True positive v.s. true negative
I'm confused about the answer to this question.
An instance where a biometric system identifies users that are authorized and allows them access is
called which of the following?
A. False negative
B. True negative
C. False positive
D. True positive
Answer: D
I don't know why it's so difficult to find the definition from Google. The little info I get (in medical area) shows true negative is something normal so I think the answer should be B. Do anyone have different opinions? Thanks.
An instance where a biometric system identifies users that are authorized and allows them access is
called which of the following?
A. False negative
B. True negative
C. False positive
D. True positive
Answer: D
I don't know why it's so difficult to find the definition from Google. The little info I get (in medical area) shows true negative is something normal so I think the answer should be B. Do anyone have different opinions? Thanks.
Comments
Therefore:
True positive = correctly identified
False positive = incorrectly identified
True negative = correctly rejected
False negative = incorrectly rejected
What he said. I was trying to find you a link with like a table with these terms but I couldn't find one but what he said is 100% correct.
Could you explain more on identified and rejected? An authorized user being rejected is the case of false positive. Can I say it is incorrectly rejected? If so, it becomes false negative. False negative is something like virus not being detected by anti-virus software, which should be "not rejected" instead of "incorrectly rejected". I'm not a native English speaker. Is it the reason that I misunderstand these terms?
That's correct, that would be a false negative. A false positive would be an unauthorized user (false) being given access (positive).
That's correct.
Possibly, but it seems like you have a pretty good handle on the language. I just used those terms as an example. As you can see, it depends on the context. The true/false can be see as the whether the item was correctly/incorrectly identified and the positive/negative can be see as whether the correct/incorrect action was taken. I probably should have phrased it that way in the first place. I apologize for the confusion.
See this example
An instance where an IDS identifies legitimate traffic as malicious activity is called which of the following?
A. False positive
B. True negative
C. False negative
D. True positive
Answer: A
"false" is undoubted. But the action is incorrect so it should be "negative". Do I have problem in this logic?
Four situations exist in this context, corresponding to the relation between the result of the detection for an analyzed event (‘‘normal’’ vs. ’’intrusion’’) and its actual nature (‘‘innocuous’’ vs. ‘‘malicious’’). These situations are:
(False positive (FP), True positive (TP), False negative (FN), True negative (TN).)
False positive (FP), if the analyzed event is innocuous (or ‘‘clean’’) from the perspective of security, but it is classified as malicious
True positive (TP), if the analyzed event is correctly classified as intrusion/malicious
False negative (FN), if the analyzed event is malicious but it is classified as normal/innocuous
True negative (TN), if the analyzed event is correctly classified as normal/innocuous
It is clear low FP and FN rates, together with high TP and TN rates, will result in good efficiency values.
TP,TN,FP,FN (The last letter whether is N or P in every term refer to the source of original data that are classified as
1-(N: negative or normal)
2-(P: positive or intrusion)
The first letter whether T or F is the analyzed event from the perspective of security (IDS) but you should [COLOR= ][COLOR= ]consider the letter F as a word "[/COLOR][/COLOR]Opposite" to the next letter to it.
SO when you say the (FP) which means a False-intrusion. the opposite to intrusion = normal. So you should see that IDS see the data as normal while it is bad.
Also FN means (false normal) where opposite to normal is bad... and here the IDS see the normal data as intrusion.
Thanks
whereas a negative is benign traffic/person/entry. True or False jsut say whether is correctly or incorrectly identified
False Positive - Traffic is incorrectly identified as malicious
False Negative - The malicious traffic is allowed to exist unchecked
True Negative - The benign traffic doesn't trigger an alarm
True Positive - The malicous traffic is correctly identified and some action taken against it.
Therefore my answer should be True Negative (B)
Always identify what the question is asking and you cannot go wrong.
So, in these scenarios you are testing for some condition. The test can come back negative (condition not met) or positive (condition met). Sometimes the test isn't perfect and it says that the condition is met when really it isn't. In this case we say that it was a "false negative" or a "false positive". The opposite, when the test is correct, is "true negative" or "true positive".
In this case the condition is "is this an authorised user?" So say that your authorised users are Dave, Mary, and Kim.
Dave goes up to the biometric scanner and it says "I recognise this guy. This is Dave" and Dave gets access. - A True Positive, correctly identified and accepted
Mary goes up to the biometric scanner and it says "I don't know you" and Mary is denied access. - A False Negative, wrongly identified and denied
Phillip goes up to the biometric scanner and it says "I recognise this guy. This is Dave" and Phillip gets access. - A False Positive, wrongly identified and accepted
Alex goes up to the biometric scanner and it says "I don't know you" and Alex is denied access.- A True Negative, correctly identified and denied
So, what to do when you get a question like this - identify the condition, identify whether the test says it met the condition (positive) or not (negative), and identify whether the test was accurate (True) or not (False).