True positive v.s. true negative

[a3590166]

I'm confused about the answer to this question.

An instance where a biometric system identifies users that are authorized and allows them access is
called which of the following?
A. False negative
B. True negative
C. False positive
D. True positive
Answer: D

I don't know why it's so difficult to find the definition from Google. The little info I get (in medical area) shows true negative is something normal so I think the answer should be B. Do anyone have different opinions? Thanks.

[dynamik]

Positive = identified and negative = rejected.

Therefore:
True positive = correctly identified
False positive = incorrectly identified
True negative = correctly rejected
False negative = incorrectly rejected

[Bl8ckr0uter]

Positive = identified and negative = rejected.

Therefore:
True positive = correctly identified
False positive = incorrectly identified
True negative = correctly rejected
False negative = incorrectly rejected

What he said. I was trying to find you a link with like a table with these terms but I couldn't find one but what he said is 100% correct.

[a3590166]

Positive = identified and negative = rejected.

Therefore:
True positive = correctly identified
False positive = incorrectly identified
True negative = correctly rejected
False negative = incorrectly rejected

Could you explain more on identified and rejected? An authorized user being rejected is the case of false positive. Can I say it is incorrectly rejected? If so, it becomes false negative. False negative is something like virus not being detected by anti-virus software, which should be "not rejected" instead of "incorrectly rejected". I'm not a native English speaker. Is it the reason that I misunderstand these terms?

[dynamik]

An authorized user being rejected is the case of false positive. Can I say it is incorrectly rejected? If so, it becomes false negative.

That's correct, that would be a false negative. A false positive would be an unauthorized user (false) being given access (positive).

False negative is something like virus not being detected by anti-virus software, which should be "not rejected" instead of "incorrectly rejected".

That's correct.

I'm not a native English speaker. Is it the reason that I misunderstand these terms?

Possibly, but it seems like you have a pretty good handle on the language. I just used those terms as an example. As you can see, it depends on the context. The true/false can be see as the whether the item was correctly/incorrectly identified and the positive/negative can be see as whether the correct/incorrect action was taken. I probably should have phrased it that way in the first place. I apologize for the confusion.

[a3590166]

The true/false can be see as the whether the item was correctly/incorrectly identified and the positive/negative can be see as whether the correct/incorrect action was taken.

See this example
An instance where an IDS identifies legitimate traffic as malicious activity is called which of the following?
A. False positive
B. True negative
C. False negative
D. True positive
Answer: A

"false" is undoubted. But the action is incorrect so it should be "negative". Do I have problem in this logic?

[dynamik]

It depends on your perspective and the context. It's a false positive because the traffic was correct/legitimate/etc. You're looking at the actual event/action/etc. taking place when you are trying to determine this. Labeling the traffic as malicious is secondary to the actual event and not what you should be evaluating.