Task 05 ??????

CONFUSION MATRIX : The confusion matrix was invented in 1904 by Karl Pearson. He used the term Contingency

A confusion matrix is a performance measurement technique for Machine learning classification problems. It’s a simple table which helps us to know the performance of the classification model on test data for the true values are known.

Suppose we create a ML model which predicts whether given image is of chocolate or not. Let there be a total of 100 predictions done by model:

General terminology of above figures in confusion matrix:

(FP and FN are 2 types of error in Confusion Matrix):

To calculate Accuracy::

TP+TN/TP+TN+FN+FP

30+55/30+55+10+5= = 0.85

Confusion Matrix’s implementation in monitoring Cyber Attacks:

? True Positive (TP): The amount of attack detected when it is actually attack.

? True Negative (TN): The amount of normal detected when it is actually normal.

? False Positive (FP): The amount of attack detected when it is actually normal (False alarm).

? False Negative (FN): The amount of normal detected when it is actually attack.

What is a Cybercrime?

Cybercrime is criminal activity that either targets or uses a computer, a computer network or a networked device.

Most, but not all, cybercrime is committed by cybercriminals or hackers who want to make money. Cybercrime is carried out by individuals or organizations.

Some cybercriminals are organized, use advanced techniques and are highly technically skilled. Others are novice hackers.

Rarely, cybercrime aims to damage computers for reasons other than profit. These could be political or personal.

Examples of the different types of cybercrime :

• Email and internet fraud.
• Identity fraud.
• Theft of financial or card payment data.
• Theft and sale of corporate data.
• Cyberextortion (demanding money to prevent a threatened attack).
• Ransomware attacks (a type of cyberextortion).
• Cryptojacking (where hackers mine cryptocurrency using resources they do not own).
• Cyberespionage (where hackers access government or company data).

Most cybercrime falls under two main categories :

• Criminal activity that targets
• Criminal activity that uses computers to commit other crimes.

Confusion matrix finds a very important use in intrusion detection system:

What is Intrusion detection system?

Intrusion detection system checks if any malicious activity is happening on server by means of networking . IDS is a based on machine learning . Its uses BINARY CLASSIFICATION method to detect the activities happening and tries to detect the attack.

ATTACK cases :1)If attack happens then ML model says (negative=0)

2)And if doesn't happens then ML model says (positive=1)

Generally if attack happens we have to operate on it using IOT (Internet of things ) devices to notify the system administrators. Some IOT devices are Smart Mobiles, smart refrigerators, smart watches, smart fire alarm, smart door lock, smart bicycle, medical sensors, fitness trackers, smart security system etc... This is called notification.

For finding total number of actual attacks SOC team is deployed. Confusion matrix plays a vital role in finding the actual number of total threats on system . The case False positive is one of the most dangerous case which is encountered while detecting the threats. Lets understand this case :

If 100 hackers did not attack on the system as predicted by the ML model trained using binary classification concept. But by SOC team out of those 100 attack 80 of them were actually the cases where our system didn't get attack by hackers meanwhile 20 were actually those numbers of threats which our system actually received and is actually under threat. But according to our model 100 hackers didn't attack and SOC uses confusion matrix method to detect that out of those 100 , 20 were the actual threats. SO confusion matrix is very important in such scenario where model tells something else and prediction is something else.

THANKYOU!