Confusion Matrix & Its contribution to Cyber Security…!!

We as humans classify information as either True or False. But that isn’t the case in Machine Learning.

What is Confusion Matrix?

A confusion matrix is a table that is often used to describe the performance of a classification model on a set of test data for which the true values are known. The confusion matrix itself is relatively simple to understand but the terminologies can be confusing.

The matrix compares the actual target values with those predicted by the machine learning model. This gives us humans a better understanding on the performance of our classification model and the errors.

True Positive, True Negative, False Positive and False Negative in a Confusion Matrix

True Positive (TP)

The predicted value matches the actual value and the actual value and predicted value both are positive (a good thing for us)

True Negative (TN)

The predicted value matches the actual value and both values are negative (not a good thing for us)

False Positive (FP) — Type 1 error

The predicted value was falsely predicted and the actual value was negative but the model predicted a positive value.

False Negative (FN) — Type 2 error

The predicted value was wrong and the actual value was positive but the model predicted a negative value, i.e. false alarm

This example will help you get what confusion matrix is exactly,

From this example we get to know that:

True Positive : When doctor’s report say lady is pregnant and she is pregnant.

True Negative : When doctor’s report say man is not pregnant and he is not pregnant.

False Positive : When doctor’s report say man is pregnant and he is not pregnant (practically not possible)

False Negative : When doctor’s report say lady is not pregnant and she is pregnant. That’s a very crucial error cause the lady was not prepared for pregnancy.

NOTE — This confusion matrix is an example of a binary classification problem. If there are 3 categories, we just add 1 more row and column and so on.

* * * * *

Confusion Matrix in Cyber Security:

Millions of cyber attacks happen every day and we as a humans can’t stay on computers 24/7 to keep an eye on these attacks. So with Machine Learning, we train the model and make it predict of these attacks and if someone is trying to breach/attack, the model notifies us.

A cyber attack is an attack on the servers or computer in the public or private internet where the attacker seeks to expose, damage, alter, disable or try stealing the current data or changing the system configuration. The act is unauthorized and illegal is called cybercrime.

In Cyber Security :

1. True Positive- hacker attacks and the model predicts the attack. Since the model predicted the attack, security team got alert and prevented the intruder from attacking, and avoided the data breach.
2. True Negative- No attacks take place and model predicts the same. Everything is safe.
3. False Positive/ Type I error- No attacks take place but model predicts that attack is happening. In this case security team gets notified of the attack and they check if any malicious activity is taking place but find everything is safe and no attack is taking place. This wasted their time but there was no harm to the data. This is also known as False Alarm.

False Negative/ Type II error- This type of error can prove to be very dangerous. Model predicted no attack is taking place but in real attack takes place, in this case no notification reached the security team and there’s nothing that can be done to prevent it.