The most common problem in the operation of an intrusion detection system (IDS) is:
the detection of false positives.
receiving trap messages.
Because of the configuration and the way IDS technology operates, the main problem in operating
IDSs is the recognition (detection) of events that are not really security incidents- false positives,
the equivalent of a false alarm. An IS auditorneeds to be aware of this and should check for
implementation of related controls, such as IDS tuning, and incident handling procedures, such as
the screening process to know if an event is a security incident or a false positive. Trap messages
aregenerated by the Simple Network Management Protocol (SNMP) agents when an important
event happens, but are not particularly related to security or IDSs. Reject-error rate is related to
biometric technology and is not related to IDSs. Denial-of-service is a type of attack and is not a
problem in the operation of IDSs.