Table 15 Top 20 features for Brute Force web attacks ranked by Supervised-based Feature Importance Lists
From: A new feature popularity framework for detecting cyberattacks using popular features
XGBoost | Random Forest | CatBoost | LightGBM |
|---|---|---|---|
Fwd_IAT_Min | AvgFwdSegSize | Idle_Min | FwdPktLenMean |
RST_Flag_Count | TotLenBwdPkts | FwdPktLenStd | Flow_IAT_Min |
Fwd_IAT_Total | Max_Packet_Length | ECE_Flag_Count | Fwd_IAT_Min |
Flow_Packets_s | FwdPktLenMean | Flow_Bytes_s | Bwd_IAT_Min |
Flow_IAT_Max | RST_Flag_Count | Fwd_IAT_Total | Flow_IAT_Std |
act_data_pkt_fwd | TotLenFwdPkts | RST_Flag_Count | FwdPktLenStd |
Bwd_IAT_Mean | Flow_Bytes_s | Active_Max | Flow_Bytes_s |
Bwd_IAT_Min | Bwd_IAT_Max | Fwd_Header_Length | Fwd_IAT_Total |
Subflow_Fwd_Bytes | BwdPktLenStd | Bwd_Packets_s | |
FwdPktLenStd | Idle_Std | Bwd_IAT_Mean | |
AvgBwdSegSize | Min_Packet_Length | Flow_Packets_s | |
Bwd_IAT_Mean | Active_Min | Fwd_IAT_Std | |
Fwd_IAT_Std | TotLenFwdPkts | Fwd_Packets_s | |
Idle_Mean | act_data_pkt_fwd | Flow_IAT_Max | |
Subflow_Bwd_Packets | TotLenFwdPkts | ||
Bwd_IAT_Std | Idle_Std | ||
Fwd_IAT_Total | Fwd_Header_Length | ||
BwdPktLenMean | Flow_IAT_Mean | ||
Fwd_IAT_Min | FwdPktLenMax | ||
Flow_Packets_s | Total_Backward_Packets |