I am always struggling with the definition of a “false positive” though it should be easy. Since I love figures that point out the most important facts I drew one concerning the false positive etc. structure. It is based on the example of a malware detection in which an engine decides whether a piece of software is a malware or not. Here it is:
–> The basic thing to remember is that the “positive/negative” relates to the test results while the “true/false” is the link from the test results to the real input.
- A true positive is recognized if real malware was detected as malware.
- A false positive occurs if the test of malware was positive, i.e., detected malware, but the real file is NOT a malware. That is, the (positive) test result was false.
- A true negative is the correct situation in which “no malware” was detected as “no malware”.
- A false negative is something like a “Missed SPAM” in which malware came in but was not recognized as that.