Dealing with false positives

[nagarjung]

Hi @nv-anssi ,

I have analysed the results of detection tool with our older RIB files and I suspect there false positives.

{"timestamp": 1489445634.0, "collector": "rrc01", "peer_as": 4755, "peer_ip": "121.244.206.224", "announce": {"type": "F", "prefix": "1.12.0.0/16", "asn": 4847, "as_path": "4755 6453 4134 4847"}, "conflict_with": {"prefix": "1.12.0.0/14", "asn": 18245}, "asn": 18245, "type": "ABNORMAL"}

Here prefix -"1.12.0.0/16" is said to be Abnormal for "asn": 4847, "as_path": "4755 6453 4134 4847

But the history of the RIB files shows that the ASN 4847 has been consistently advertising the prefix 1.12.0.0/16 and seems to be maintaining its stability.

So according to some papers/algoithms they are not abnormal. How are you trying to deal with such false posivities. Please help me to understand If I am wrong here