A positive security model defines the set of allowed types and values. It delivers protection where signature-based security cannot fill the gap. A Positive Security Model defines what is allowed and rejects the rest, and therefore can curb zero-day attacks. It is the opposite of a Negative Security Model that defines what is forbidden and accepts the rest. Advanced positive security model engines are based on bahavioral analysis and machine-learning to identifiy and define legitimate traffic.
See also: Negative Security Model