A false positive is a result which indicates that a given condition has been fulfilled when it actually has not been fulfilled.
In terms of IDS, a false positive is an alarm triggered by normal traffic or a benign action.
Consider the scenario: A signature exists that generates alarms if the enable password of any network devices is entered incorrectly. A network administrator attempts to log in to a device but enters the wrong password. The IDS cannot distinguish between a rogue user and network administrator, and generates an alarm.
A true positive is a result which detects the condition when it is is present and when the given condition is fulfilled.
In terms of IDS, a true positive occurs when an IDS and IPS signature is correctly fired, and an alarm is generated when offending traffic is detected.
For example, consider a Unicode attack. IPS sensors have signatures that detect Unicode attacks against Microsoft Internet Information Services (IIS) web servers. If a Unicode attack is launched against Microsoft IIS web servers, the sensors detect the attack and generate an alarm
Note: MSS average false positives rate as reported by our global customer base is between 0.5% and 1.5%.