Research Article
Anomaly Detection of System Call Sequence Based on Dynamic Features and Relaxed-SVM
Table 4
ADFA-LD and UNM dataset, the results for different models.
| | Dataset | Algorithm | AUC | F1-score | False alarm rate |
| | ADFA-LD | EWR-SVM | 99% | 0.93 | 2.4% | | Naive Bayes | 94% | 0.90 | 8% | | Logistic regression | 96% | 0.94 | 3% | | Random forest | 98% | 0.92 | 7% | | GBDT | 98% | 0.94 | 4% |
| | UNM | EWR-SVM | 97% | 0.83 | 0% | | Naive Bayes | 89% | 0.36 | 0% | | Logistic regression | 95% | 0.72 | 10% | | Random forest | 97% | 0.83 | 0% | | GBDT | 97% | 0.8 | 0% |
|
|
