Confusion Matrix and Cyber Attacks
Cybercrime is criminal activity that either targets or uses a computer, a computer network or a networked device.
Most, but not all, cybercrime is committed by cybercriminals or hackers who want to make money. Cybercrime is carried out by individuals or organizations.
Some cybercriminals are organized, use advanced techniques and are highly technically skilled. Others are novice hackers.
Rarely, cybercrime aims to damage computers for reasons other than profit. These could be political or personal.
A cyber attack is an attack on the servers or computer in the public or private internet where the attacker seeks to expose, damage, alter, disable or try stealing the current data or changing the system configuration, and that is done unauthorized. The act of doing this cyberattack is called cybercrime.
Some of the examples of cyber attacks are:
- Stealing corporate attack and hacking servers
- Theft and sale of corporate data.
- Stealing bank details and card details
- Fishing Sites and Scam
- IoT device hacking
- Flooding the servers with unnecessary traffic
- Ransomware attacks (a type of cyberextortion).
These are a few examples of Cyber Attacks.
According to Gartner, the worldwide information security market is forecast to reach $170.4 billion in 2022. Around 88% of organizations worldwide experienced spear phishing attempts in 2019. Data breaches exposed 36 billion records in the first half of 2020. 86% of breaches were financially motivated and 10% were motivated by espionage. 45% of breaches featured hacking, 17% involved malware and 22% involved phishing.
15% of breaches involved healthcare organizations, 10% in the financial industry and 16% in the public Sector. The healthcare industry lost an estimated $25 billion to ransomware attacks in 2019. The average cost of a financial services data breach is $5.85 million USD.
~ Source : Varonis
What is the solution being used in the industry to prevent it?
The IT industry is trying its best to protect the data and protect servers. Many different techniques and applications have been developed to prevent cybercrimes. We even have some organization which is specifically working for the security of the Internet. Different techniques are being used. Some of the techniques that we can see or are using currently are:
- Protecting Data In Cloud
- End to End Encryptions
- SSH Key and Certificates
- Automate Monitoring Process
- And Many More…
We have lots of other options and techniques being used by different users and service providers.
Here we will discuss one of the approaches and briefly discuss a small component of that approach.
Machine Learning and Cyber Security:
With machine learning, cybersecurity systems can analyze patterns and learn from them to help prevent similar attacks and respond to changing behavior. It can help cybersecurity teams be more proactive in preventing threats and responding to active attacks in real time. One component of machine learning used in cyber security is confusion matrix.
Confusion Matrix in Machine Learning :
The confusion matrix is a matrix used to determine the performance of the classification models for a given set of test data. It can only be determined if the true values for test data are known. The matrix itself can be easily understood, but the related terminologies may be confusing. Since it shows the errors in the model performance in the form of a matrix, hence also known as an error matrix. Some features of Confusion matrix are given below:
- For the 2 prediction classes of classifiers, the matrix is of 2*2 table, for 3 classes, it is 3*3 table, and so on.
- The matrix is divided into two dimensions, that are predicted values and actual values along with the total number of predictions.
- It looks like the below table:
Interpretation: predicted positive and it’s true.
False Positive: (Type 1 Error)
Interpretation: predicted positive and it’s false.
Interpretation: predicted negative and it’s true.
False Negative: (Type 2 Error)
Interpretation: predicted negative and it’s false.
Confusion matrices have two types of errors: Type I and Type II
From the above 2 type of error Type I error is more dangerous, because in type II error if the prediction of ‘false’ is wrong then there is no issue as it’s a negative outcome for us and it doesn’t effect much. But in type 1 error the prediction of ‘false’ means the outcome is positive but the model predicted wrong that mean we are not secure.