Role of Confusion Matrix(ML) in Cyber Security for detecting Cyber Crimes :

Original Source Here

What Is Cybersecurity?

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.

What is cyberattack?

In computers and computer networks, an attack is any attempt to expose, alter, disable, destroy, steal or gain information through unauthorized access to or make unauthorized use of an asset.

Types of cyberattacks/cybercrimes :

1. Malware

Malware is malicious software such as spyware, ransomware, viruses and worms. Malware is activated when a user clicks on a malicious link or attachment, which leads to installing dangerous software. Cisco reports that malware, once activated, can:

  • Block access to key network components (ransomware)
  • Install additional harmful software
  • Covertly obtain information by transmitting data from the hard drive (spyware)
  • Disrupt individual parts, making the system inoperable

2. Emotet

Emotet is as “an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware.”

3. Denial of Service

A denial of service (DoS) is a type of cyber attack that floods a computer or network so it can’t respond to requests. A distributed DoS (DDoS) does the same thing, but the attack originates from a computer network. Cyber attackers often use a flood attack to disrupt the “handshake” process and carry out a DoS. Several other techniques may be used, and some cyber attackers use the time that a network is disabled to launch other attacks. A botnet is a type of DDoS in which millions of systems can be infected with malware and controlled by a hacker, according to Jeff Melnick of Netwrix, an information technology security software company. Botnets, sometimes called zombie systems, target and overwhelm a target’s processing capabilities. Botnets are in different geographic locations and hard to trace.

4. Man in the Middle

A man-in-the-middle (MITM) attack occurs when hackers insert themselves into a two-party transaction. After interrupting the traffic, they can filter and steal data, according to Cisco. MITM attacks often occur when a visitor uses an unsecured public Wi-Fi network. Attackers insert themselves between the visitor and the network, and then use malware to install software and use data maliciously.

5. Phishing

Phishing attacks use fake communication, such as an email, to trick the receiver into opening it and carrying out the instructions inside, such as providing a credit card number. “The goal is to steal sensitive data like credit card and login information or to install malware on the victim’s machine,” Cisco reports.

6. SQL Injection

A Structured Query Language (SQL) injection is a type of cyber attack that results from inserting malicious code into a server that uses SQL. When infected, the server releases information. Submitting the malicious code can be as simple as entering it into a vulnerable website search box.

7. Password Attacks

With the right password, a cyber attacker has access to a wealth of information. Social engineering is a type of password attack that Data Insider defines as “a strategy cyber attackers use that relies heavily on human interaction and often involves tricking people into breaking standard security practices.” Other types of password attacks include accessing a password database or outright guessing.


This is another type of injection attack in which an attacker injects data, such as a malicious script, into content from otherwise trusted websites. Cross-site scripting (XSS) attacks can occur when an untrusted source is allowed to inject its own code into a web application and that malicious code is included with dynamic content delivered to a victim’s browser. This allows an attacker to execute malicious scripts written in various languages, like JavaScript, Java, Ajax, Flash and HTML, in another user’s browser.

One of the use case of confusion matrix to detect malwares :

True positive (tp), false positive (fp), true negative (tb), and false negative values (fn) are used to calculate the following performance measures:

  1. True Positive Rate/recall/sensitivity (tpr): the fraction of malware samples correctly identified as ransomware.
  2. False Positive Rate (fpr = 1 — tnr): the fraction of goodware samples incorrectly identified as being malware.
  3. True Negative Rate/specificity (tnr): the fraction of goodware samples correctly identified as goodware.
  4. False Negative Rate (fnr = 1 — tpr): the fraction of ransomware samples incorrectly classified as goodware.
  5. Accuracy is reported as the fraction of all samples correctly identified. More specifically, Accuracy = tpr+tnr/ tpr+tnr+fpr+fnr .
  6. Precision is calculated as precision = tp/ tp+fp . and

7. Youdens index is calculated as Y = tpr + tnr − 1

Here we have seen the industry use case of confusion matrix to detect malware.


Till now we had got to know about key terms in cybercrimes and how ML models are used to detect malware. we will summarize it through a small example and how confusion matrix is much important in the ML model we have created.

For example-: In all our computers we have windows defender system to protect our computer from any cyber attacks If we had a software which is much similar to it built on regression ML model so now it regularly scans our computer and it looks like it is working fine with 80% accuracy but still we had this model in confusion matrix where we have false negative values which predicted a negative value but it is actually positive can be at least some amount of predicted value. so it is big problem because we are having some virus left in the form of false negative value in our system which defender don’t show and remove it . we can bare false positive but not false in this case confusion matrix creates some havoc. This shows the critical nature of type1 and type2 errors in confusion matrix which will vary from use case to use case where we want a tradeoff between the two types of error.


Trending AI/ML Article Identified & Digested via Granola by Ramsey Elbasheer; a Machine-Driven RSS Bot

%d bloggers like this: