Research Article
Integrating Traffics with Network Device Logs for Anomaly Detection
Table 7
The detection results over HTTP botnet.
| | Http Botnet | FP | FN |
| | 10-fold KNN for traffics | 5.5% | 4.8% | | 10-fold SVM for traffics | 5.3% | 5.0% | | 10-fold KNN for logs | 6.3% | 5.9% | | 10-fold SVM for logs | 6.3% | 5.8% | | 10-fold SVM for logs-and-traffics | 3.6% | 2.9% | | 10-fold KNN for logs-and-traffics | 3.8% | 2.7% | | TLCD (GBDT) | 2.5% | 2.8% |
|
|
