Research Article
LogKernel: A Threat Hunting Approach Based on Behaviour Provenance Graph and Graph Kernel Clustering
Table 5
Hunting results on malicious dataset and CADETS dataset.
| Dataset | Graph kernel | Graph type | Recall (%) | Precision (%) | F-score (%) |
| Malicious dataset | BPG kernel | BPGs | 100 | 100 | 100 | No label graphs | 57.1 | 57.1 | 72.7 | Attribute label graphs | 100 | 43.8 | 60.9 | WL kernel [27, 41] | BPGs | 85.7 | 50 | 63.2 | MPGK AA [28] | 42.9 | 30 | 35.3 |
| CADETS dataset | BPG kernel | BPGs | 100 | 100 | 100 | No label graphs | 25 | 20 | 22.2 | Attribute label graphs | 100 | 50 | 66 | WL kernel | BPGs | 75 | 42.9 | 54.6 | MPGK AA | 50 | 33.3 | 40 |
|
|