Research Article
Integrating Traffics with Network Device Logs for Anomaly Detection
Table 6
The detection results over phishing email.
| Phishing | FP | FN |
| 10-fold KNN for traffics | 7.1% | 7.3% | 10-fold SVM for traffics | 6.5% | 7.3% | 10-fold KNN for logs | 8.8% | 8.3% | 10-fold SVM for logs | 7.9% | 8.2% | 10-fold SVM for logs-and-traffics | 5.0% | 6.0% | 10-fold KNN for logs-and-traffics | 5.5% | 4.8% | TLCD (GBDT) | 5.3% | 4.9% |
|
|