false positive is a result which indicates that a given condition has been fulfilled when it actually has not been fulfilled.
In terms of IDS, a false positive is an alarm triggered by normal traffic or a benign action.
Consider the scenario: A signature exists that generates alarms if the enable password of any network devices is entered incorrectly. A network administrator attempts to log in to a device but enters the wrong password. The IDS cannot distinguish between a rogue user and network administrator, and generates an alarm.
true positive is a result which detects the condition when it is is present and when the given condition is fulfilled.
In terms of IDS, a true positive occurs when an IDS and IPS signature is correctly fired, and an alarm is generated when offending traffic is detected.
For example, consider a Unicode attack. IPS sensors have signatures that detect Unicode attacks against Microsoft Internet Information Services (IIS) web servers. If a Unicode attack is launched against Microsoft IIS web servers, the sensors detect the attack and generate an alarm
Note: MSS average false positives rate as reported by our global customer base is between 0.5% and 1.5%.
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.