IDS/ positive and negative
When the IDS treats the normal network traffic as malicious, its called false positive...so what when the IDS treat the malicious traffic as normal...what will it be called,
Please guys assist me on this one...I seem to get some confusion...
Please guys assist me on this one...I seem to get some confusion...
Comments
-
Devilsbane
Member Posts: 4,214 ■■■■■■■■□□
I believe that would be a false negative.Decide what to be and go be it. -
Devilsbane
Member Posts: 4,214 ■■■■■■■■□□
i think it could be TRUE positive
A True positive would be finding a threat that is a threat.Decide what to be and go be it. -
QHalo
Member Posts: 1,488
- True Positive: A legitimate attack which triggers an IDS to produce an alarm.[2]
- False Positive: An event signaling an IDS to produce an alarm when no attack has taken place.[2]
- False Negative: A failure of an IDS to detect an actual attack.[2]
- True Negative: When no attack has taken place and no alarm is raised.
So that would be a false negative. -
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
False Positive - Flagged something that wasn't malicious as being malicious
False Negative - Didn't flag something that was actually malicious
True Positive - Flagged something that was malicious as being malicious
True Negative - Didn't flag something that wasn't malicious
False - Erroneous Action
True - Correct Action/Normal
Positive - Malicious/Abnormal
Negative - Benign/Normal
Edit: Well that was a waste of time
