Integrating Traffics with Network Device Logs for Anomaly Detection

<table class="fixed-width table-group" id="tab6"><tr><td><table class="table"><colgroup><col style="width:14.58em"/><col style="width:3.22em"/><col style="width:3.25em"/></colgroup><tr><td class="thead-hr" colspan="3"><hr/></td></tr><tr class="thead"><td class="align_left">Phishing</td><td class="align_center">FP</td><td class="align_center">FN</td></tr><tr><td class="thead-hr" colspan="3"><hr/></td></tr><tr><td class="align_left">10-fold KNN for traffics</td><td class="align_center">7.1%</td><td class="align_center">7.3%</td></tr><tr><td class="align_left">10-fold SVM for traffics</td><td class="align_center">6.5%</td><td class="align_center">7.3%</td></tr><tr><td class="align_left">10-fold KNN for logs</td><td class="align_center">8.8%</td><td class="align_center">8.3%</td></tr><tr><td class="align_left">10-fold SVM for logs</td><td class="align_center">7.9%</td><td class="align_center">8.2%</td></tr><tr><td class="align_left">10-fold SVM for logs-and-traffics</td><td class="align_center">5.0%</td><td class="align_center">6.0%</td></tr><tr><td class="align_left">10-fold KNN for logs-and-traffics</td><td class="align_center">5.5%</td><td class="align_center">4.8%</td></tr><tr><td class="align_left">TLCD (GBDT)</td><td class="align_center">5.3%</td><td class="align_center">4.9%</td></tr><tr class="table-tr"><td colspan="3"><hr class="tbody-hr"/></td></tr></table></td></tr></table>

<div>The detection results over phishing email.</div>

Security and Communication Networks

tab6

Table 6

Table 6: Integrating Traffics with Network Device Logs for Anomaly Detection 