What is Cyber Attack?
A cyber attack is an attack on the servers or computer in the public or private internet where the attacker seeks to expose, damage, alter, disable or try stealing the current data or changing the system configuration, and that is done unauthorized. The act of doing this cyberattack is called cybercrime.
Some of the examples of cyber attacks are:
- Stealing corporate attack and hacking servers
- Exposing someone privacy and harassing
- Stealing bank details and card details
- Fishing Sites and Scam
- IoT device hacking
- Flooding the servers with unnecessary traffic
These are a few examples of Cyber Attacks. There are many examples in the list.
What is the solution being used in the industry to prevent it?
The IT industry is trying its best to protect the data and protect servers. Many different techniques and applications have been developed to prevent cybercrimes. We even have some organization which is specifically working for the security of the Internet. Different techniques are being used. Some of the techniques that we can see or are using currently are:
- Protecting Data In Cloud
- End to End Encryptions
- SSH Key and Certificates
- Automate Monitoring Process
- And Many More…
We have lots of other options and techniques being used by different users and service providers.
Here we will discuss one of the approaches and briefly discuss a small component of that approach.
Machine Learning and Cyber Security
Nowadays, it has been common that every company usually has a lot of data to handle. Here we talk more about the servers and storage security. Human efforts are less likely to be useful and work nowadays, and they are slow also. We also need everything to be automatic, and manual always has some issues. Machine Learning helps the team to manage the servers and keep them safe.
The machine, when combining with human intelligence we can achieve great things at great speed. On the basics of the older pattern of attacks and the threats that the servers might have to deal with, Machine can be trained to recognize that pattern, and every time a new attack happens or when the traffic is being exchanged Machine Learned model can keep an eye in every packet or their activities. When some malicious activity or attack happens, the Machine can warn the security department team, and then the team can look upon that threat before some big mishap may happen. In some cases, Machine Even can solve the issue as set by the user what to do in such a situation. Like shutting the ingress networks or blocking some suspected IP or network for a limited time until developers look upon it.
So let’s take a small part of that Machine Learning called as Confusion Matrix. Confusion Matrix is a 2*2 matrix that describes the performance of the classification model. It gives us 4 outputs, and based on that; we can check how good our model is or what we need to focus on.
From the above figure:
Actual Class 1 value= 1 which is similar to Positive value in a binary outcome.
Actual Class 2 value = 0 which is similar to a negative value in binary outcome.
The left side index of the confusion matrix basically indicates the Actual Values and the top column indicates the Predicted Values.
There are various components that exist when we create a confusion matrix. The components are mentioned below
- Positive(P): The predicted result is Positive (Example: Image is a cat)
- Negative(N): the predicted result is Negative (Example: Images is not a cat)
- True Positive(TP): Here TP basically indicates the predicted and the actual values is 1(True)
- True Negative(TN): Here TN indicates the predicted and the actual value is 0(False)
False Negative(FN): Here FN indicates the predicted value is 0(Negative) and Actual value is 1. Here both values do not match. Hence it is False Negative.
False Positive(FP): Here FP indicates the predicted value is 1(Positive) and the actual value is 0. Here again both values mismatches. Hence it is False Positive.
Accuracy and Components of Confusion Matrix
After the confusion matrix is created and we determine all the components values, it becomes quite easy for us to calculate the accuracy. So, let us have a look at the components to understand this better.
From the above formula, the sum of TP (True Positive) and the TN (True Negative) are the correct predicted results. Hence in order to calculate the accuracy in percentage, we divide with all the other components. However, there are some problems in the accuracy and we cannot completely depend on it.
Now let’s relate this confusion matric with a real-world example and see how it is helpful.
Consider we have a server where we received 1000 data traffic in 1 hour. (This will be a scenario). As I mention machine can never be 100 % correct so let’s check how it did. When our machine evaluated our data traffic, let’s say it predicted that the packet/transmission is dangerous or not to the server. We want to know if the packet or transmission was good(True/1) or suspicious(False/0).
In the above image, our Machine Learning model predicted 750 packets as same, and they were safe, which is a good thing that we know 750 packets came, and they were safe. Then we can see that model said that 165 packets were suspicious and dangerous, and they were dangerous in actuality, so the machine gave us the correct information, and we were able to deal with it in time. Now we have 20 of the packets predicted as dangerous, but they are safe packets in actuality. In this case, the model alerted a false alarm. It said the safe data unsafe and made the security guys have a look. This one is a Type 2 error; they are not very dangerous in the real world. Finally, we have 65 packets which we in actuality, dangerous, but the machine predicted that they were good and safe. The packet was actually false(dangerous). Still, the model predicted they were True(safe) and that packet did not trigger any alarm or notified the security as passed in the server. This is called a Type 1 Error, and they are very dangerous to the server or real-world example. It is like something bad happened, and we were notified that everything is fine.
So this is how the confusion matrix help in cyber attack monitoring. The team checks the matrix and evaluates everything, and even tries to reduce the type 1 error as much as possible.
We can say that Machine Learning is a very much an important part of the IT industry and it has been used in every domain and it is being developed day by day to meet the need of the industry. We have also well discussed how the confusion matrix work and how it helps in real-world problems.
Thanks For Reading