Confusion Matrix — Preventing Cyber Attacks

CyberCrime, also called Computer Crime, the use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. Cybercrime, especially through the Internet, has grown in importance as the computer has become central to commerce, entertainment, and government.

Because of the early and widespread adoption of computers and the Internet in the United States, most of the earliest victims and villains of cybercrime were Americans. By the 21st century, though, hardly a hamlet remained anywhere in the world that had not been touched by cybercrime of one sort or another.

DoS and DDoS attacks

In a DoS attack, the hacker tries to prevent genuine users from using a website by maliciously flooding it with traffic, which can cause the system to crash. The origin of the attack is single, i.e. it is made from one computer or internet connection. With hackers getting more innovative, there are multiple ways of carrying out such attacks. Recently, a specially crafted MP4 file which was circulated on WhatsApp, triggered a DoS attack on individual users. Attackers can take advantage of this vulnerability to deploy malware on the user’s device to steal sensitive files and also use it for surveillance purposes.

When an attacker uses multiple machines to send requests with mischievous intent, trying to take over the target machine’s resources, it is a DDoS attack. You know , what is said to be one of the most powerful DDoS attack? — The GitHub in 2018 received a staggering 1.35 terabits/second of traffic on a particular day for 18 minutes. GitHub, along with their DDoS mitigation service provider Akamai Prolexic, handled the situation and resolved it within 20 minutes. The reasons for such attacks can be varied — from an intent to steal data or defame an enterprise to using it as a decoy to perform another high impactful attack.

Machine learning to tackle attacks

Machine Learning algorithms can be used to train and detect if there has been a DoS/DDoS attack. As soon as the attack is detected, an email notification can be sent to the security engineers. Any classification algorithm can be used to categorize if it is a DoS/DDoS attack or not. One example of a classification algorithm is Support Vector Machine (SVM) which is a supervised learning method that analyses data and recognizes patterns.

With increase in attacks, Early detection is the best solution !

According to data by cybersecurity firm Kaspersky, the number of DDoS attacks rose by a third in the third quarter of 2019. In its survey it observed that DDoS attacks are the second most expensive type of cyberattacks targeting small and medium sized businesses, and the average cost of such breaches is estimated to be $138,000.

All these attacks can be tackled by Machine Learning Models. It has one technique called Confusion Matrix which helps to find the coming attacks, are true or not, So that People get alerted and takes appropriate action to prevent it by getting harm.

Let’s understand the Confusion Matrix…!

What is a Confusion Matrix?

A confusion matrix is a performance measurement technique for Machine learning classification. It is a kind of table which helps you to know the performance of the classification model on a set of test data for that the true values are known. The term confusion matrix itself is very simple, but its related terminology can be a little confusing. Here, some simple explanation is given for this technique.

1. TP (True Positive) : You predicted positive and its turn out to be true. For example, you had predicted that France would win the world cup, and it won.
2. TN (True Negative) : When you predicted negative, and it is true. You had predicted that England would not win and it lost.
3. FP (False Positive) : Your prediction is positive, but it is false. You had predicted that England would win, but it lost. It is also called Type-1 Error
4. FN (False Negative) : Your prediction is negative, and result is also false. You had predicted that France would not win, but it won. It is also called Type-2 Error.

• Accuracy Score can be calculated from the confusion matrix:

Type I error:

This type of error can prove to be very dangerous. Our system predicted no attack but in real attack takes place, in that case no notification would have reached the security team and nothing can be done to prevent it. The False Positive cases above fall in this category and thus one of the aim of model is to minimize this value.

Type II error:

This type of error are not very dangerous as our system is protected in reality but model predicted an attack. the team would get notified and check for any malicious activity. This doesn’t cause any harm. They can be termed as False Alarm.

Thanks For Reading !