Table 5 Correlation threshold with the features selected

[− 0.01 0.01]

‘conn_state_RSTRH’, ‘conn_state_S3’, ‘proto_icmp’, ‘conn_state_SHR’, ‘conn_state_S1’, ‘conn_state_SH’, ‘service_http’, ‘conn_state_S0’, ‘conn_state_REJ’

[− 0.015 0.015]

‘conn_state_RSTO’, ‘service_smb’, ‘dns_qclass’, ‘conn_state_SF’, ‘dns_AA_T’, ‘service_smb;gssapi’, ‘service_ftp’, ‘service_dhcp’, ‘conn_state_RSTOS0’, ‘service_dce_rpc’, ‘service_gssapi’, ‘conn_state_S2’, ‘dns_RA_T’, ‘conn_state_RSTRH’, ‘conn_state_S3’, ‘proto_icmp’, ‘conn_state_SHR’, ‘conn_state_S1’, ‘conn_state_SH’, ‘service_http’, ‘conn_state_S0’, ‘conn_state_REJ’

[− 0.02 0.02]

‘ssl_established_F’, ‘missed_bytes’, ‘dns_RD_F’, ‘dns_rejected_T’, ‘dns_RD_T’, ‘conn_state_RSTR’, ‘dns_qtype’, ‘http_method_HEAD’, ‘proto_udp’, ‘conn_state_RSTO’, ‘service_smb’, ‘dns_qclass’, ‘conn_state_SF’, ‘dns_AA_T’, ‘service_smb;gssapi’, ‘service_ftp’, ‘service_dhcp’, ‘conn_state_RSTOS0’, ‘service_dce_rpc’, ‘service_gssapi’, ‘conn_state_S2’, ‘dns_RA_T’, ‘conn_state_RSTRH’, ‘conn_state_S3’, ‘proto_icmp’, ‘conn_state_SHR’, ‘conn_state_S1’, ‘conn_state_SH’, ‘service_http’, ‘conn_state_S0’, ‘conn_state_REJ’, ‘conn_state_OTH’, ‘proto_tcp’

[− 0.03 0.03]

‘dns_query’, ‘service_dns’, ‘src_bytes’, ‘dns_RA_F’, ‘dst_bytes’, ‘dns_AA_F’, ‘service_ssl’, ‘ssl_resumed_F’, ‘http_response_body_len’, ‘dns_rejected_F’, ‘dns_rcode’, ‘ssl_established_F’, ‘missed_bytes’, ‘dns_RD_F’, ‘dns_rejected_T’, ‘dns_RD_T’, ‘conn_state_RSTR’, ‘dns_qtype’, ‘http_method_HEAD’, ‘proto_udp’, ‘conn_state_RSTO’, ‘service_smb’, ‘dns_qclass’, ‘conn_state_SF’, ‘dns_AA_T’, ‘service_smb;gssapi’, ‘service_ftp’, ‘service_dhcp’, ‘conn_state_RSTOS0’, ‘service_dce_rpc’, ‘service_gssapi’, ‘conn_state_S2’, ‘dns_RA_T’, ‘conn_state_RSTRH’, ‘conn_state_S3’, ‘proto_icmp’, ‘conn_state_SHR’, ‘conn_state_S1’, ‘conn_state_SH’, ‘service_http’, ‘conn_state_S0’, ‘conn_state_REJ’, ‘conn_state_OTH’, ‘proto_tcp’, ‘dns_AA_NA’, ‘dns_rejected_NA’, ‘dns_RD_NA’, ‘dns_RA_NA’, ‘service_NA’

N/A

All the features of the dataset transformed by pre-processing stage