Research Article
An Approach Based on the Improved SVM Algorithm for Identifying Malware in Network Traffic
Table 1
Extracted feature attributes.
| | Feature name | Feature description |
| | origin_ip | Source IP address | | destination_ip | Destination IP address | | port_number | Port number | | duration | Connection duration | | protocol_type | Protocol type | | service | Type of network service of the destination host | | flag | Connection normal or error state, and this field is discrete type | | src_bytes | Number of bytes of data from the source host to the destination host | | dst_bytes | Number of bytes of data from the destination host to the source host | | wrong_fragment | Number of wrong fragments, and this field is continuous type | | urgent | Number of urgent packages, and this field is continuous type | | dst_host_srv_error_rate | Percentage of connections with SYN errors | | hot | Number of accesses to sensitive files and directories on the system | | mark_status | Mark status | | packet_rate | Packet sending rate | | max_pktLens | Maximum message length | | min_pktLens | Minimum message length | | num_compromised | Number of occurrences of compromised condition | | num_access_files | Number of access control files | | same_srv_rate | Percentage of connections with the same service as the current connection | | dst_host_srv_count | Number of connections with the same destination host service as the current connection |
|
|
