Confusion Matrix’s implementation in monitoring Cyber Attacks

What is a Cybercrime?

Cybercrime is a criminal activity that either targets or uses a computer, a computer network, or a networked device.

  • Identity stolen
  • For stealing organizational data
  • Steal bank card details.
  • Hack emails for gaining information.
  • Cyberextortion (demanding money to prevent a threatened attack).
  • Cryptojacking (where hackers mine cryptocurrency using resources they do not own).
  • Cyberespionage (where hackers access government or company data).

What is Confusion Matrix?

A confusion matrix is a table that is often used to describe the performance of a classification model (or “classifier”) on a set of test data for which the true values are known. The confusion matrix itself is relatively simple to understand, but the related terminology can be confusing.

  1. True negative: An instance for which both predicted and actual values are negative.
  2. False Positive(TYPE 1 ERROR): An instance for which the predicted value is positive but the actual value is negative.
  3. False Negative(TYPE 2ERROR): An instance for which the predicted value is negative but the actual value is positive.

Need for Confusion Matrix in Machine learning:
- It evaluates the performance of the classification models, when they make predictions on test data, and tells how good our classification model is.
- It not only tells the error made by the classifiers but also the type of errors such as it is either type-I or type-II error.
- With the help of the confusion matrix, we can calculate the different parameters for the model, such as accuracy, precision, etc.

Confusion Matrix’s implementation in monitoring Cyber Attacks:

The data set was used for The Third International Knowledge Discovery and Data Mining Tools Competition, which was held in conjunction with KDD-99 The Fifth International Conference on Knowledge Discovery and Data Mining. The competition task was to build a network intrusion detector, a predictive model capable of distinguishing between “bad’’ connections, called intrusions or attacks, and “good’’ normal connections. This database contains a standard set of data to be audited, which includes a wide variety of intrusions simulated in a military network environment.

Conclusion:

A confusion matrix is a tabular summary of the number of correct and incorrect predictions made by a classifier. It is used to measure the performance of a classification model. It can be used to evaluate the performance of a classification model through the calculation of
performance metrics like accuracy, precision, recall, and F1-score.