Use of Confusion Matrix in Cyber Crime Control

Hi there,

In this blog I am going to tell you one use case of confusion matrix in cyber-security field. Till now we know the use of confusion matrix in Machine Learning , Deep Learning , Neural Network and AI, but where this ML or AI part help in controlling the cyber crime. But firstly we need to know what actually cybercrime and confusion matrix is, then only we will be able to understand how ML helping in Decreasing the work load on security team and in controlling cyber crime cases.

Confusion Matrix in Cyber Security
Confusion Matrix in Cyber Security

What is cybercrime?

Cybercrime is a criminal activity that either targets or uses a computer, a computer network, or a networked device. Most, but not all, cybercrime is committed by cybercriminals or hackers who want to make money. Cybercrime is carried out by individuals or organizations.

Cyber Crime Representational Image
Cyber Crime Representational Image
Cyber Crime Representational Image

Some cybercriminals are organized, use advanced techniques, and are highly technically skilled. Others are novice hackers.

Rarely, cybercrime aims to damage computers for reasons other than profit. These could be political or personal.

Types of cybercrime

There are a lots of cyber attack that we usually see or hear about. Some of them are…

  • Email and internet fraud.
  • Identity fraud (where personal information is stolen and used).
  • Theft of financial or card payment data.
  • Theft and sale of corporate data.
  • Cyberextortion (demanding money to prevent a threatened attack).
  • Ransomware attacks (a type of cyber extortion).
  • Crypto jacking (where hackers mine cryptocurrency using resources they do not own).
  • Cyberespionage (where hackers access government or company data).

Cybercrime performs for various reason:

  • Stealing of personal data
  • Identity stolen
  • For stealing organizational data
  • Steal bank card details.
  • Hack emails for gaining information.

In this particular blog I am focusing more on cyber attack like fishing attack or DOS attack on some kind of server. In such kind of attack hacker tries to crash the server for accessing data or for some other purpose. For providing extra security to the servers generally we have a Security team in Organization. But as we know it’s a world of Intelligent working so why don’t we use AI ( Artificial Intelligence ) for doing the same task. Well that’s nowadays possible and most of the organizations are using the same approach.

For protecting servers we use IDS ( Intrusion detection system ) . IDS works on the principle of AI as it uses the ML platform for checking the requests coming to the server. It detects malicious requests and inform to the organization, But we can’t relay 100% on such System as it’s just a system for helping us in improving security but we should keep in mind that it’s a Machine Learning Model and none of the model can predict 100% accurately. It might predict wrong but the prediction ( right or wrong ) may be of different type. Didn’t get my point…?? Hold ON.. You need to understand the point of Confusion Matrix for that ( Afterall IDS is working on ML ). So let’s understand it first…

IDS at production level for Security.
IDS at production level for Security.
Intrusion detection system

What is Confusion Matrix and why we need it?

Confusion Matrix
Confusion Matrix
Confusion Matrix

Confusion matrix is a matrix that represents result of classification. It represents true and false classification results. The followings are the possibilities to classify events shown in Table below: —

True positive (TP): Intrusions that are successfully detected by the IDS.

False positive ( FP): Normal/non-intrusive behavior that is wrongly classified as intrusive by the IDS. Also known ad Type1 Error.

True Negative (TN): Normal/non-intrusive behavior that is successfully labeled as normal/non-intrusive by the IDS.

False Negative ( FN): Intrusions that are missed by the IDS, and classified as normal/non-intrusive. Also known ad Type2 Error.

IDS model working on Attacks
IDS model working on Attacks
IDS model working on Attacks

For the Security Team in an organization Type 1 error is most dangerous as the IDS will inform wrong ( false ) that there isn’t any Attack, But it’s wrong so the security team has to work on such kind of IDS errors. In this way security team get to know when and where to take action. Confusion Matrix of IDS help them to take correct actions in time.

For calculating the accuracy of the model:

(TP+TN)/total = 0.X

so the X% model is accurate for checking the person has cancer or not in our case.

Now, I believe you got all my points after reading this blog. If you still have any doubt or suggestions related to point, Let me know in the comments. If you like the above blog, please clap and share it.

DM me on LinkedIn in case of suggestions/feedback/queries:

Thank you! Signing off :) 🙌

Passinate Technology Lover …