Research Article
A DDoS Attack Detection Method Based on Hybrid Heterogeneous Multiclassifier Ensemble Learning
Table 2
All 41 features in the four types.
| | Number | |
| | | TCP connection basic features | | duration | | protocol_type | | service | | flag | | src_bytes | | dst_bytes | | land | | wrong_fragment | | urgent |
| | | TCP connective content features | | hot | | num_failed_logins | | logged_in | | num_compromised | | root_shell | | su_attempted | | num_root | | num_file_creations | | num_shells | | num_access_files | | num_outbound_cmds | | is_hot_login | | is_guest_login |
| | | Time-based network traffic statistical characteristics | | count | | srv_count | | serror_rate | | srv_serror_rate | | rerror_rate | | srv_rerror_rate | | same_srv_rate | | diff_srv_rate | | srv_diff_host_rate |
| | | Host-based network traffic statistical characteristics | | dst_host_count | | dst_host_srv_count | | dst_host_same_srv_rate | | dst_host_diff_srv_rate | | dst_host_same_src_port_rate | | dst_host_srv_diff_host_rate | | dst_host_serror_rate | | dst_host_srv_serror_rate | | dst_host_rerror_rate | | dst_host_srv_rerror_rate |
|
|
