 \cdot 0.001}{0.95 \cdot 0.001 + 0.01 \cdot 0.999} = \frac{0.00095}{0.01094} \approx 0.087. ] Less than 9% of alerts correspond to real outages. This is not a flaw in the detector; it is the base-rate fallacy biting. It explains exactly why on-call engineers ignore alerts at scale: the posterior is low even with a seemingly-accurate detector. Improving specificity (cutting the false positive rate from 1% to 0.1%) would raise the posterior to ( \approx 0.49 ). Specificity matters more than sensitivity for rare events.

Example 3 -- Fraud-detection triage. A payments fraud detector has sensitivity 0.8 and specificity 0.999 against a fraud base rate of 0.001 (0.1% of transactions). Computing the posterior: [ P(\text{fraud} \mid \text{flag}) = \frac{0.8 \cdot 0.001}{0.8 \cdot 0.001 + 0.001 \cdot 0.999} = \frac{0.0008}{0.001799} \approx 0.445. ] About 44.5% of flagged transactions are real fraud -- a respectable precision, made possible only by the very high specificity (0.999). Drop specificity to 0.99 and the posterior collapses to ( \approx 7.4% ); drop to 0.95 and it collapses to ( \approx 1.6% ), back to base-rate alert fatigue. This is the same tradeoff as Example 2 but with tighter numbers, illustrating how production fraud models are specificity-obsessed for exactly the Bayesian reason above.

Common Confusion / Misconceptions

"( P(+ \mid D) ) is the same as ( P(D \mid +) )." The classic base-rate confusion. They are almost never equal. Bayes is the rule that tells you exactly how they differ.

"A test is reliable if its accuracy is high." Accuracy (( P(\text{correct}) )) conflates sensitivity and specificity and hides the base rate. For rare events, a 99% accurate detector can still have a posterior below 10%.

"Priors are subjective so Bayes is subjective." Priors are an explicit modeling choice. Making the prior explicit is a feature; it forces you to say what base rate you assumed. In most engineering problems the prior is an empirical rate (outage frequency last month, spam rate in the inbox, fraud rate in the stream), not a personal belief.

"A very unusual piece of evidence guarantees a high posterior." Not if the prior is tiny. Extraordinary evidence is necessary for extraordinary claims precisely because low priors need very large likelihood ratios to move.

"Bayes requires you to model every possible hypothesis." You only need to partition the hypothesis space completely enough to cover the relevant cases. Two-hypothesis comparisons ("( H ) vs ( H^c )") are usually enough; multi-class posterior updates generalize but are rarely needed outside explicit Bayesian inference.

"Bayes is a theory for tests; it doesn't apply to engineering outside of that." Bayes applies to any inversion from evidence to hypothesis: "given this stack trace, what is the probability the bug is in module X?", "given this query plan, what is the probability the execution is missing an index?", "given this user action, what is the probability this user is a bot?" All are instances of the posterior-from-prior pattern.

How To Use It

When using Bayes or LOTP:

  1. Name the hidden hypothesis ( H ). What is the unobserved thing you want to infer?
  2. Name the observed evidence ( E ). What did you just see?
  3. Write the forward model. What is ( P(E \mid H) )? What is ( P(E \mid H^c) )?
  4. Write the prior. What is ( P(H) ) before seeing ( E )?
  5. Expand ( P(E) ) using LOTP. Sum over all hypotheses in the partition.
  6. Apply Bayes to compute ( P(H \mid E) ).
  7. Interpret the answer in words, especially in the odds form: what is the posterior vs prior ratio? How strong was the update?
  8. Sensitivity-test the prior. Recompute with priors 10× smaller and 10× larger. If the posterior moves sharply, your conclusion is prior-sensitive; name it.
  9. Sensitivity-test the likelihood. Recompute with the likelihood ratio doubled and halved. This maps to model uncertainty in real engineering situations where you do not know the false-positive rate exactly.

For multi-hypothesis cases, a tree diagram or partition table helps. For sequential evidence, apply Bayes iteratively: today's posterior is tomorrow's prior.

A good smell test for any Bayesian calculation: the posterior moves in the same direction as the likelihood ratio and the prior. If your answer has the posterior lower than the prior despite evidence in favor of ( H ), you have a sign error; if the posterior is 1.0 from a small prior and modest likelihood ratio, you have an arithmetic error. Odds-form Bayes makes these smell tests easy -- multiplication shifts in the obvious direction.

Transfer / Where This Shows Up Later

  • Semester 2 (Algorithms). Bloom filters are analyzed by Bayes-style reasoning: given a hash-based membership query returns "present," what is the probability the item is actually in the set? The false-positive rate of a Bloom filter is exactly a conditional probability, and the posterior analysis determines whether a Bloom filter is safe for your use case.
  • Semester 5 (Systems). Admission control and load shedding are Bayesian decisions: given observed queue growth, what is the posterior probability that the system is overloaded, and therefore should reject new work?
  • Semester 6 (Distributed). Anti-entropy protocols (e.g., in Dynamo-style systems) use Bayesian reasoning to decide whether to trust a read repair: given a majority of replicas agree, what is the posterior probability the dissenter is stale vs corrupted?
  • Semester 8 (SRE / Alerting). Every modern alert-tuning conversation is an argument about priors (outage rates), likelihoods (false positive rates), and posteriors (alert precision). Improving alert precision is an exercise in the base-rate fallacy.
  • Semester 9 (Experimentation). Bayesian A/B testing computes ( P(\text{treatment better} \mid \text{data}) ) directly. The sequential-testing methods that avoid p-hacking rely on iterated Bayes updates.
  • Semester 8 (Observability). Diagnostic reasoning during incidents is Bayesian: "given these symptoms, what is the probability the root cause is network?" Structured troubleshooting protocols make the prior-to-posterior update explicit to avoid the base-rate fallacy in ambiguous symptoms.
  • Semester 6 (Anti-entropy and Merkle-tree sync). Deciding which replica to trust in a disagreement is a Bayesian inference problem: prior on corruption vs. staleness, likelihood of each explanation given the observed disagreement pattern, posterior that drives the repair action.

Check Yourself

  1. Why does Bayes require the denominator ( P(E) )? What does it represent?
  2. What role does the base rate ( P(H) ) play? Why can a very sensitive test still give low posterior probability for a rare condition?
  3. In the alerting example, which intervention helps more: doubling the sensitivity (0.95 -> nearly 1.0) or cutting the false-positive rate in half (0.01 -> 0.005)? Compute both.
  4. Rewrite Bayes in the posterior-odds form. Show that if ( P(H) = 0 ), no evidence can shift the belief. What does this mean practically for choosing a prior?
  5. You have two tests in series: if either returns positive, alert. Under what conditions does the composite detector have a better posterior than each individual test? (Hint: think about the likelihood ratio.)
  6. State Bayes' rule as a procedure: prior -> likelihood -> posterior. Why does this structure make Bayesian methods natural for streaming data?
  7. In the alerting example, what is the expected number of false alerts per day if the monitor runs hourly? (0.01 · 24 ≈ 0.24 false alerts per day, roughly one per four days -- the operational significance of the 1% false positive rate.)

Mini Drill or Application

The label-first-then-compute pattern below is the discipline that prevents base-rate errors. Most practitioners rush into the algebra and forget to name the prior; with a named prior, the pitfalls become visible.

For each scenario, identify the prior ( P(H) ), likelihood ( P(E \mid H) ), evidence rate ( P(E) ), and posterior ( P(H \mid E) ). Don't compute immediately -- label the pieces first, then compute.

  1. Spam filter flags an email: base rate of spam in inbox = 30%; sensitivity = 0.98; specificity = 0.99.
  2. Server alert fires for a supposedly unhealthy system: hourly outage rate = 0.5%; true positive rate = 0.9; false positive rate = 0.02.
  3. Fraud detector marks a transaction: fraud rate = 0.1%; detector sensitivity = 0.8; specificity = 0.999.
  4. A distributed consensus library reports a minority read; hardware failure rate = 1e-5; probability of reporting minority read given hardware failure = 0.5; given no failure = 1e-6.
  5. A canary's error rate over the first 500 requests is 1.2× baseline; baseline rate is 0.2%, canary is 0.24%. Is the canary significantly worse? (Hint: this is a low-information update -- the likelihood ratio for this small a deviation is near 1, so the posterior barely moves.)

Simulation drill. Implement the disease-testing example (Example 1) as a Monte Carlo. Generate 1,000,000 people, infected with probability 0.01; generate test results from the sensitivity and specificity. Of those who tested positive, what fraction are actually infected? Compare to the Bayesian answer ( 0.167 ). Then explore what happens when you change specificity from 0.95 to 0.99 to 0.999 -- the posterior rises from 17% to 50% to 91%. Specificity compounds fast when the base rate is low.

Engineering scenario -- alert precision roadmap. For any alerting system you own, compute today's alert precision via the Bayesian formula using measured base rate, measured true-positive rate, and measured false-positive rate. If precision is under 20%, the biggest lever is almost always specificity (reduce false positives), not sensitivity. If precision is over 80%, additional specificity has diminishing returns and the ops question becomes whether to add hypothesis diversity (multiple detectors with independent error modes). This is Cluster 2 concept 5 translated into a concrete SRE roadmap item.

Read This Only If Stuck