True positive v.s. true negative

a3590166a3590166 Member Posts: 14 ■□□□□□□□□□
I'm confused about the answer to this question.

An instance where a biometric system identifies users that are authorized and allows them access is
called which of the following?
A. False negative
B. True negative
C. False positive
D. True positive
Answer: D

I don't know why it's so difficult to find the definition from Google. The little info I get (in medical area) shows true negative is something normal so I think the answer should be B. Do anyone have different opinions? Thanks.

Comments

  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Positive = identified and negative = rejected.

    Therefore:
    True positive = correctly identified
    False positive = incorrectly identified
    True negative = correctly rejected
    False negative = incorrectly rejected
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    dynamik wrote: »
    Positive = identified and negative = rejected.

    Therefore:
    True positive = correctly identified
    False positive = incorrectly identified
    True negative = correctly rejected
    False negative = incorrectly rejected

    What he said. I was trying to find you a link with like a table with these terms but I couldn't find one but what he said is 100% correct.
  • a3590166a3590166 Member Posts: 14 ■□□□□□□□□□
    dynamik wrote: »
    Positive = identified and negative = rejected.

    Therefore:
    True positive = correctly identified
    False positive = incorrectly identified
    True negative = correctly rejected
    False negative = incorrectly rejected

    Could you explain more on identified and rejected? An authorized user being rejected is the case of false positive. Can I say it is incorrectly rejected? If so, it becomes false negative. False negative is something like virus not being detected by anti-virus software, which should be "not rejected" instead of "incorrectly rejected". I'm not a native English speaker. Is it the reason that I misunderstand these terms?
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    a3590166 wrote: »
    An authorized user being rejected is the case of false positive. Can I say it is incorrectly rejected? If so, it becomes false negative.

    That's correct, that would be a false negative. A false positive would be an unauthorized user (false) being given access (positive).
    a3590166 wrote: »
    False negative is something like virus not being detected by anti-virus software, which should be "not rejected" instead of "incorrectly rejected".

    That's correct.
    a3590166 wrote: »
    I'm not a native English speaker. Is it the reason that I misunderstand these terms?

    Possibly, but it seems like you have a pretty good handle on the language. I just used those terms as an example. As you can see, it depends on the context. The true/false can be see as the whether the item was correctly/incorrectly identified and the positive/negative can be see as whether the correct/incorrect action was taken. I probably should have phrased it that way in the first place. I apologize for the confusion.
  • a3590166a3590166 Member Posts: 14 ■□□□□□□□□□
    dynamik wrote: »
    The true/false can be see as the whether the item was correctly/incorrectly identified and the positive/negative can be see as whether the correct/incorrect action was taken.

    See this example
    An instance where an IDS identifies legitimate traffic as malicious activity is called which of the following?
    A. False positive
    B. True negative
    C. False negative
    D. True positive
    Answer: A

    "false" is undoubted. But the action is incorrect so it should be "negative". Do I have problem in this logic?
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    It depends on your perspective and the context. It's a false positive because the traffic was correct/legitimate/etc. You're looking at the actual event/action/etc. taking place when you are trying to determine this. Labeling the traffic as malicious is secondary to the actual event and not what you should be evaluating.
  • reoromanreoroman Registered Users Posts: 1 ■□□□□□□□□□
    Hello everybody, I am here to make a good explain for the the above terms.

    Four situations exist in this context, corresponding to the relation between the result of the detection for an analyzed event (‘‘normal’’ vs. ’’intrusion’’) and its actual nature (‘‘innocuous’’ vs. ‘‘malicious’’). These situations are:

    (False positive (FP), True positive (TP), False negative (FN), True negative (TN).)

    False positive (FP), if the analyzed event is innocuous (or ‘‘clean’’) from the perspective of security, but it is classified as malicious
    True positive (TP), if the analyzed event is correctly classified as intrusion/malicious
    False negative (FN), if the analyzed event is malicious but it is classified as normal/innocuous
    True negative (TN), if the analyzed event is correctly classified as normal/innocuous

    It is clear low FP and FN rates, together with high TP and TN rates, will result in good efficiency values.



    TP,TN,FP,FN (The last letter whether is N or P in every term refer to the source of original data that are classified as

    1-(N: negative or normal)

    2-(P: positive or intrusion)

    The first letter whether T or F is the analyzed event from the perspective of security (IDS) but you should [COLOR= ][COLOR= ]consider the letter F as a word "[/COLOR][/COLOR]Opposite" to the next letter to it.

    SO when you say the (FP) which means a False-intrusion. the opposite to intrusion = normal. So you should see that IDS see the data as normal while it is bad.

    Also FN means (false normal) where opposite to normal is bad... and here the IDS see the normal data as intrusion.

    Thanks
  • treyon13579treyon13579 Registered Users Posts: 2 ■□□□□□□□□□
    This question is wrong in my opinion.. As to my understanding a positive identifies a positively malicious traffic /person/ entry
    whereas a negative is benign traffic/person/entry. True or False jsut say whether is correctly or incorrectly identified

    False Positive - Traffic is incorrectly identified as malicious
    False Negative - The malicious traffic is allowed to exist unchecked
    True Negative - The benign traffic doesn't trigger an alarm
    True Positive - The malicous traffic is correctly identified and some action taken against it.

    Therefore my answer should be True Negative (B)
  • treyon13579treyon13579 Registered Users Posts: 2 ■□□□□□□□□□
    NO, A false positive is when the benign traffic is incorrectly identified as malicious. If the unauthorized user is give access this is false negative.
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    Identify what the question is asking. It asks about biometric authentication for AUTHORIZED USERS. Therefore a true positive is a correctly identified authorized user. In this scenario a false positive would be an intruder allowed access.

    Always identify what the question is asking and you cannot go wrong.
  • danny069danny069 Member Posts: 1,025 ■■■■□□□□□□
    @Techguru you hit the nail right on the head the answer should be D, because it is a legitimate authorized user.
    I am a Jack of all trades, Master of None
  • TallDude7TallDude7 Member Posts: 61 ■■□□□□□□□□
    thats the key to multiple choice questions, the key words. The key word in this scenario is authorized.
  • OctalDumpOctalDump Member Posts: 1,722
    False Negative and False Positive are the more common terms.

    So, in these scenarios you are testing for some condition. The test can come back negative (condition not met) or positive (condition met). Sometimes the test isn't perfect and it says that the condition is met when really it isn't. In this case we say that it was a "false negative" or a "false positive". The opposite, when the test is correct, is "true negative" or "true positive".

    In this case the condition is "is this an authorised user?" So say that your authorised users are Dave, Mary, and Kim.
    Dave goes up to the biometric scanner and it says "I recognise this guy. This is Dave" and Dave gets access. - A True Positive, correctly identified and accepted
    Mary goes up to the biometric scanner and it says "I don't know you" and Mary is denied access. - A False Negative, wrongly identified and denied
    Phillip goes up to the biometric scanner and it says "I recognise this guy. This is Dave" and Phillip gets access. - A False Positive, wrongly identified and accepted
    Alex goes up to the biometric scanner and it says "I don't know you" and Alex is denied access.- A True Negative, correctly identified and denied

    So, what to do when you get a question like this - identify the condition, identify whether the test says it met the condition (positive) or not (negative), and identify whether the test was accurate (True) or not (False).
    2017 Goals - Something Cisco, Something Linux, Agile PM
Sign In or Register to comment.