Skip to main content

Table 2 The features and descriptions in ZYELL dataset [13]

From: Model fusion of deep neural networks for anomaly detection

Feature

Description

Time

The time when the traffic is detected by the firewall

src

Source IP address

dst

Destination IP address

spt

Source port

dpt

Destination port

Duration

Connection duration (seconds)

Out (bytes)

Outbound traffic count (bytes)

In (bytes)

Inbound traffic count (bytes)

Proto

Protocol ID

App

Application name

cnt_dst

For the same source IP address, the number of unique destination IP addresses inside the network in the last T seconds

cnt_src

For the same destination IP address, the number of unique source IP addresses inside the network in the last T seconds

cnt_serv_src

Number of connections from the source IP to the same destination port in the last T seconds

cnt_serv_dst

Number of connections from the destination IP to the same source port in the last T seconds