Confusion Matrix in Cyber Attack Detection

? What is Cyber Attack?

A cyber attack is an assault launched by cybercriminals using one or more computers against single or multiple computers or networks. A cyber attack can maliciously disable computers, steal data, or use a breached computer as a launch point for other attacks.

What is Confusion Matrix?

A confusion matrix is a technique for summarizing the performance of a classification algorithm.

Calculating a confusion matrix can give us a better idea of what our classification model is getting right or not and what types of errors it is making.

Types of Errors:-

Before we understand these error, let's have a look at the following terms:-

• True Positive:- These are cases in which we predicted yes (they are under attack), and they really are under attack.
• True Negative:- We predicted no, and they don't gonna get attacked.

Type-I Error:- It is called False Positive and this is very dangerous for us.

So, let's understand that how it is dangerous.

Suppose, there is a company that has confidential data of many clients in their database. And they are using ML (confusion matrix) for detecting the cyber attack threats that are gonna come up.

Let's say the Model predicted that they are safe but in actuality, they are not. So, this prediction will be termed as False Positive. Here, the prediction is in favor of the company but it is a false prediction resulting in taking no action by the company towards the threat and this can do so much damage to their business.

The reason behind, why it is called Type-I Error is because False Positive = False True and that only has one F.

Type-II Error:- It is called False Negative. It may not be that dangerous but can be very disturbing.

So, let's understand that how it can be disturbing by taking the above example.

Suppose, the model predicted that they are not safe but in actuality, they are. So, this prediction will be termed as False Negative. Here, the prediction is not in favor of the company, and for alerting the company people they might have some alarms that will start disturbing them. Here, I'm using the term 'disturbing' because these alarms will only disturb them as the prediction is false so it makes no sense to alert them.

And there may be a case when their model's accuracy sucks and they get so many false negatives(alarms) so, if True Negative prediction comes up (means an actual threat of attack) then they might think it of as a false alarm and ignore it, which may lead to severe damage to their business.

The reason behind, why it is called Type-II Error is because False Negative = False False thus there are two F’s making it a Type II.

Conclusion:-

Cyber Crimes are very common nowadays and there are lots of SIEM tools in the market so, we should always choose the one, wisely as the security of our data is very critical for us.

Thank You for Reading :)

Hope you like it...