Research Article
An Approach Based on the Improved SVM Algorithm for Identifying Malware in Network Traffic
Table 1
Extracted feature attributes.
| Feature name | Feature description |
| origin_ip | Source IP address | destination_ip | Destination IP address | port_number | Port number | duration | Connection duration | protocol_type | Protocol type | service | Type of network service of the destination host | flag | Connection normal or error state, and this field is discrete type | src_bytes | Number of bytes of data from the source host to the destination host | dst_bytes | Number of bytes of data from the destination host to the source host | wrong_fragment | Number of wrong fragments, and this field is continuous type | urgent | Number of urgent packages, and this field is continuous type | dst_host_srv_error_rate | Percentage of connections with SYN errors | hot | Number of accesses to sensitive files and directories on the system | mark_status | Mark status | packet_rate | Packet sending rate | max_pktLens | Maximum message length | min_pktLens | Minimum message length | num_compromised | Number of occurrences of compromised condition | num_access_files | Number of access control files | same_srv_rate | Percentage of connections with the same service as the current connection | dst_host_srv_count | Number of connections with the same destination host service as the current connection |
|
|