Intrusion detection system Terminology

  • Alert/Alarm: A signal suggesting that a system has been being attacked.
  • True Positive: A legitimate attack which triggers an IDS to produce an alarm.
  • False Positive: An event signaling an IDS to produce an alarm when no attack has taken place.
  • False Negative: A failure of an IDS to detect an actual attack.
  • True Negative: When no attack has taken place and no alarm is raised.
  • Noise: Data or interference that can trigger a false positive.
  • Site policy: Guidelines within an organization that control the rules and configurations of an IDS.
  • Site policy awareness: An IDS’s ability to dynamically change its rules and configurations in response to changing environmental activity.
  • Confidence value: A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack.
  • Alarm filtering: The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks.
  • Attacker or Intruder: An entity who tries to find a way to gain unauthorized access to information, inflict harm or engage in other malicious activities.
  • Masquerader: A user who does not have the authority to a system, but tries to access the information as an authorized user. They are generally outside users.
  • Misfeasor: They are commonly internal users and can be of two types:
    1. An authorized user with limited permissions.
    2. A user with full permissions and who misuses their powers.
  • Clandestine user: A user who acts as a supervisor and tries to use his privileges so as to avoid being captured.

Source (Wikipedia)


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s