Table 2 Selected features
ID | Name | Description |
|---|---|---|
0 | duration | Packet connection time |
9 | dns_qtype | Value which specifies the DNS (Domain Name System) query types |
11 | http_request_body_len | The original size of the HTTP data from the client |
12 | http_response_body_len | The original size of the HTTP data from the server |
13 | http_status_code | HTTP server status |
14 | proto | Transport layer protocols of flow connections |
15 | service | Dynamically detected protocols, such as DNS, HTTP and SSL (Secure Socket Layer) |
18 | dns_AA | Authoritative answers of DNS, where T denotes server is authoritative for query |
23 | ssl_cipher | SSL cipher suite which the server chose |
24 | ssl_resumed | SSL flag shows the session that can be used to start new connections, where T refers to the SSL connection is initiated |
25 | ssl_established | SSL flag indicates establishing connections between two parties, where T refers to establishing the connection |
26 | ssl_subject | Subject of the X.509 cert offered by the server |
27 | ssl_issuer | Trusted owner/originator of SLL and digital certificate (certificate authority) |
28 | http_trans_depth | Pipelined depth into the HTTP connection |
29 | http_method | HTTP request methods such as GET, POST and HEAD |
30 | http_uri | URIs used in the HTTP request |
31 | http_version | The HTTP versions utilized such as V1.1 |
32 | http_user_agent | Values of the User- Agent header in the HTTP protocol |
33 | http_orig_mime_types | Ordered vectors of mime types from source system in the HTTP protocol |
34 | http_resp_mime_types | Ordered vectors of mime types from destination system in the HTTP protocol |
35 | weird_name | Names of anomalies/violations related to protocols that happened |