| | Input: Raw pcap file, sliding window size M set in advance, sliding step T set in advance, number of attributes to be extracted N. | | | Output: Feature vector | | (1) | Feature vector | | (2) | Take the first M package according to the window size, move backward T steps each time to form F1, F2, F3, …, Fs, s represents the number of samples. | | (3) | for each Fido | | (4) | attribute1_list, …, attributeN_list | | (5) | for each packet P in Fi do | | (6) | attribute1, …, attributeN Extract attributes, such as packet size, source port, destination port, destination IP, etc. in P | | (7) | for each attribute A in attributeido | | (8) | attribute1_list, …, attributeN_list | | (9) | end for | | (10) | end for | | (11) | for each attribute_list in attributeI_list do | | (12) | EntropyF2 (attribute1_list), which is mentioned in Section 5 | | (13) | Feature_vectorFeature_vectorEntropy | | (14) end for | | (15) | end for | | (16) | return Feature_vector |
|
