At a Glance: False Positive etc.

I am always struggling with the definition of a “false positive” though it should be easy. Since I love figures that point out the most important facts I drew one concerning the false positive etc. structure. It is based on the example of a malware detection in which an engine decides whether a piece of software is a malware or not. Here it is:

False Positive etc

–> The basic thing to remember is that the “positive/negative” relates to the test results while the “true/false” is the link from the test results to the real input.

  • A true positive is recognized if real malware was detected as malware.
  • A false positive occurs if the test of malware was positive, i.e., detected malware, but the real file is NOT a malware. That is, the (positive) test result was false.
  • A true negative is the correct situation in which “no malware” was detected as “no malware”.
  • A false negative is something like a “Missed SPAM” in which malware came in but was not recognized as that.

Leave a Reply

Your email address will not be published. Required fields are marked *