What is true attack stimulus?

Chapter 7 VocabularyIntrusion -occurs when an attacker attempts to gain entry into or disrupt the normal operationsof an information system, almost always with the intent to do harm.Intrusion Detection Systems (IDSs) –devices that detect unauthorized activity within the innernetwork or on individual machines.Intrusion Prevention Systems (IPS) –devices that work to prevent unauthorized networkaccess.Intrusion Detection and Prevention Systems (IDPSs) –devices that are a combination ofintrusion detection systems and intrusion prevention systems.Alert/Alarm– an indication that a system has just been attacked or is under attack.Evasion– the process by which attackers change the format and/or timing of their activities toavoid being detected by the IDPS.False Attack Stimulus– an event that triggers an alarm when no actual attack is in progress.False Negative –the failure of an IDPS to react to an actual attack event.False Positive– an alert or alarm that occurs in the absence of an actual attack.Noise– alarm events that are accurate and noteworthy but that do not pose significant threats toinformation security.Site Policy –the rules and configuration guideline governing the implementation and operationof IDPSs within the organization.Site Policy Awareness– an IDPS’s ability to dynamically modify its configuration in responseto environmental activity.True Attack Stimulus– an event that triggers alarms and causes an IDPS to react as if a realattack is in progress.Tuning- the process of adjusting an IDPS to maximize its efficiency in detecting true positives,while minimizing both false positives and false negatives.Confidence Value– the measure of an IDPS’s ability to correctly detect and identify certaintypes of attacks. The confidence value an organization places in the IDPS is based on experienceand past performance measurements. It is based on the fuzzy logic.

This topic is a refresher for some or something new for others, but it is nice to know the true meaning of those terms in Cyber Security – Malware detection definition;

True Positive: A legitimate attack which triggers to produce an alarm. You have a brute force alert, and it triggers. You investigate the alert and find out that somebody was indeed trying to break into one of your systems via brute force methods.

False Positive: An event signalling to produce an alarm when no attack has taken place. You investigate another of these brute force alerts and find out that it was just some user who mistyped their password a bunch of times, not a real attack.

False Negative: When no alarm is raised when an attack has taken place. Someone was trying to break into your system, but they did so below the threshold of your brute force attack logic. For example, you set your rule to look for ten failed login in a minute, and the attacker did only 9. The attack occurred, but your control was unable to detect it.

True Negative: An event when no attack has taken place and no detection is made. No attack occurred, and your rule didn’t make fire.