Skip to main content

Table 2 The features and descriptions in ZYELL dataset [13]

From: Model fusion of deep neural networks for anomaly detection

Feature Description
Time The time when the traffic is detected by the firewall
src Source IP address
dst Destination IP address
spt Source port
dpt Destination port
Duration Connection duration (seconds)
Out (bytes) Outbound traffic count (bytes)
In (bytes) Inbound traffic count (bytes)
Proto Protocol ID
App Application name
cnt_dst For the same source IP address, the number of unique destination IP addresses inside the network in the last T seconds
cnt_src For the same destination IP address, the number of unique source IP addresses inside the network in the last T seconds
cnt_serv_src Number of connections from the source IP to the same destination port in the last T seconds
cnt_serv_dst Number of connections from the destination IP to the same source port in the last T seconds