Confusion Matrix — Is it that confusing ???

Yashwanth Medisetti
3 min readJun 6, 2021


So firstly , what actually is a confusion matrix ?

Well , google says :

A confusion matrix is a table that is often used to describe the performance of a classification model (or “classifier”) on a set of test data for which the true values are known.

So basically , it is a kind of a tool that helps us in predicting how well a machine learning classifier model is accurate enough in predicting the actual outcomes of future events. Confusion matrix not only gives you insight into the errors being made by your classifier but also types of errors that are being made.

A typical confusion matrix table goes as follows ;

Confusion Matrix

In predictive analytics, a table of confusion (sometimes also called a confusion matrix) is a table with two rows and two columns that reports the number of false positives, false negatives, true positives, and true negatives.

Out of the entries in the table , the False Negative is the one that is considered the most dangerous of all as it results in a false prediction which actually is a major threat to the event. Briefly , this entry shows that the model is not accurate enough to predict the threats to the event and thus nullifying them by showing us that it is not the problem to be worried about.

What’s it’s use ???

Well , confusion matrix can be used in any classification predictions like predicting the rainfall (yes/no) from the historical data of the weather available , predicting the students results (pass/fail) according to the hours he/she studied for the examination.

This article mainly focusses on how these confusion matrices can be used to assess the machine learning model trained to detect cyber attacks.

When it comes to predicting cyber attacks , companies invest thousands of dollars in order to build a self sufficient system that is capable enough to minimize the cyber attacks to the company’s business. Implementing Artificial Intelligence on this use case can be the best solution to come out with models trained to give the best accuracy thus giving out massive results. Generally a classifier model is used to do this to detect the cyber attacks whether there’s an attack being made to the server.

After the models are trained enough to predict these attacks , they are put to test by the method called confusion matrix. Here we get to see the performance of the model and also the kind of attacks being made to the regular trend of hitting the servers. The main aim of the model lies in detecting the attacks to the usual hits of clients.

Now , there are 4 different results that the confusion matrix leaves us with which are :

  1. True Positive : This indicates that the model is correct in predicting any positive attack to the server which is the best thing for the model to do.
  2. True Negative : This indicates the extent to which the model predicts the attack is happening but actually the attack isn’t. This is a false prediction but there isn’t any harm to the business as there no as such attack.
  3. False Positive : This indicates the extent to which the model predicts the wrong prediction for the actual attack being made. This is a serious concern issue where the model says that there isn’t any attack while the attack is actually happening. Having high values of FP inside a confusion matrix makes your model less suitable for production.
  4. False Negative : This indicates the extent to which the model does a wrong prediction for the attack not actually being made.