Cyber Crimes
A cyber crime is a criminal behaviour that involves the use of a computer or other digital equipment and a network. It is usually an attack on personal information that is of significant importance to an individual, business, or government, and its revelation can result in major threats, infrastructure damage, financial loss, and even death.
What is Confusion Matrix?
Karl Pearson devised the confusion matrix in 1904. He referred to it as a Contingency Table. For Machine learning classification issues, a confusion matrix is a performance measurement approach. It's a basic table that shows how well the classification model performs on test data when the true values are known. In terms of the Confusion matrix, there are four possible states for each activity observed:
True positive state is when the IDS identifies an activity as an attack and the activity is actually an attack. A true positive is a successful identification of an attack.
True negative state is similar. This is when the IDS identifies an activity as acceptable behavior and the activity is actually acceptable. A true negative is successfully ignoring acceptable behavior.
Neither of these states is harmful as the IDS is performing as expected.
- False-positive is the term used to indicate a file or item that is marked as malicious, but, in fact, isn’t.
- False-negative is the opposite. It happens when a malicious file or item is labeled as secure, clean.
False-positive and false-negative are errors and failures found in protection solutions that fail to label files and items correctly. Now let's talk about the above two in little detail as they are very important.
Cyber Crime Cases Involving Confusion Matrix
The data set used for The Third International Knowledge Discovery and Data Mining Tools Competition, which was held in conjunction with KDD-99 The Fifth International Conference on Knowledge Discovery and Data Mining. The competition task was to build a network intrusion detector, a predictive model capable of distinguishing between "bad'' connections, called intrusions or attacks, and "good'' normal connections. This database contains a standard set of data to be audited, which includes a wide variety of intrusions simulated in a military network environment. In KDD99 dataset these four attack classes (DoS, U2R,R2L, and probe) are divided into 22 different attack classes that tabulated below:
In the KDD Cup 99, the criteria used for evaluation of the participant entries is the Cost Per Test (CPT) computed using the confusion matrix and a given cost matrix.
Conclusion
While it would be difficult to eliminate every false positive and negative security threat, modern solutions that make use of cutting-edge technology can significantly minimize the amount of risks that require additional examination. What was once a difficult, time-consuming chore can now be transformed into a manageable and productive procedure.