Research Article
An Effective Conversation-Based Botnet Detection Method
Table 1
Conversation features.
| | Feature value | Description of feature value |
| | avg_duration | The average duration time of flows in a conversation | | min_duration | The minimum duration time of flows in a conversation | | max_duration | The maximum duration time of flows in a conversation | | std_duration | The standard deviation of duration time of flows in a conversation | | avg_f(b)inter | The average interval of up (down) flows in a conversation | | avg_f(b)pkl | The average length of up and down flows in a conversation | | min_f(b)pkl | The minimum length of up (down) flows in a conversation | | max_f(b)pkl | The maximum length of up (down) flows in a conversation | | std_avg_f(b)pkl | The standard variation of the length of up (down) flows in a conversation | | avg_f(b)pks | The average number of up (down) valid flows in a conversation | | std_avg_f(b)pks | The standard variation of the number of up (down) valid flows in a conversation | | avg_f(b)pksl | The average of transmission bytes of up (down) flows in a conversation | | std_f(b)pksl | The standard variation of transmission bytes of up (down) flows in a conversation | | min_spacket | The minimum of small packet in a conversation | | max_spacket | The maximum of small packet in a conversation | | avg_spacket | The average of small packet in a conversation | | std_spacket | The standard variance of small packet in a conversation |
|
|
