Security and Communication Networks / 2021 / Article / Tab 7 / Research Article
Real-Time Malware Process Detection and Automated Process Killing Table 7 Summary of the best process killing models by model training methodology. F1, TNR, and TPR for validation and test datasets (full results in Appendix Tables
8 ā
10 ).
Methodology Best dataset Model Val Test n features F1 tnr tpr F1 tnr tpr Supervised learning Val RF 26 92.37 87.39 96.64 74.57 62.71 92.95 Test RF 37 89.68 83.19 94.96 76.43 67.19 92.52 Rolling mean Val RF (min: 2) 26 93.22 94.12 92.44 78.26 73.83 89.76 Test RF (min: 2) 37 92.70 94.96 90.76 80.77 78.88 89.38 Alert threshold Val DT (min: 2) 26 92.17 95.80 89.08 73.43 67.44 86.56 Test RF (min: 2) 37 91.30 94.96 88.24 81.50 81.53 87.97 Process tree averaging Val RF 26 92.74 88.24 96.64 74.79 64.04 92.20 Test RF 37 90.48 84.03 95.80 76.34 67.66 91.92 Process tree training Val RF 26 90.35 82.58 98.32 74.20 52.44 92.74 Test RF 26 90.35 82.58 98.32 74.20 52.44 92.74 Q-learning Val DQN 26 51.71 72.27 44.54 27.74 55.50 26.94 Test DQN 26 51.71 72.27 44.54 27.74 55.50 26.94 Regression Val RF 26 91.94 87.39 95.80 74.77 66.05 90.35 Test RF 26 91.94 87.39 95.80 74.77 66.05 90.35