Random Forest and Decision Tree each with a minimum requirement of two alerts (“malicious classifications”) to kill a process. F1, TNR, and TPR reported on validation and test set.