From: Impact of class distribution on the detection of slow HTTP DoS attacks using Big Data
Feature name | Description |
---|---|
Protocol | Transport-layer protocol number of flow |
Packets | Number of packets in flow |
Bytes | Number of bytes in flow |
Flags | Logical OR of TCP flag fields of flow |
Initial Flags | TCP flags in initial packet |
Session Flags | All TCP flags in entire connection |
Attributes | Flow attributes [SFTC] |
Duration | Duration length (in milliseconds) of flow |
Payload Bytes | Size of payload measured in bytes |
Payload Rate | Non-overhead packet data per second |
Packets/Second | Number of packets per second |
Bytes/Second | Number of bytes per second |
Bytes/Packet | Number of bytes per packet |
Class | Class label (attack or normal) |