PREDICTING CYBER CRIME PATTERNS AND THE ROLE OF CONFUSION MATRIX — Case Study
What is cybercrime?
Cybercrime is criminal activity that either targets or uses a computer, a computer network or a networked device.
Most, but not all, cybercrime is committed by cybercriminals or hackers who want to make money. Cybercrime is carried out by individuals or organizations.
Some cybercriminals are organized, use advanced techniques and are highly technically skilled. Others are novice hackers.
Rarely, cybercrime aims to damage computers for reasons other than profit. These could be political or personal.
Types of cybercrime
Here are some specific examples of the different types of cybercrime:
- Email and internet fraud.
- Identity fraud (where personal information is stolen and used).
- Theft of financial or card payment data.
- Theft and sale of corporate data.
- Cyberextortion (demanding money to prevent a threatened attack).
- Ransomware attacks (a type of cyberextortion).
- Cryptojacking (where hackers mine cryptocurrency using resources they do not own).
- Cyberespionage (where hackers access government or company data).
Most cybercrime falls under two main categories:
1. Criminal activity that targets
2. Criminal activity that uses computers to commit other crimes.
What is Confusion matrix?
The confusion matrix is another metric that is often used to measure the performance of a classification algorithm. True to its name, the terminology related to the confusion matrix can be rather confusing, but the matrix itself is simple to understand (unlike the movies).
In this post, let’s focus in binary classifiers as with the spam filtering example, in which each email can be either spam or not spam. The confusion matrix will be of the following form:
The predicted classes are represented in the columns of the matrix, whereas the actual classes are in the rows of the matrix. We then have four cases:
- Accuracy, precision, recall, F1-score Accuracy
- (Acc) score is a method used to evaluate the performance of the model made by comparing the predictions made after running the algorithm with the test data. A value between 0 and 1 is produced according to the ratio of the entire predicted value for a prediction to match with the real values. To determine the accuracy of the forecast:
- TP = Prediction is positive(normal) and actual is positive(normal).
- FP = Prediction is positive(normal) and actual is negative(abnormal).
- FN = Prediction is negative(abnormal) and actual is positive(normal).
- TN = Prediction is negative(abnormal) and actual is negative(abnormal)
The other evaluation metrics for the proposed model are precision, recall and F1-score. Precision (P) is the rate of correctly classified positive instances to the total number of positive instances. Recall (R) shows how successfully positive instances are predicted. F1-Score (F1) is the weighted average of the Precision and Recall values.
The second way is to consider the meanings of these words. False Positive contains one negative word (False) so it’s a Type I error. False Negative has two negative words (False + Negative) so it’s a Type II error.
Confusion matrices have two types of errors: Type I and Type II.
I was taught two ways to keep Type I and Type II straight. If you know of any others that have helped you over the years, please leave them in the comments — I love a good mnemonic!
The first way is to re-write False Negative and False Positive. False Positive is a Type I error because False Positive = False True and that only has one F. False Negative is a Type II error because False Negative = False False so thus there are two F’s making it a Type II. (Kudos to Riley Dallas for this method!)
The second way is to consider the meanings of these words. False Positive contains one negative word (False) so it’s a Type I error. False Negative has two negative words (False + Negative) so it’s a Type II error.
Now See How Confusion Matrix is Predicting Cybercrimes.
