Which signature type results in a legitime alert been dismissed?
A. True negative
B. False negative
C. True Positive
D. False Positive
Which signature type results in a legitime alert been dismissed?
A. True negative
B. False negative
C. True Positive
D. False Positive
False negative. See https://www.quora.com/What-is-the-best-example-for-false-negative-false-positive-true-negative-and-true-positive-in-machine-learning for nice explanation.
my opinion is C. True Positive, because signature type resultsing legitimate alert been dismissed/stopped, right ?
based on this statement
True positives are the desired type of alert. They mean that the rules that generate alerts have worked.
False positives are not desirable. Although they do not indicate that an undetected exploit has occurred, they are costly because cybersecurity analysts must investigate false alarms; therefore, time is taken away from an investigation of alerts that indicate true exploits.
True negatives are also desirable. They indicate that normal traffic is correctly ignored and erroneous alerts are not being issued.
False negatives are dangerous. They indicate that exploits are not being detected by the security systems that are in place. These incidents could go undetected for a long time, and ongoing data loss and damage could result.
How come the answer is B. False Negative when False Negative doesn’t even make an alert?
In my opinion shouldn’t it be D. False Positive? Because the Alert was Legit so it got dismissed, right?
Let me know if i misunderstood it. Thanks!