Cyber Crime and Confusion Matrix
What is Cyber Crime?
Cybercrime is a crime that involves a computer and a network. It is criminal activity that either targets or uses a computer, a computer network or a networked device. The computer may have been used in the commission of a crime, or it may be the target. Rarely, cybercrime aims to damage computers for reasons other than profit. These could be political or personal.
Some of the examples of Cyber Crime are:
- Email and internet fraud.
- Ransomware attacks.
- Denial of Service Attack
What is Confusion Matrix?
Confusion is a performance measurement for machine learning classification problem where output can be two or more classes. It is a table with 4 different combinations of predicted and actual values. The confusion matrix shows the ways in which your classification model is confused when it makes predictions.
The reason that the confusion matrix is particularly useful is because the confusion matrix generates a more complete picture of how a model performed. Only using a metric like accuracy can lead to a situation where the model is completely and consistently misidentifying one class, but it goes unnoticed because on average performance is good. Meanwhile, the confusion matrix gives a comparison of different values like False Negatives, True Negatives, False Positives, and True Positives.
Now what does the values in above mean?
- True Positive: You predicted positive and it’s true.
- True Negative: You predicted negative and it’s true.
- False Positive: (Type 1 Error): You predicted positive and it’s false.
- False Negative: (Type 2 Error): You predicted negative and it’s false.
Types of Errors
This type of error can prove to be very dangerous. Our system predicted no attack but in real attack takes place, in that case no notification would have reached the security team and nothing can be done to prevent it. The False Positive cases above fall in this category and thus one of the aim of model is to minimize this value.
This type of error are not very dangerous as our system is protected in reality but model predicted an attack. the team would get notified and check for any malicious activity. This doesn’t cause any harm. They can be termed as False Alarm.
Sample Case study on Using Confusion Matrix to detect URL Phishing attack.
Cybercriminals use phishing URLs to try to obtain sensitive information for malicious use, such as usernames, passwords, or banking details. They send phishing emails to direct their victims to enter sensitive information on a fake website that looks like a legitimate website.
URL phishing is also known as: fake websites and phishing websites.
The Flow model of phishing attack detection is as follows:
In these case, We can train the model with dataset that has already labelled the sites as legitimate and fake sites or phishing website and alert the user if he/she is accessing the phishing website.
Now, the confusion matrix will be used to analysis the outputs given by the model about Phishing website and Legitimate website. The analysis is further used to improve the accuracy of the model.