Network layers | Computer Science homework help

In the event of an unknown zero-day attack, an intrusion detection system (IDS) might not be able to detect the attack and therefore fail to alert the administrator. Any failure to detect an attack is called a false negative. When alarms are not going off, it’s common to assume that no malicious events are taking place. If that’s a false assumption, real attacks are occurring and security staff is unaware.

False positives may create a false sense of security for the opposite reason—too many alarms from benign occurrences. An administrator might react quickly to the first few alarms. However, after receiving additional false positives, a busy administrator might put off investigating the alarms or ignore them.

Don't use plagiarized sources. Get Your Custom Essay on
Need an answer from similar question? You have just landed to the most confidential, trustful essay writing service to order the paper from.
Just from $11/Page
Order Now

Answer the following question(s):

Assume you are a network administrator responsible for security. In your opinion, which is worse—false positives or false negatives? Why?