Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

What is false alarm rate and false positive rate?

from [Zhuowei Li] Network Security [Permanent Link]
Subject: What is false alarm rate and false positive rate?
Date: Wed, 15 Sep 2004 14:20:37 +0800 
Hi,

I am confused by the terms 'false positive rate' and 'false alarm
rate' within the context of intrusion detection. Does anybody about
what's the exact definition for these two terms?

Some literatures said 'false positive rate = false alarm rate', which
the number of false alarms divided by the number of alarms (true and
false).

Other said false positive rate is not equal to false alarm rate, the
false alarm rate is the same above definition, but the false positive
rate is "the total number of normal instances that were incorrectly
classified as intrusions divided by the total number of normal
instances"

Who is true, who is wrong within the context of intrusion detection?

Thanks.

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE 
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: session logging IDS, Alex Butcher, ISC/ISYS
Next by Date:  Re: IPS, alternative solutions, Scott Wimer
Previous by Thread:  IPS, alternative solutions, Daniel
Next by Thread:  RE: What is false alarm rate and false positive rate?, Rob Shein
Indexes:  [Date] [Thread] [Top] [All Lists]