Goals of an IDS System

• An IDS systems goal is to return as few false positives as possible, while missing the least number of false negatives.

• In an IDS sense;

  • False positive - A session or connection flagged as an attack, but is actually a normal or legitimate connection. These create extra work and reduce confidence in the system.
  • False negative - An attack or misuse that was not detected by the system. This does keep work down, but makes the system useless.

• Generally, error towards a few false positives and no false negatives if possible.

Previous slide

Next slide

Back to first slide

View graphic version