search

FDUDSDE / MAGIC

Codes and data for USENIX Security 24 paper "MAGIC: Detecting Advanced Persistent Threats via Masked Graph Representation Learning"
MIT License
64 stars 10 forks source link

Possible Misinterpretation in the Calculation of TP, TN, FP, FN in evaluate_entity_level_using_knn Method #4

Closed 1ss4kIT closed 7 months ago

1ss4kIT commented 7 months ago

In the evaluate_entity_level_using_knn method in the model/eval.py file, the calculation of True Positives (TP), True Negatives (TN), False Positives (FP), and False Negatives (FN) seems to be incorrect. The current code is as follows:

for i in range(len(y_test)):
    if y_test[i] == 1.0 and score[i] >= best_thres:
        tn += 1
    if y_test[i] == 1.0 and score[i] < best_thres:
        fn += 1
    if y_test[i] == 0.0 and score[i] < best_thres:
        tp += 1
    if y_test[i] == 0.0 and score[i] >= best_thres:
        fp += 1

In my understanding, the label y_test for malicious entities is 1, and score[i] should be greater than the set threshold. Therefore, the corrected code should be:

for i in range(len(y_test)):
    if y_test[i] == 1.0 and score[i] >= best_thres:
        tp += 1
    if y_test[i] == 1.0 and score[i] < best_thres:
        fn += 1
    if y_test[i] == 0.0 and score[i] < best_thres:
        tn += 1
    if y_test[i] == 0.0 and score[i] >= best_thres:
        fp += 1

Could you please confirm if my understanding is correct? Thank you.

Jimmyokok commented 7 months ago

You are correct, and fortunately this bug does not affect anything else. It has been fixed.