Research Article
Anomaly Detection of System Call Sequence Based on Dynamic Features and Relaxed-SVM
Table 4
ADFA-LD and UNM dataset, the results for different models.
| Dataset | Algorithm | AUC | F1-score | False alarm rate |
| ADFA-LD | EWR-SVM | 99% | 0.93 | 2.4% | Naive Bayes | 94% | 0.90 | 8% | Logistic regression | 96% | 0.94 | 3% | Random forest | 98% | 0.92 | 7% | GBDT | 98% | 0.94 | 4% |
| UNM | EWR-SVM | 97% | 0.83 | 0% | Naive Bayes | 89% | 0.36 | 0% | Logistic regression | 95% | 0.72 | 10% | Random forest | 97% | 0.83 | 0% | GBDT | 97% | 0.8 | 0% |
|
|