How is Confusion Matrix related to cybercrime attacks?

What is Cyber Attack?

A cyber attack is an attack on the servers or computer in the public or private internet where the attacker seeks to expose, damage, alter, disable or try stealing the current data or changing the system configuration, and that is done unauthorized. The act of doing this cyberattack is called cybercrime.

What is the solution being used in the industry to prevent it?

Many different techniques and applications have been developed to prevent cybercrimes. We even have some organization which is specifically working for the security of the Internet. Different techniques are being used.

Confusion Matrix

1. True Positive: This column holds the number of data out of the total, which is True in actual data and is correctly predicted by the machine.
2. False Positive: This column hold the number of data out of the total, which is True in actual data, but the machine predicted them false.
3. False Negative: This column holds the number of data out of the total, which is False in actual data and machine predicted then wrong, i.e., True.
4. True Negative: This column holds the number of data out of the total, which is False in actual data, and the machine also predicted then false, i.e., which means correct prediction.

Confusion Matrix and Cyber Security

Consider we have a server where we received 1000 data traffic in 1 hour. . As I mention machine can never be 100 % correct so let’s check how it did. When our machine evaluated our data traffic, let’s say it predicted that the packet/transmission is dangerous or not to the server. We want to know if the packet or transmission was good(True/1) or suspicious(False/0).

In the above image, our Machine Learning model predicted 750 packets as same, and they were safe, which is a good thing that we know 750 packets came, and they were safe. Then we can see that model said that 165 packets were suspicious and dangerous, and they were dangerous in actuality, so the machine gave us the correct information, and we were able to deal with it in time. Now we have 20 of the packets predicted as dangerous, but they are safe packets in actuality. In this case, the model alerted a false alarm. It said the safe data unsafe and made the security guys have a look. This one is a Type 2 error; they are not very dangerous in the real world. Finally, we have 65 packets which we in actuality, dangerous, but the machine predicted that they were good and safe. The packet was actually false(dangerous). Still, the model predicted they were True(safe) and that packet did not trigger any alarm or notified the security as passed in the server. This is called a Type 1 Error, and they are very dangerous to the server or real-world example. It is like something bad happened, and we were notified that everything is fine.

So this is how the confusion matrix help in cyber attack monitoring. The team checks the matrix and evaluates everything, and even tries to reduce the type 1 error as much as possible.