Research Article

Integrating Traffics with Network Device Logs for Anomaly Detection

Table 8

The detection results over P2P botnet.

P2P botnetFPFN

10-fold KNN for traffics4.5%4.6%
10-fold SVM for traffics5.2%5.0%
10-fold KNN for logs6.4%6.0%
10-fold SVM for logs6.0%5.9%
10-fold SVM for logs-and-traffics2.9%2.9%
10-fold KNN for logs-and-traffics3.3%2.9%
TLCD (GBDT)2.8%2.6%