IDS mailing list archives
What is false alarm rate and false positive rate?
From: Zhuowei Li <zhuowei () gmail com>
Date: Wed, 15 Sep 2004 14:20:37 +0800
Hi, I am confused by the terms 'false positive rate' and 'false alarm rate' within the context of intrusion detection. Does anybody about what's the exact definition for these two terms? Some literatures said 'false positive rate = false alarm rate', which the number of false alarms divided by the number of alarms (true and false). Other said false positive rate is not equal to false alarm rate, the false alarm rate is the same above definition, but the false positive rate is "the total number of normal instances that were incorrectly classified as intrusions divided by the total number of normal instances" Who is true, who is wrong within the context of intrusion detection? Thanks. -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- What is false alarm rate and false positive rate? Zhuowei Li (Sep 15)
- RE: What is false alarm rate and false positive rate? Rob Shein (Sep 17)
- Re: What is false alarm rate and false positive rate? Zhuowei Li (Sep 17)
- RE: What is false alarm rate and false positive rate? Rob Shein (Sep 17)
- Re: What is false alarm rate and false positive rate? Gautam Singaraju (Sep 20)
- Re: What is false alarm rate and false positive rate? Jeffrey Denton (Sep 21)
- 答复: What is false alarm rate and false positive rate? Helios Xu (Sep 21)
- Re: What is false alarm rate and false positive rate? Zhuowei Li (Sep 17)
- RE: What is false alarm rate and false positive rate? Rob Shein (Sep 17)
- Re: What is false alarm rate and false positive rate? George Capehart (Sep 21)