IPS/IDS Terminology

Feeds:: Posts; Comments

« CAM(Content-Addressable Memory) Table Overflow Attack

IPS/IDS Terminology

January 12, 2010 by Vahid-Shokouhi

False alarms
False alarms are IPS events that you do not want occurring in your implementation. There are two types of these alarms: false positive and false negative. Both are undesirable.

False Positive : A false positive means that an alert has been triggered, but it was for traffic that does not constitute an actual attack. This type of traffic is often referred to as benign traffic.

False Negative : A false negative occurs when attack traffic does not trigger an alert on the IPS device. This is often viewed as the worst type of false alarm, for obvious reasons.

True alarms
There are two types of true alarms in IPS terminology. Both true positives and true negatives are desirable.

True positive : A true positive means that an attack was recognized and responded to by the IPS device.

True negative : This means that nonoffending or benign traffic did not trigger an alarm.

Like this:

Be the first to like this post.

Posted in Uncategorized | Leave a Comment

Comments RSS

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Escogido's Blog

The secret place I like to go