Confusion Matrix - IDS

WHAT IS CONFUSION MATRIX?

A Confusion matrix is an N x N matrix used for evaluating the performance of a classification model, where N is the number of target classes. The matrix compares the actual target values with those predicted by the machine learning model. This gives us a holistic view of how well our classification model is performing and what kinds of errors it is making.

It is a table with 4 different combinations of predicted and actual values.

The above table has the following cases:

• True Negative: Model has given prediction No, and the real or actual value was also No.
• True Positive: The model has predicted yes, and the actual value was also true.
• False Negative: The model has predicted no, but the actual value was Yes, it is also called as Type-II error.
• False Positive: The model has predicted Yes, but the actual value was No. It is also called a Type-I error.

TWO TYPES OF ERROR OF CONFUSION MATRIX :

Confusion matrices have two types of errors: Type I and Type II.

Type I error:

The first way is to rewrite False Negative and False Positive. False Positive is a Type I error because False Positive = False True and that only has one F. False Negative is a Type II error because False Negative = False False so thus there are two F’s making it a Type II. (Kudos to Riley Dallas for this method!)

Type I error:

The second way is to consider the meanings of these words. False Positive contains one negative word (False) so it’s a Type I error. False Negative has two negative words (False + Negative) so it’s a Type II error.

What is CYBERCRIME ?

Cybercrime, also called computer crime, the use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. Cybercrime, especially through the Internet, has grown in importance as the computer has become central to commerce, entertainment, and government.

CYBER-SECURITY WITH CONFUSION MATRIX

An intrusion detection system (IDS) is a necessity to protect against network attacks. The system monitors the activity within a network of connected computers in order to analyze the activity for intrusive patterns. Should an `attack' event happen, then the system has to respond accordingly. Different machine learning techniques have been proposed in the past roughly falling into two categories namely clustering algorithms and classification algorithms. In this paper, the IDS is designed with a neural network ensemble method to classify the different attacks. The neural network ensemble method comprises autoencoder, deep belief neural network, deep neural network, and an extreme learning machine. The NSL-KDD data set is used to measure the detection rate and false alarm rate of the implemented neural network ensemble method. The detection rate and false alarm rate are the two important measure for IDSs, however, several other measures are also reported on such as confusion matrix, classification accuracy, and AUC (area under curve).