| Types of Error |
|
From time to time I get interesting or pertinent questions from clients, colleagues and readers. I like to post the answers on my blog because I think more people may have the same question. Here is a question from a reader:
Thanks Don. I am looking for a good definition or comparison difference between a false positive and a false negative. I googled it, but the definition provided appears vague. My take is a false positive is a hit, but it doesn't apply to the system and a negative is that the opposite but someone else is connected to your network. I am still researching because it could be on the next exam and want to make sure I get those two terms straight.
Answer:
There are two main error types we have in testing and in systems that make selections:
Type I error which is also, α error, or false positive
Type II error which is also, β error, or a false negative
These terms are used in statistics and applied in information security to SPAM filtering, anti-virus, vulnerability scans, intrusion detection and biometrics authentication. In each instance they mean the same thing.
A Type I or 'false positive' is simply a positive result that is false. For a SPAM filter it would mean the email was tagged 'positive' as SPAM but it wasn't SPAM. For vulnerability scanners the result would indicate a vulnerability that did not exist. For biometrics a false positive is when the scanner identifies a person as someone else; someone is able to impersonate someone else. In biometrics a false positive is often referred to as false acceptance.
A Type II or 'false negative' is simply a negative result that is actually true. For a SPAM filter it is the SPAM that gets past the filter, in other words the filter did not detect it as SPAM. A false negative on a vulnerability scan would be a result that indicates a vulnerability where no vulnerability exists. Finally in biometrics a false negative is when the system fails to authenticate a legitimate user. In biometrics a false negative is often referred to as false rejection.
A related term you might see is Crossover Error Rate.
"Crossover Error Rate (CER) is a comparison metric for different biometric devices and technologies. It is the error rate at which the false acceptance rate (FAR) equals the false rejection rate (FRR). As an identification device becomes more sensitive or accurate, its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal, or cross over."
Ideally in a perfect world we don't want false negatives or false positives; we want the system to be 100% accurate 100% of the time. Since we don't live in a perfect world, statistically, we want these error rates to be low in our SPAM filters, anti-virus, vulnerability scans, intrusion detection and biometrics systems. The lower the better.
Note:
These terms maybe found on a number of security certification exams, such as CISSP, Security+, CISM etc…
Brought to you by Maze & Associates, a leading Northern California Accounting Firm specializing in Municipal & Nonprofit Audit, Tax for individuals and all types of entities, Information System Audits, Security Reviews, as well as PCI Scans and certified training. Maze & Associates is a PCI ASV - Approved Scanning Vendor.
Disclaimer: The views expressed here are those of the author and do not represent those of Maze & Associates.
|
Subscribe to LearnSecurity Blog using your favorite feed reader by 
Latest News
| New PCI Web Application Scanning! Helping your organization meet PCI compliance with PCI DDS § 6.6. |