Cyber Crime-Confusion Matrix
For illegal activities, cybercriminals utilize any network computing devices as a primary means of communication with a victims’ devices, so attackers get profit in terms of finance, publicity and others by exploiting the vulnerabilities over the system. Cybercrimes are steadily increasing daily. Using Machine learning is good way to moniter attcks by cyber criminals.
What is Confusion Matrix?
A Confusion matrix is the comparison of the predicted results and the actual results in any classification problem use case. The comparison is extremely necessary to determine the performance of the model after it is trained with some training data.
Confusion Matrix can be easily explained by taking an example of Binary Classification. The result of any binary classification problem is either True or False.Sometimes the true result is in our favour while other times False is in our favour.Anything thats in our favour is Positive result and the other is Negative result.
Confusion matrix is used to get an alert if any doubtful activity is identified on the web server.Intrusion detection system (IDS) is a software application that moniters a system or network for malicious activity and policy violation.
Here detection of malicious activity is Negative as it is againt our favour.On the other hand non detection of any such activity is Positive as it is in our favour.
When IDS predicts the attack on server, it gives a True value or False value:
a)If it gives a ‘True’ alarm, and its actually ‘True’ then its called “True Negative”(TN) .If its not ‘True’ then its called “False Negative”(FN).
b)If it gives a alarm ‘False’, and its actually ‘False’ then its called “True Positive”(TP). If its not ‘False’ then its called “False Positive”(FP).
We find two types of errors here:
- False Positive-This is a very dangerous error as it doesn’t alert us about the attacks that are actually happening.Instead of alerting it asks us to be carefree about it. This is also called “Type One Error”.
- False Negative- This error is not very harmful.It just alerts for the attacks that didnt happen.This is also called “Type Two Error”
Thanks!