Confusion Matrix In Cyber Security

In today’s article I’m going to explain all about Intrusion detection system in cyber security , confusion matrix , how it is used in IDS, how it is impacting in cyber security with example .So let’s get started to this amazing topic.

In today’s technological world where everything is going to digitalized everything is online now. Along with this the most important thing is data and data security. All activities we do on internet , what we searched ,what we post , what we buy , which site we visited all this data is stored in datacenters servers. This all data must be secured from hackers and any kind of data loss.

Attackers are trying to get this information every time because data has huge value nowadays. Hackers are always trying to find way to go inside servers to do malicious activities to it like using that data for their own use , selling that data and encrypting data in such a way that companies can’t able to access it and they can easily charge millions for decrypting that data of company.

To avoid this type issues companies should aware about it and have to use required security measures for it. One of the most used way for it to use IDS(Intrusion Detection system).

What is Intrusion Detection system(IDS)

Intrusion detection system is widely used device/software for detection of cyber attacks on companies site/server. It basically search network traffic to find malicious activity inside it and notify company if there any attack is happened. According to it’s result companies can take action on that to safeguard companies data.

Types of Intrusion Detection System(IDS)

  • Network Intrusion Detection Systems (NIDS)
  • Host-based Intrusion Detection Systems (HIDS)
  • Signature-based Intrusion Detection Systems
  • Anomaly-based Intrusion Detection Systems

Now understand some more deep concepts about IDS. Before going to know about IDS you need to know most important thing in it which is confusion matrix.

What is Confusion Matrix

In the field of machine learning and specifically the problem of statistical classification, a confusion matrix, also known as an error matrix, is a specific table layout that allows visualization of the performance of an algorithm, typically a supervised learning one (in unsupervised learning it is usually called a matching matrix). Each row of the matrix represents the instances in an actual class while each column represents the instances in a predicted class, or vice versa — both variants are found in the literature.

Confusion Matrix In IDS

IDS mainly works on network traffic which is also type of data. And it machine learning we can perform any type of activities to predict by machine learning model. One of the technique is Confusion matrix which is used in IDS. IDS scans data/network traffic and process on it whether it is safe or not. To check accuracy of IDS we have compare data with predicted result and actual result . And give output in form of confusion matrix. It gives output in TP ,TN , FP , FN. Lets see what it is how it looks like.

Few basic things to know before going furthur- In this example positive means no attack is happening and everything is safe . And Negative means attack happened. This information will help you for next explainations.

True positive(TP)- True positive is good sign for company means no attack is happening and predicted result by IDS is true.

True Negative (TN) — It means IDS predicted correctly(true) that there is some negative result and malicious activity is going on.

False Positive(FP) — This is most dangerous for company perspective. It means machine is showing everything is perfect , no attack is happening . But what result machine predicted is false . It means in reality attack is happened but it was not detected by IDS hence it won’t notified to company results in harm to companies data. That’s why it’s most dangerous from company perspective and it is also known as type 1 error.

False Negative(FN)- It is also known as type 2 error . But it is not dangerous as type 1(FP) error. FP means IDS gave negative result means attack is happened but it is wrong result . Means server is safe and no attack was done on system.

Using all of this result company can do more security measures to safeguard themselves from getting harmed by hackers or any other problem.

This was all about data security measures , Intrusion detection system , confusion matrix . Hope you guys found it helpful and informative.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store