Task -5 Cyber Crime investigation using Confusion Matrix

Hello friends.. let’s see the role of confusion matrix in Cyber Crime investigation.

What is Confusion Matrix?

A confusion matrix is a tabular summary of the number of correct and incorrect predictions made by a classifier. It is used to measure the performance of a classification model. It can be used to evaluate the performance of a classification model through the calculation of performance metrics like accuracy, precision, recall, and F1-score.

If you have an imbalanced dataset to work with, it’s always better to use confusion matrix as your evaluation criteria for your machine learning model.

Confusion matrices are widely used because they give a better idea of a model’s performance than classification accuracy does. For example, in classification accuracy, there is no information about the number of misclassified instances. Imagine that your data has two classes where 85% of the data belongs to class A, and 15% belongs to class B. Also, ​assume that your classification model correctly classifies all the instances of class A, and misclassifies all the instances of class B. In this case, the model is 85% accurate. However, class B is misclassified, which is undesirable. The confusion matrix, on the other hand, displays the correctly and incorrectly classified instances for all the classes and will​, therefore, give a better insight into the performance of your classifier.

The following 4 are the basic terminology which will help us in determining the metrics we are looking for.

• True Positives (TP): when the actual value is Positive and predicted is also Positive.
• True negatives (TN): when the actual value is Negative and prediction is also Negative.
• False positives (FP): When the actual is negative but prediction is Positive. Also known as the Type 1 error
• False negatives (FN): When the actual is Positive but the prediction is Negative. Also known as the Type 2 error

Type 1 error is most dangerous as it may lead to our avoidance towards the attack or threat.

What is a Cybercrime?

Cybercrime is criminal activity that either targets or uses a computer, a computer network or a networked device.

Most, but not all, cybercrime is committed by cybercriminals or hackers who want to make money. Cybercrime is carried out by individuals or organizations.

Some cybercriminals are organized, use advanced techniques and are highly technically skilled. Others are novice hackers.

Rarely, cybercrime aims to damage computers for reasons other than profit. These could be political or personal.

Examples of the different types of cybercrime :

• Email and internet fraud.
• Identity fraud.
• Theft of financial or card payment data.
• Theft and sale of corporate data.
• Cyberextortion (demanding money to prevent a threatened attack).
• Ransomware attacks (a type of cyberextortion).
• Cryptojacking (where hackers mine cryptocurrency using resources they do not own).
• Cyberespionage (where hackers access government or company data).

False Positive case in Cyber Security

False positives are false security alerts, indicating there is a threat when there isn’t. These false/non-malicious alerts can increase the work of the backend teams to investigate on the alert.

suppose, there is a security team keeps monitoring, but they are relying on the sensory program that will do detection of any kind of threat related to attacks or breaches.

False Negative case in Cyber Security

False negatives are uncaught cyber threats which don’t get recognised. There can be many reasons for that like- using dormant security tools, Weak or complex security infrasturcture.

false positive condition creates more damage risks.

Thank You for reading this article:)