Security and Communication Networks

Research Article

Real-Time Malware Process Detection and Automated Process Killing

Table 9

Summary of process killing models, validation, and test set score metrics [Table 2 of 3].


Model	Val			Test
Model	f1	tnr	tpr	f1	tnr	tpr

MLPModel_pro	71.43	56.30	79.83	57.54	52.53	69.38
MLPModel_pro mean process tree	72.18	57.14	80.67	57.06	53.53	67.97
MLPModel_pro process tree min alerts: 1	72.32	54.62	82.35	57.41	49.41	71.06
MLPModel_pro process tree min alerts: 2	72.32	54.62	82.35	57.41	49.41	71.06
MLPModel_pro process tree min alerts: 3	72.32	54.62	82.35	57.41	49.41	71.06
MLPModel_pro process tree min alerts: 4	72.32	54.62	82.35	57.41	49.41	71.06
MLPModel_pro rolling mean window: 2	71.77	66.39	74.79	48.88	63.18	50.35
MLPModel_pro rolling mean window: 3	72.65	68.91	74.79	49.23	63.71	50.57
MLPModel_pro rolling mean window: 4	72.34	73.95	71.43	46.40	67.05	45.26
MLPModel_pro sum alerts min: 2	73.86	72.27	74.79	47.14	66.40	46.50
MLPModel_pro sum alerts min: 3	73.68	78.99	70.59	45.27	68.12	43.36
MLPModel_pro sum alerts min: 4	73.30	82.35	68.07	44.48	69.63	41.73
MLPModel_pro_tree	71.38	31.82	97.48	64.36	21.07	92.52
MLPRegression_pro_process	38.89	53.78	35.29	54.83	48.73	67.05
MLPRegression_pro_process mean process tree	37.32	57.14	32.77	56.75	57.37	65.15
NBModel_glo_pro	67.25	9.24	96.64	55.07	10.36	89.49
NBModel_glo_pro mean process tree	67.25	9.24	96.64	55.62	12.69	89.38
NBModel_glo_pro process tree min alerts: 1	67.25	9.24	96.64	55.00	10.18	89.43
NBModel_glo_pro process tree min alerts: 2	67.25	9.24	96.64	55.00	10.18	89.43
NBModel_glo_pro process tree min alerts: 3	67.25	9.24	96.64	55.00	10.18	89.43
NBModel_glo_pro process tree min alerts: 4	67.25	9.24	96.64	55.00	10.18	89.43
NBModel_glo_pro rolling mean window: 2	67.69	19.33	92.44	55.20	15.10	87.05
NBModel_glo_pro rolling mean window: 3	67.73	26.05	89.08	55.32	17.32	86.02
NBModel_glo_pro rolling mean window: 4	67.76	31.09	86.55	54.28	21.08	81.68
NBModel_glo_pro sum alerts min: 2	68.17	27.73	89.08	55.70	19.40	85.64
NBModel_glo_pro sum alerts min: 3	67.99	31.93	86.55	54.42	22.27	81.30
NBModel_glo_pro sum alerts min: 4	68.03	36.97	84.03	51.32	25.39	73.44
NBModel_pro	67.06	8.40	96.64	55.60	7.03	92.63
NBModel_pro mean process tree	67.06	8.40	96.64	56.17	9.61	92.41
NBModel_pro process tree min alerts: 1	67.06	8.40	96.64	55.56	6.78	92.68
NBModel_pro process tree min alerts: 2	67.06	8.40	96.64	55.56	6.78	92.68
NBModel_pro process tree min alerts: 3	67.06	8.40	96.64	55.56	6.78	92.68
NBModel_pro process tree min alerts: 4	67.06	8.40	96.64	55.56	6.78	92.68
NBModel_pro rolling mean window: 2	67.69	19.33	92.44	56.01	13.41	89.81
NBModel_pro rolling mean window: 3	67.52	25.21	89.08	56.18	15.81	88.78
NBModel_pro rolling mean window: 4	67.99	31.93	86.55	54.94	19.61	83.90
NBModel_pro sum alerts min: 2	68.61	29.41	89.08	56.52	18.14	88.13
NBModel_pro sum alerts min: 3	68.21	32.77	86.55	55.27	21.30	83.63
NBModel_pro sum alerts min: 4	67.81	37.82	83.19	52.25	24.42	75.77
NBModel_pro_tree	66.10	10.61	98.32	61.25	8.63	92.69
NBModel_pro_tree mean process tree	66.10	10.61	98.32	61.25	8.63	92.69
RFModel_glo_pro	89.68	83.19	94.96	76.43	67.19	92.52
RFModel_glo_pro mean process tree	90.48	84.03	95.80	76.34	67.66	91.92
RFModel_glo_pro process tree min alerts: 1	90.91	84.03	96.64	69.45	50.56	92.95
RFModel_glo_pro process tree min alerts: 2	90.91	84.03	96.64	69.45	50.56	92.95
RFModel_glo_pro process tree min alerts: 3	90.91	84.03	96.64	69.45	50.56	92.95
RFModel_glo_pro process tree min alerts: 4	90.91	84.03	96.64	69.45	50.56	92.95
RFModel_glo_pro rolling mean window: 2	92.70	94.96	90.76	80.77	78.88	89.38
RFModel_glo_pro rolling mean window: 3	91.30	94.96	88.24	80.19	78.67	88.51
RFModel_glo_pro rolling mean window: 4	90.27	95.80	85.71	79.86	82.86	83.69
RFModel_glo_pro sum alerts min: 2	91.30	94.96	88.24	81.50	81.53	87.97
RFModel_glo_pro sum alerts min: 3	90.27	95.80	85.71	79.99	84.01	82.76
RFModel_glo_pro sum alerts min: 4	88.79	95.80	83.19	76.11	85.37	75.01
RFModel_pro	92.37	87.39	96.64	74.57	62.71	92.95
RFModel_pro mean process tree	92.74	88.24	96.64	74.79	64.04	92.20
RFModel_pro process tree min alerts: 1	92.74	88.24	96.64	68.75	48.23	93.39
RFModel_pro process tree min alerts: 2	92.74	88.24	96.64	68.75	48.23	93.39
RFModel_pro process tree min alerts: 3	92.74	88.24	96.64	68.75	48.23	93.39
RFModel_pro process tree min alerts: 4	92.74	88.24	96.64	68.75	48.23	93.39
RFModel_pro rolling mean window: 2	93.22	94.12	92.44	78.28	73.83	89.76
RFModel_pro rolling mean window: 3	91.38	94.12	89.08	77.47	73.25	88.78
RFModel_pro rolling mean window: 4	89.96	94.12	86.55	77.08	77.70	83.85
RFModel_pro sum alerts min: 2	91.38	94.12	89.08	77.98	74.65	88.40
RFModel_pro sum alerts min: 3	89.96	94.12	86.55	77.05	77.52	83.96
RFModel_pro sum alerts min: 4	88.50	94.12	84.03	73.11	79.35	75.61
RFModel_pro_tree	90.35	82.58	98.32	74.20	52.44	92.74
RFRegression_pro_process	91.94	87.39	95.80	74.77	66.05	90.35
SVMModel_glo_pro	65.23	15.97	89.08	57.34	24.24	86.23
SVMModel_glo_pro mean process tree	65.23	15.97	89.08	58.11	27.39	85.91
SVMModel_glo_pro process tree min alerts: 1	65.23	15.97	89.08	57.32	23.81	86.45
SVMModel_glo_pro process tree min alerts: 2	65.23	15.97	89.08	57.32	23.81	86.45
SVMModel_glo_pro process tree min alerts: 3	65.23	15.97	89.08	57.32	23.81	86.45
SVMModel_glo_pro process tree min alerts: 4	65.23	15.97	89.08	57.32	23.81	86.45
SVMModel_glo_pro rolling mean window: 2	65.15	26.05	84.03	57.98	33.52	81.84
SVMModel_glo_pro rolling mean window: 3	64.65	31.09	80.67	58.14	35.46	80.98
SVMModel_glo_pro rolling mean window: 4	64.31	38.66	76.47	56.76	40.37	75.34
SVMModel_glo_pro sum alerts min: 2	65.05	36.13	78.99	58.35	39.08	79.13
SVMModel_glo_pro sum alerts min: 3	64.75	42.02	75.63	57.05	43.24	74.15
SVMModel_glo_pro sum alerts min: 4	64.89	51.26	71.43	54.70	47.40	67.59
SVMModel_pro	66.47	5.88	96.64	56.92	10.33	93.71