What is the difference between a false positive and false negative in IDS?

  • A false positive is considered to be a false alarm and false negative is considered to be the most complicated state.
  • A false positive occurs when an IDS fires an alarm for legitimate network activity.
  • A false negative occurs when IDS fails to identify malicious network traffic.

Compared to both, a false positive is more acceptable than false negative as they lead to intrusions without getting noticed.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

A WordPress.com Website.

Up ↑

%d bloggers like this: