Confusion Matrix and Cyber Security

Abhishek Prasad Kesare
3 min readJun 6, 2021


Machine learning has a large number of applications in the world of Cyber Security but whenever it comes to accuracy we measure it using a confusion matrix.

In the Machine, learning world to check the accuracy most of the time we use a confusion matrix let’s see what does it really means.

Confusion matrix: In simple words, this is a 2x2 matrix that stores 4 values which helps us in finding the accuracy of the model. A confusion matrix is used to check the accuracy of a classification model

Suppose A DoS attack is happening on the system and according to the situation what does it predict

True Positive: suppose a dos attack happening and your model also telling yes then it is true positive

True Negative: suppose attack is not happening and model predict no attack happening

False Positive: Suppose the model predicted yes but actually no attack happening(Type Error I)

False-negative: The model predicted no but actually, the attack is happening. (Type error II)

Applications where Machine learning and confusion matrix in cybersecurity:

1.Cyber Threat Detection

The most difficult component of cybersecurity is finding out if the connection requests into the system are legitimate and any suspicious-looking activities such as receiving and sending large amounts of data are the work of professionals in the company or some cyber threats. This is very difficult to identify for cybersecurity professionals, especially in large companies where requests range in the thousands all the time and humans are not always accurate. That’s where machine learning can provide a lot of help to professionals. A cyber threat identification system that is powered by AI and ML can be used to monitor all outgoing and incoming calls as well as all requests to the system to monitor suspicious activity.

2.AI-based Antivirus software

However, this traditional antivirus requires constant upgrades to keep up with all the upgrades in the new viruses and malware being created. That’s where machine learning can be extremely helpful. Antivirus software that is integrated with machine learning tries to identify any virus or malware by its abnormal behavior rather than its signature. In this way, it can manage threats that are common and previously encountered and also new threats from viruses or malware that were recently created

3. Fighting AI Threats

Many hackers are now taking advantage of technology and using machine learning to find the holes in security and hack systems. Therefore, it is very important that companies fight fire with fire and use machine learning for cybersecurity as well. This might even become the standard protocol for defending against cyberattacks as they become more and more tech-savvy.


Ransomware may be a combination of ransom+software. It refers to any kind of software program that requests any kind of ransom in trade for the encryption key of the user’s seized records. The encryption key is essentially a key to open the bolted records of the client. Bolted records may be mixed media records, office records or framework records that a user’s computer depends on. There are 2types of Ransomware. Record coder which scrambles records (changes over info into a mystery code)Bolt screen locks a computer and stops the client from utilizing it until the delivery is paid.



Abhishek Prasad Kesare

Data science, , cloud computing, Artificial Intelligence, Cybersecurity,tech-blogger