Research Article
Detection System of HTTP DDoS Attacks in a Cloud Environment Based on Information Theoretic Entropy and Random Forest
Table 1
Features of the CIDDS-001 dataset [
13].
| Feature | Description |
| 1. Src IP | Source IP Address | 2. Src Port | Source Port | 3. Dest IP | Destination IP Address | 4. Dest Port | Destination Port | 5. Proto | Transport Protocol (e.g., ICMP, TCP, or UDP) | 6. Date first seen | Start time flow first seen | 7. Duration | Duration of the flow | 8. Bytes | Number of transmitted bytes | 9. Packets | Number of transmitted packets | 10. Flags | OR concatenation of all TCP Flags | 11. Class | Class label (normal, attacker, victim, suspicious or unknown) | 12. AttackType | Type of Attack (portScan, dos, bruteForce, — ) | 13. AttackID | Unique attack id. All flows which belong to the same attack carry the same attack id. | 14. Attack Description | Provides additional information about the set attack parameters (e.g., the number of attempted password guesses for SSH-Brute-Force attacks) |
|
|