From: Model fusion of deep neural networks for anomaly detection
Feature | Description |
---|---|
Time | The time when the traffic is detected by the firewall |
src | Source IP address |
dst | Destination IP address |
spt | Source port |
dpt | Destination port |
Duration | Connection duration (seconds) |
Out (bytes) | Outbound traffic count (bytes) |
In (bytes) | Inbound traffic count (bytes) |
Proto | Protocol ID |
App | Application name |
cnt_dst | For the same source IP address, the number of unique destination IP addresses inside the network in the last T seconds |
cnt_src | For the same destination IP address, the number of unique source IP addresses inside the network in the last T seconds |
cnt_serv_src | Number of connections from the source IP to the same destination port in the last T seconds |
cnt_serv_dst | Number of connections from the destination IP to the same source port in the last T seconds |