Because controls of an Intrusion Prevention/Detection system, like all other types of controls, have the potential to have unintended negative consequences, security and operational administrators of such systems have to make several important decisions, namely:                a. Should a particular IPS filter be used or not; and        b. Should an IPS filter be used in protection mode or just a detection mode.        
Since often the IPS filter to be employed in an IPS does not have a chance to be thoroughly examined in all potential usage scenarios before it is needed, the more information can be provided regarding this IPS filter, the more effective decisions can be made about the deployment of the IPS filter and its associated risks.
Accordingly, there is a need in the industry for the development of improved methods and system for determining performance of the IPS filter prior and during its use as part of a intrusion detection and protection.