False-negative rate is a metric, one of the accuracy numbers a thorough DDoS test is built to measure. It is the fraction of attack traffic that a mitigation control fails to recognize and block, letting that traffic leak through the filter and reach the origin. It is the mirror of the false-positive rate: where false positives reject real users, false negatives admit real attack packets, and every defensive layer trades one against the other when its thresholds are tuned.
Why it matters in DDoS testing
A mitigation that blocks 95 percent of a flood still passes the other 5 percent, and at terabit scale that leakage can be enough to saturate the origin on its own. The false-negative rate is what makes a control's coverage measurable rather than assumed. A test drives a known attack volume and counts how much reaches the origin, quantifying the leak so detection thresholds can be tightened where it actually matters.
How leakage differs across mitigation platforms is examined in AWS Shield vs Cloudflare DDoS protection.