CYBERCRIME — CONFUSION MATRIX

  • A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to alter computer code, logic or data and lead to cybercrimes, such as information and identity theft.
  • Intrusion detection systems (IDS) which monitor and identify malicious behaviour on network traffic have been extensively researched and used in traditional IT infrastructures.
  • Such tools play a key role in the understanding the cyber-attack that has occurred and can aid a faster and more efficient incident response rate.
  • It’s a simple table which helps us to know the performance of the classification model on test data for the true values are known.
  • A confusion matrix contains information about actual and predicted classifications done by a classification system.
  • Performance of such systems is commonly evaluated using the data in the matrix.
  • A much better way to evaluate the performance of a classifier is to look at the confusion matrix.
  • Confusion matrix is also known as “error-matrix”.
  • The following table shows the confusion matrix for a two class classifier.
                                TP + TN 
AC = -----------------
TP + TN + FP + FN
                                  TP
TPR = ---------
FN + TP
                                  FP
FPR = ---------
TN + FP
                                  TN
TNR = ---------
TN + FP
                                  FN
FNR = ---------
FN + TP
                                  TN
NPV = ---------
TN + FN
                                  TP
PPV = ---------
TP + FP
* We predicted yes, but they are not leaving the network (not churn) i.e., we are wrongly predicted a negative as positive. It is known as a “Type 1 error”.* In case of cyber attacks, it predicts that attacks are not happening but in real it happens which leads to a vicious one.* so, that's why type 1 error is the most dangerous.
* We predicted no, but they are actually leaving the network (churn) i.e., we are wrongly predicted a positive as negative. It is known as a “Type 2 error” or “False Alarm”* In case of cyber attacks, it predicts that attacks are happening but in real it does not occur.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store