A false positive is an event which has been incorrectly matched against one or more security rules. For example, a security rule may state that any web request with the keyword "DROP" located within it shall be considered a SQL injection attack. However, if a student of "Example University" were to attempt to drop a course using the URL: http://www.example.com/university-courses/drop-course.aspx, the security system would (incorrectly) terminate the student's session based on the simple security policy criteria mentioned above.
False positives are a common occurrence in intrusion detection systems, spam filters, and other security systems; especially when left in a state of default configuration. However, false positive rates should eventually reduce down to manageable levels once the security systems are tuned for the operating environment in which they've been deployed.
|
|
Last Updated on Saturday, 21 November 2009 09:23 |
Feed Entries 
Tech Encyclopedia 
