True positive v.s. true negative

a3590166

I'm confused about the answer to this question.

An instance where a biometric system identifies users that are authorized and allows them access is
called which of the following?
A. False negative
B. True negative
C. False positive
D. True positive
Answer: D

I don't know why it's so difficult to find the definition from Google. The little info I get (in medical area) shows true negative is something normal so I think the answer should be B. Do anyone have different opinions? Thanks.

dynamik

Positive = identified and negative = rejected.

Therefore:
True positive = correctly identified
False positive = incorrectly identified
True negative = correctly rejected
False negative = incorrectly rejected

Bl8ckr0uter

dynamik wrote: »

Positive = identified and negative = rejected.

Therefore:
True positive = correctly identified
False positive = incorrectly identified
True negative = correctly rejected
False negative = incorrectly rejected

What he said. I was trying to find you a link with like a table with these terms but I couldn't find one but what he said is 100% correct.

a3590166

dynamik wrote: »

Positive = identified and negative = rejected.

Therefore:
True positive = correctly identified
False positive = incorrectly identified
True negative = correctly rejected
False negative = incorrectly rejected

Could you explain more on identified and rejected? An authorized user being rejected is the case of false positive. Can I say it is incorrectly rejected? If so, it becomes false negative. False negative is something like virus not being detected by anti-virus software, which should be "not rejected" instead of "incorrectly rejected". I'm not a native English speaker. Is it the reason that I misunderstand these terms?

dynamik

a3590166 wrote: »

An authorized user being rejected is the case of false positive. Can I say it is incorrectly rejected? If so, it becomes false negative.

That's correct, that would be a false negative. A false positive would be an unauthorized user (false) being given access (positive).

a3590166 wrote: »

False negative is something like virus not being detected by anti-virus software, which should be "not rejected" instead of "incorrectly rejected".

That's correct.

a3590166 wrote: »

I'm not a native English speaker. Is it the reason that I misunderstand these terms?

Possibly, but it seems like you have a pretty good handle on the language. I just used those terms as an example. As you can see, it depends on the context. The true/false can be see as the whether the item was correctly/incorrectly identified and the positive/negative can be see as whether the correct/incorrect action was taken. I probably should have phrased it that way in the first place. I apologize for the confusion.

a3590166

dynamik wrote: »

The true/false can be see as the whether the item was correctly/incorrectly identified and the positive/negative can be see as whether the correct/incorrect action was taken.

See this example
An instance where an IDS identifies legitimate traffic as malicious activity is called which of the following?
A. False positive
B. True negative
C. False negative
D. True positive
Answer: A

"false" is undoubted. But the action is incorrect so it should be "negative". Do I have problem in this logic?

dynamik

It depends on your perspective and the context. It's a false positive because the traffic was correct/legitimate/etc. You're looking at the actual event/action/etc. taking place when you are trying to determine this. Labeling the traffic as malicious is secondary to the actual event and not what you should be evaluating.

reoroman

Hello everybody, I am here to make a good explain for the the above terms.

Four situations exist in this context, corresponding to the relation between the result of the detection for an analyzed event (‘‘normal’’ vs. ’’intrusion’’) and its actual nature (‘‘innocuous’’ vs. ‘‘malicious’’). These situations are:

(False positive (FP), True positive (TP), False negative (FN), True negative (TN).)

False positive (FP), if the analyzed event is innocuous (or ‘‘clean’’) from the perspective of security, but it is classified as malicious
True positive (TP), if the analyzed event is correctly classified as intrusion/malicious
False negative (FN), if the analyzed event is malicious but it is classified as normal/innocuous
True negative (TN), if the analyzed event is correctly classified as normal/innocuous

It is clear low FP and FN rates, together with high TP and TN rates, will result in good efficiency values.



TP,TN,FP,FN (The last letter whether is N or P in every term refer to the source of original data that are classified as

1-(N: negative or normal)

2-(P: positive or intrusion)

The first letter whether T or F is the analyzed event from the perspective of security (IDS) but you should [COLOR= ][COLOR= ]consider the letter F as a word "[/COLOR][/COLOR]Opposite" to the next letter to it.

SO when you say the (FP) which means a False-intrusion. the opposite to intrusion = normal. So you should see that IDS see the data as normal while it is bad.

Also FN means (false normal) where opposite to normal is bad... and here the IDS see the normal data as intrusion.

Thanks

treyon13579

This question is wrong in my opinion.. As to my understanding a positive identifies a positively malicious traffic /person/ entry
whereas a negative is benign traffic/person/entry. True or False jsut say whether is correctly or incorrectly identified

False Positive - Traffic is incorrectly identified as malicious
False Negative - The malicious traffic is allowed to exist unchecked
True Negative - The benign traffic doesn't trigger an alarm
True Positive - The malicous traffic is correctly identified and some action taken against it.

Therefore my answer should be True Negative (B)

treyon13579

NO, A false positive is when the benign traffic is incorrectly identified as malicious. If the unauthorized user is give access this is false negative.

TechGuru80

Identify what the question is asking. It asks about biometric authentication for AUTHORIZED USERS. Therefore a true positive is a correctly identified authorized user. In this scenario a false positive would be an intruder allowed access.

Always identify what the question is asking and you cannot go wrong.

danny069

@Techguru you hit the nail right on the head the answer should be D, because it is a legitimate authorized user.

TallDude7

thats the key to multiple choice questions, the key words. The key word in this scenario is authorized.

OctalDump

False Negative and False Positive are the more common terms.

So, in these scenarios you are testing for some condition. The test can come back negative (condition not met) or positive (condition met). Sometimes the test isn't perfect and it says that the condition is met when really it isn't. In this case we say that it was a "false negative" or a "false positive". The opposite, when the test is correct, is "true negative" or "true positive".

In this case the condition is "is this an authorised user?" So say that your authorised users are Dave, Mary, and Kim.
Dave goes up to the biometric scanner and it says "I recognise this guy. This is Dave" and Dave gets access. - A True Positive, correctly identified and accepted
Mary goes up to the biometric scanner and it says "I don't know you" and Mary is denied access. - A False Negative, wrongly identified and denied
Phillip goes up to the biometric scanner and it says "I recognise this guy. This is Dave" and Phillip gets access. - A False Positive, wrongly identified and accepted
Alex goes up to the biometric scanner and it says "I don't know you" and Alex is denied access.- A True Negative, correctly identified and denied

So, what to do when you get a question like this - identify the condition, identify whether the test says it met the condition (positive) or not (negative), and identify whether the test was accurate (True) or not (False).