Role of Confusion Matrix for Preventing Cyber Attacks

Cyber attack definition

Simply put, a cyber attack is an attack launched from one or more computers against another computer, multiple computers or networks. Cyber attacks can be broken down into two broad types: attacks where the goal is to disable the target computer or knock it offline, or attacks where the goal is to get access to the target computer’s data and perhaps gain admin privileges on it.

8 types of cyber attack

To achieve those goals of gaining access or disabling operations, a number of different technical methods are deployed by cybercriminals. There are always new methods proliferating, and some of these categories overlap, but these are the terms that you’re most likely to hear discussed.

  1. Phishing
  2. Ransomware
  3. Denial of service
  4. Man in the middle
  5. Cryptojacking
  6. SQL injection
  7. Zero-day exploits


Intrusion detection system (IDS) has the potential to be the frontier of defense against cyberattacks and plays an essential role in achieving security of networking resources and infrastructures. The performance of IDS depends highly on data features. Selecting the most informative features eliminating the redundant and irrelevant features from network traffic data for IDS is still an open research issue. The key impetus of this paper is to identify and benchmark the potential set of features that can characterize network traffic for intrusion detection. In this correspondence, an ensemble approach is proposed. As a first step, the approach applies four different feature evaluation measures, such as correlation, consistency, information, and distance, to select the more crucial features for intrusion detection. Second, it applies the subset combination strategy to merge the output of the four measures and achieve the potential feature set. Along with this, a new framework that adopts the data analytic lifecycle practices is explored to employ the proposed ensemble for building an effective IDS. The effectiveness of the proposed approach is demonstrated by conducting several experiments on four intrusion detection evaluation datasets, namely KDDCup’99, NSL-KDD, UNSW-NB15, and CICIDS2017.

Proposed data analytic framework for building IDS
  • False positive rate: also termed as false alarm rate (FAR), it is the ratio of the number of normal packets detected as malicious packets (FP) to the total normal packets in the testing dataset. If this metric value increases consistently, it may cause the network administrator to deliberately ignore the system warnings Consequently, this may put the entire network into a dangerous stage. Therein, this metric value should be kept as low as possible.
  • Accuracy (ACC): can be defined as the proportion of the total number of the correct classification (detection) of malicious (TN) and normal packet (TP) to the actual size of testing dataset.


  1. True Negative (TN): These are the events which were correctly predicted by the model as “not occurred = No”
  2. False Positive (FP): These are the events which were predicted as “occurred = Yes” but in reality it was “not occurred = No”
  3. False Negative (FN): This is the opposite of FP, i.e. predicted as “not occured = No” but in reality it was “occurred = Yes”