Machine learning in cyber attacks

So let’s understand first what’s cyber attack,

Cyber attacks:

A cyber attack is any attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage. Cyber attacks aim to disable, disrupt, destroy or control computer systems or to alter, block, delete, manipulate or steal the data held within these systems.

A cyber attack can be launched from anywhere by any individual or group using one or more various attack strategies.

People who carry out cyber attacks are generally regarded as cybercriminals. Often referred to as bad actors, threat actors and hackers, they include individuals who act alone, drawing on their computer skills to design and execute malicious attacks. They can also belong to a criminal syndicate, working with other threat actors to find weaknesses or problems in the computer systems -- called vulnerabilities -- that can be exploited for criminal gain.

How ML is used for cyber attacks:

Here we have an article , published in the news about how the

registered level of crime in the Netherlands has decreased to

that of 1980 . Although the number of crimes has
decreased in the Netherlands, the ratio between the different
types of crime has shifted. Due to the growth of the Internet and

other technologies in the past 20 years, crime involving
information and communication technologies (ICT) has
increased significantly. In 2016, 11% of all Dutch residents

were victimized by cybercrime1
. Only 8% of the victims
filed a police report.

Machine learning:

With the use of machine learning, criminal court cases can be automatically classified based on certain features of ICT
involvement which will be identified in this research.

From the number of cybercrimes that took place in 2016 and
how much of those were reported to the police it can be
concluded that 0.88% of all Dutch residents filed a police report
for cybercrime. Domenie et al. support this number with their
research, they conclude that the percentage of cybercrime in
filed police reports is less than 1% . Not all cases will go to

court, so the percentage of cybercrime in criminal court cases
will be even less. For training a classifier a large dataset is
desirable. Since the size of the dataset was not yet determined

and research has indicated the cybercrime rate in police reports

is at most 1%, a provisionary choice was made for Naïve Bayes
as the learning algorithm. The learning algorithm is effective
and efficient for data mining and proves to do well with
little data .

From reading criminal court cases, certain classes were defined

in which a case involving ICT could be classified. For example, if too little data was available for a
category, it needed to be removed as more data was needed for
correctly classifying files for this category. The remaining
categories consist of: ‘child pornography’, ‘cyberattack’,
‘identity theft’, ‘other’, ‘phishing’, ‘platform fraud’ and ‘online

threat’, with ‘other’ being a category a criminal court case will
belong to if it does not fit into any of the defined categories.

Confusion matrix and accuracy:

The confusion matrix that was obtained from the classifier is

depicted in the below figure. It is in normalized form, since the classes

are imbalanced. The darker the blue, the better the classifier is
at predicting files for this class. It is clear where the classifier
gets ‘confused’. The ‘identity theft’ class does not seem to do

well, which has a good reason. Through reading court cases, the
discovery was made that ‘platform fraud’ is linked to ‘identity
theft’, as it appears that stolen identities are often used to

commit platform fraud. In the confusion matrix it is shown that

‘identity theft’ is often predicted as ‘platform fraud’.

the formula for the f1_score,

precision is:

Precision= true positives/(false positives + true positives)

And recall is:

recall= true positives / (false negatives+ true positives)

True positives and negatives, false positives and negatives can

be put in a confusion matrix to show the performance of the

classifier. An example of such a confusion matrix can be found

in Table

From calculating the f1_score the accuracy proved to be 0.76,

which means a criminal court case label can be predicted with
an accuracy of 76%. This means 24% of all criminal court cases
gets misclassified as another class. However, since this accuracy
is the weighted average of each f1_score of a class, it may be

better to calculate accuracies per class as some classes are
performing better than others. The confusion matrix in Figure clearly
indicates as which classes the labels are misclassified, as well as
the percentage per class. The accuracies can also be read from

the diagonal in the confusion matrix. It appears ‘child
pornography’ can be determined with high accuracy.

So guys here it was small part of the article that specified how ML and confusion matrix is used in cyber security.

Thanks for reading guys😊😌