Confusion Matrix and Cyber Attacks
Cyber crime is defined as an illegal activity which involves the use of computer or another digital device and network. It is mostly attack on information which is personal and of high importance for individual, organization or government and its exposure can cause serious threats, infrastructure damages, financial loss, and even loss of life.
Detecting various cyber-attacks in a network is very necessary. The application of Machine Learning model in building an effective Intrusion Detection System (IDS) comes into play. A binary classification model can be used to identify what is happening in the network i.e., if there is any attack or not. For evaluation of model a metric used is Confusion Metrix.
Confusion Matrix
A confusion matrix is a table that is used to determine the performance of a classification model. We compare the predicted values for test data with the true values known to us. By this, we know how many cases are classified correctly and how many are classified incorrectly. The table below shows the structure of confusion matrix.
→ In two-class problem, such as attack state, we assign the event normal as “positive” and anomaly as “negative“.
→ “True Positive” for correctly predicted event values.
→ “False Positive” for incorrectly predicted event values.
→ “True Negative” for correctly predicted no-event values.
→ “False Negative” for incorrectly predicted no-event values.
Confusion matrices have two types of errors: Type I and Type II
Type I error:
This type of error can prove to be very dangerous. Our system predicted no attack but in real attack takes place, in that case no notification would have reached the security team and nothing can be done to prevent it. The False Positive cases above fall in this category and thus one of the aim of model is to minimize this value.
Type II error:
This type of error are not very dangerous as our system is protected in reality but model predicted an attack. the team would get notified and check for any malicious activity. This doesn’t cause any harm. They can be termed as False Alarm.
