What is the difference between a false positive and a false negative in the context of an ids?

• Updated at March 18, 2021
• By Gatefy
• Blog, Education

In the world of information security, false positive is the term used to indicate a file or item that is marked as malicious, but, in fact, isn’t.

A false negative is the opposite. It happens when a malicious file or item is labeled as secure, clean.

In the end, false positive and false negative are errors and failures found in protection solutions that fail to label files and items correctly.

Are you confused about it?

So, first, let’s use a more common analogy for those who aren’t used to information technology. Then, we’ll check more technical details, create examples and talk about when each situation or term occurs within the information security.

Check it out below!

Table of Contents

Subscribe to the Gatefy Blog

What are false positive and false negative?

To explain false positive and false negative, we’ll use a home pregnancy test as an analogy. A woman decided to take a home pregnancy test to find out if she is pregnant or not.

As these tests are, generally, not extremely accurate, the result was negative. That is, she isn’t pregnant according to the test.

However, a few weeks later the pregnancy was confirmed. Therefore, the test revealed a false negative. In fact, she was pregnant.

The opposite situation can also be true. A pregnancy test can be positive at first, and a few weeks later the pregnancy isn’t confirmed.

In this case, the test result marked a false positive.

If we bring this example to information security, the home pregnancy test would be equivalent to a cybersecurity software or solution responsible for detecting threats or not.

In this article, you can see other examples of false negative and false positive, some related to the COVID-19 pandemic.

Now that the concept of both terms is clearer, we can make reading more interesting and bring it to information technology.

False negative in information security

In the case of a false negative, a malicious file or item gained access to your system or network because it was classified as legitimate by your protection solution. Let’s make a comparison using email.

Imagine that your company received an email that contained a virus or ransomware attached. Since you received the message, obviously, the email security solution that your company uses didn’t detect the threat.

But why didn’t my email security solution issue an alert? How did the threat go unnoticed?

The main reason for false negative occurrence refers to a new threat or, as we say, a zero-day attack.

That is, recent attacks are more difficult to combat, as cybercriminals are constantly searching for new ways to attack, lure and lie.

False positive in information security

As we have said, a false positive is a flaw that a scanning and protection software generates when a legitimate activity is classified as an attack.

Invariably, a false positive results in a website, file, or item being quarantined, blocked, or deleted.

At first, a false positive may not seem as harmful as a false negative. But think long term.

What losses would you have, for example, if your email protection solution blocked emails from new customers?

There is a good comparison between a false positive and a fire alarm. Imagine that the fire alarm went off, everyone ran, but it was nothing. False alarm.

Now count the time and energy that was spent on this process. That’s why, in the long run, a false positive can be as harmful as a false negative.

The most common cause of false positives is when the software identifies a signature or behavior of a file as being similar to that of a threat, such as malware.

How to prevent false positive and false negative

If you have a cybersecurity solution that generates a lot of false positives, you can send samples of the files to the solution vendor, add the files to a safe list or whitelist, or evaluate other solutions.

False negatives tend to be more dangerous. Therefore, the best way to avoid them is to keep your solution up to date, so that samples of different threats also remain current.

If you are looking to reduce false alarms specifically in email, consider Gatefy. After all, we’re experts in email security solutions, and innovation when it comes to technology.

We hope that this article has solved all your doubts about false negative and false positive, after all, there were three different examples to conceptualize the terms. In addition, we have brought the application of these terms to information security.

With that, you’re now able to identify occurrences and search for solutions to give more efficiency to your daily life.

Phishing & Spear Phishing

Download our ebook to understand the difference between phishing and spear phishing attacks.

Don't forget to share this post

This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, see our Privacy Policy. If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference not to be tracked.AcceptDecline

What is false positive and true positive in security?

What is false positive in information security?

What is a false negative in cyber security?

What is false positive and false negative in machine learning?