|
| F/N | Feature name | Type | Description |
|
| F1 | Duration | Numeric | The length of the connection process |
| F2 | Protocol_type | String | The connection protocol type of a packet (TCP, UDP, etc.) |
| F3 | Service | String | The type of network service at the destination (e.g., Http) |
| F4 | Flag | String | The normal or error status of the connection |
| F5 | Src_bytes | Numeric | The number of data bytes sent, i.e., source to destination |
| F6 | Dstbytes | Numeric | The number of data bytes received, i.e., destination to source |
| F7 | Land | Numeric | To check if a connection is from the same host or not (1 or 0) |
| F8 | Wrong fragment | Numeric | The total number of wrong fragments of a connection |
| F9 | Urgent | Numeric | The total number of the packet that is urgent |
| F10 | Hot | Numeric | The total number of hot indicators in a packet |
| F11 | Numfailedlogins | Numeric | The total number of times login attempt failed by a connection |
| F12 | Loggedin | Numeric | Login status of a connection (1 successful, 0 failed) |
| F13 | Numcompromised | Numeric | The total number of compromised conditions |
| F14 | Rootshell | Numeric | To determine if a root shell is obtained or not (1 yes 0 no) |
| F15 | Suattempted | Numeric | To check if a super user root command is attempted or not |
| F16 | Numroot | Numeric | The total number of root accesses |
| F17 | Numfilecreations | Numeric | The total number of file creation activities attempted |
| F18 | Numshells | Numeric | The total number of shell prompts recorded |
| F19 | Numaccessfiles | Numeric | The total number of attempts in access control files |
| F20 | Numoutboundcmds | Numeric | The total number of outbound commands in file transfer task |
| F21 | Ishostlogin | Numeric | To check the login belong to the host list or not |
| F22 | Isguestlogin | Numeric | To check if the login is guest or not |
| F23 | Count | Numeric | The total number of connection to the same host as the current connection in the last two seconds |
| F24 | Srvcount | Numeric | The total number of connection to the same service as the current connection in the last two seconds |
| F25 | Serrorrate | Numeric | Total (%) of connection that has “SYN” errors in same-host connection |
| F26 | Srvserrorrate | Numeric | Total (%) of connection that has “SYN” errors in same-service connection |
| F27 | Rerrorrate | Numeric | Total (%) of connection that has “REJ” errors in same-host connection |
| F28 | Srvrerrorrate | Numeric | Total (%) of connection that has “REJ” errors in same-service connection |
| F29 | Samesrvrate | Numeric | The total (%) of connection to the same service connection |
| F30 | Diffsrvrate | Numeric | The total (%) of connection to different services |
| F31 | Srvdiffhostrate | Numeric | The total (%) of connection to a different host |
| F32 | Dsthostcount | Numeric | The total (%) count of connection having the same destination host |
| F33 | Dsthostsrvcount | Numeric | The total (%) count of connection; having the same destination host and using the same service |
| F34 | Dsthostsamesrvrate | Numeric | The total (%) of connection having the same destination host and using the same service |
| F35 | Dsthostdiffsrvrate | Numeric | The total (%) of different services on the current host |
| F36 | Dsthostsamesrcportrate | Numeric | The total (%) of connection to the current host having the same port |
| F37 | Dsthostsrvdiffhostrate | Numeric | The total (%) of connection to the same service coming from different hosts |
| F38 | Dsthostserrorrate | Numeric | The total (%) of connection to the current host that has a SO error |
| F39 | Dsthostsrvserrorrate | Numeric | The total (%) of connection to the current host and specified service that has a SO error |
| F40 | Dsthostrerrorrate | Numeric | The total (%) of connection to the current host that has an RST error |
| F41 | Dsthostsrvrerrorrate | Numeric | The total (%) of connection to the current host and specified service that have an RST error |
|
