Integrating Traffics with Network Device Logs for Anomaly Detection

<table class="fixed-width table-group" id="tab5"><tr><td><table class="table"><colgroup><col style="width:14.58em"/><col style="width:3.24em"/><col style="width:3.24em"/></colgroup><tr><td class="thead-hr" colspan="3"><hr/></td></tr><tr class="thead"><td class="align_left">XSS</td><td class="align_center">FP</td><td class="align_center">FN</td></tr><tr><td class="thead-hr" colspan="3"><hr/></td></tr><tr><td class="align_left">10-fold KNN for traffics</td><td class="align_center">8.2%</td><td class="align_center">5.6%</td></tr><tr><td class="align_left">10-fold SVM for traffics</td><td class="align_center">8.6%</td><td class="align_center">5.8%</td></tr><tr><td class="align_left">10-fold KNN for logs</td><td class="align_center">9.1%</td><td class="align_center">9.9%</td></tr><tr><td class="align_left">10-fold SVM for logs</td><td class="align_center">9.0%</td><td class="align_center">8.6%</td></tr><tr><td class="align_left">10-fold SVM for logs-and-traffics</td><td class="align_center">5.2%</td><td class="align_center">6.3%</td></tr><tr><td class="align_left">10-fold KNN for logs-and-traffics</td><td class="align_center">6.2%</td><td class="align_center">3.6%</td></tr><tr><td class="align_left">TLCD (GBDT)</td><td class="align_center">4.3%</td><td class="align_center">2.5%</td></tr><tr class="table-tr"><td colspan="3"><hr class="tbody-hr"/></td></tr></table></td></tr></table>

<div>The detection results over XSS attack.</div>

Security and Communication Networks

tab5

Table 5

Table 5: Integrating Traffics with Network Device Logs for Anomaly Detection 