+ Reply to Thread
Results 1 to 14 of 14
  1. Junior Member
    Join Date
    Dec 2009
    Posts
    14
    #1

    Default True positive v.s. true negative

    I'm confused about the answer to this question.

    An instance where a biometric system identifies users that are authorized and allows them access is
    called which of the following?
    A. False negative
    B. True negative
    C. False positive
    D. True positive
    Answer: D

    I don't know why it's so difficult to find the definition from Google. The little info I get (in medical area) shows true negative is something normal so I think the answer should be B. Do anyone have different opinions? Thanks.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #2
    Positive = identified and negative = rejected.

    Therefore:
    True positive = correctly identified
    False positive = incorrectly identified
    True negative = correctly rejected
    False negative = incorrectly rejected
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #3
    Quote Originally Posted by dynamik View Post
    Positive = identified and negative = rejected.

    Therefore:
    True positive = correctly identified
    False positive = incorrectly identified
    True negative = correctly rejected
    False negative = incorrectly rejected
    What he said. I was trying to find you a link with like a table with these terms but I couldn't find one but what he said is 100% correct.
    Reply With Quote Quote  

  5. Junior Member
    Join Date
    Dec 2009
    Posts
    14
    #4
    Quote Originally Posted by dynamik View Post
    Positive = identified and negative = rejected.

    Therefore:
    True positive = correctly identified
    False positive = incorrectly identified
    True negative = correctly rejected
    False negative = incorrectly rejected
    Could you explain more on identified and rejected? An authorized user being rejected is the case of false positive. Can I say it is incorrectly rejected? If so, it becomes false negative. False negative is something like virus not being detected by anti-virus software, which should be "not rejected" instead of "incorrectly rejected". I'm not a native English speaker. Is it the reason that I misunderstand these terms?
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #5
    Quote Originally Posted by a3590166 View Post
    An authorized user being rejected is the case of false positive. Can I say it is incorrectly rejected? If so, it becomes false negative.
    That's correct, that would be a false negative. A false positive would be an unauthorized user (false) being given access (positive).

    Quote Originally Posted by a3590166 View Post
    False negative is something like virus not being detected by anti-virus software, which should be "not rejected" instead of "incorrectly rejected".
    That's correct.

    Quote Originally Posted by a3590166 View Post
    I'm not a native English speaker. Is it the reason that I misunderstand these terms?
    Possibly, but it seems like you have a pretty good handle on the language. I just used those terms as an example. As you can see, it depends on the context. The true/false can be see as the whether the item was correctly/incorrectly identified and the positive/negative can be see as whether the correct/incorrect action was taken. I probably should have phrased it that way in the first place. I apologize for the confusion.
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    Dec 2009
    Posts
    14
    #6
    Quote Originally Posted by dynamik View Post
    The true/false can be see as the whether the item was correctly/incorrectly identified and the positive/negative can be see as whether the correct/incorrect action was taken.
    See this example
    An instance where an IDS identifies legitimate traffic as malicious activity is called which of the following?
    A. False positive
    B. True negative
    C. False negative
    D. True positive
    Answer: A

    "false" is undoubted. But the action is incorrect so it should be "negative". Do I have problem in this logic?
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #7
    It depends on your perspective and the context. It's a false positive because the traffic was correct/legitimate/etc. You're looking at the actual event/action/etc. taking place when you are trying to determine this. Labeling the traffic as malicious is secondary to the actual event and not what you should be evaluating.
    Reply With Quote Quote  

  9. Junior Member Registered Member
    Join Date
    Jun 2012
    Posts
    1
    #8
    Hello everybody, I am here to make a good explain for the the above terms.

    Four situations exist in this context, corresponding to the relation between the result of the detection for an analyzed event (‘‘normal’’ vs. ’’intrusion’’) and its actual nature (‘‘innocuous’’ vs. ‘‘malicious’’). These situations are:

    (False positive (FP), True positive (TP), False negative (FN), True negative (TN).)

    False positive (FP), if the analyzed event is innocuous (or ‘‘clean’’) from the perspective of security, but it is classified as malicious
    True positive (TP), if the analyzed event is correctly classified as intrusion/malicious
    False negative (FN), if the analyzed event is malicious but it is classified as normal/innocuous
    True negative (TN), if the analyzed event is correctly classified as normal/innocuous

    It is clear low FP and FN rates, together with high TP and TN rates, will result in good efficiency values.



    TP,TN,FP,FN (The last letter whether is N or P in every term refer to the source of original data that are classified as

    1-(N: negative or normal)

    2-(P: positive or intrusion)

    The first letter whether T or F is the analyzed event from the perspective of security (IDS) but you should [COLOR= ][COLOR= ]consider the letter F as a word "[/COLOR][/COLOR]Opposite" to the next letter to it.

    SO when you say the (FP) which means a False-intrusion. the opposite to intrusion = normal. So you should see that IDS see the data as normal while it is bad.

    Also FN means (false normal) where opposite to normal is bad... and here the IDS see the normal data as intrusion.

    Thanks
    Reply With Quote Quote  

  10. Junior Member Registered Member
    Join Date
    Oct 2015
    Posts
    2
    #9

    Default True Negative

    This question is wrong in my opinion.. As to my understanding a positive identifies a positively malicious traffic /person/ entry
    whereas a negative is benign traffic/person/entry. True or False jsut say whether is correctly or incorrectly identified

    False Positive - Traffic is incorrectly identified as malicious
    False Negative - The malicious traffic is allowed to exist unchecked
    True Negative - The benign traffic doesn't trigger an alarm
    True Positive - The malicous traffic is correctly identified and some action taken against it.

    Therefore my answer should be True Negative (B)
    Reply With Quote Quote  

  11. Junior Member Registered Member
    Join Date
    Oct 2015
    Posts
    2
    #10
    NO, A false positive is when the benign traffic is incorrectly identified as malicious. If the unauthorized user is give access this is false negative.
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    May 2013
    Posts
    1,114

    Certifications
    GWAPT, GSEC, Associate of (ISC)2, C|EH, CCNA:Security, CCNA:R&S, CCENT, Security+, Network+
    #11
    Identify what the question is asking. It asks about biometric authentication for AUTHORIZED USERS. Therefore a true positive is a correctly identified authorized user. In this scenario a false positive would be an intruder allowed access.

    Always identify what the question is asking and you cannot go wrong.
    Reply With Quote Quote  

  13. Senior Member danny069's Avatar
    Join Date
    Nov 2012
    Location
    NYC
    Posts
    999

    Certifications
    A+, Security+, ACMT, CASP, CEH, CCNA R&S, A.S. & B.S. Cyber Security Systems/Digital Forensics, M.S. Cyber Security
    #12
    @Techguru you hit the nail right on the head the answer should be D, because it is a legitimate authorized user.
    Reply With Quote Quote  

  14. Member
    Join Date
    Sep 2015
    Posts
    55

    Certifications
    CCENT CCNA R/S Security+ ce
    #13
    thats the key to multiple choice questions, the key words. The key word in this scenario is authorized.
    Reply With Quote Quote  

  15. Woohoo! It's over 1000!
    Join Date
    Aug 2015
    Location
    Australia
    Posts
    1,680

    Certifications
    RHCSA, Linux+, ACSA, ACTC, ACSP, MCSA:7, MCTS, ITIL F, Prince2 Pract, AgilePM Practioner, VCP-DCV, Storage+, CCNA R+S, CCNA Sec, Security+, CEH, CASP
    #14
    False Negative and False Positive are the more common terms.

    So, in these scenarios you are testing for some condition. The test can come back negative (condition not met) or positive (condition met). Sometimes the test isn't perfect and it says that the condition is met when really it isn't. In this case we say that it was a "false negative" or a "false positive". The opposite, when the test is correct, is "true negative" or "true positive".

    In this case the condition is "is this an authorised user?" So say that your authorised users are Dave, Mary, and Kim.
    Dave goes up to the biometric scanner and it says "I recognise this guy. This is Dave" and Dave gets access. - A True Positive, correctly identified and accepted
    Mary goes up to the biometric scanner and it says "I don't know you" and Mary is denied access. - A False Negative, wrongly identified and denied
    Phillip goes up to the biometric scanner and it says "I recognise this guy. This is Dave" and Phillip gets access. - A False Positive, wrongly identified and accepted
    Alex goes up to the biometric scanner and it says "I don't know you" and Alex is denied access.- A True Negative, correctly identified and denied

    So, what to do when you get a question like this - identify the condition, identify whether the test says it met the condition (positive) or not (negative), and identify whether the test was accurate (True) or not (False).
    2017 Goals - MCSA 2008, CISSP, CCNP:R+S, Agile PM
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks