IDS/ positive and negative

When the IDS treats the normal network traffic as malicious, its called false positive...so what when the IDS treat the malicious traffic as normal...what will it be called,

Please guys assist me on this one...I seem to get some confusion...

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Devilsbane

I believe that would be a false negative.

DoubleD

i think it could be TRUE positive

Devilsbane

DoubleD wrote: »

i think it could be TRUE positive

A True positive would be finding a threat that is a threat.

QHalo

True Positive: A legitimate attack which triggers an IDS to produce an alarm.[2]
False Positive: An event signaling an IDS to produce an alarm when no attack has taken place.[2]
False Negative: A failure of an IDS to detect an actual attack.[2]
True Negative: When no attack has taken place and no alarm is raised.

Intrusion detection system - Wikipedia, the free encyclopedia

So that would be a false negative.

dynamik

False Positive - Flagged something that wasn't malicious as being malicious
False Negative - Didn't flag something that was actually malicious
True Positive - Flagged something that was malicious as being malicious
True Negative - Didn't flag something that wasn't malicious

False - Erroneous Action
True - Correct Action/Normal
Positive - Malicious/Abnormal
Negative - Benign/Normal

Edit: Well that was a waste of time