- A true positive is an outcome where the model correctly predicts the positive case.
- Ex: Downloaded file is malware, and the A.V. detected it as malware.
- A true negative is an outcome where the model correctly predicts the negative case.
- Ex: Downloaded file is NOT malware, and the A.V. did NOT detect it as malware.
- A false positive is an outcome where the model incorrectly predicts the positive case.
- Ex: Downloaded file is NOT malware, but the A.V. detected it as malware.
- A false negative is an outcome where the model incorrectly predicts the negative case.
- Ex: Downloaded file is a malware, AV did NOT detect it as malware.
- True Positive and True Negative are ideal cases; i.e. when everything is working correctly.
- False Positive–Increases work and leads to alert-fatigue.
- False Negative–Is very dangerous because malicious activity happened, but the solution did not detect it.