Deep Learning-Based Framework for the Detection of Cyberattack Using Feature Engineering
Table 3
Traffic features computed using a two-second time window.
Feature name
Description
Type
count
Amount of connections to the same host as the existing link in the last two seconds Note: these same host connections apply to the following functions
Continuous
serror_rate
Percent of links with “SYN” errors
Continuous
rerror_rate
Percent of connections with “REJ” errors
Continuous
same_srv_rate
Percent of connections with the same service
Continuous
diff_srv_rate
Percent of links to various networks
Continuous
srv_count
Amount of connections to the same service as the existing link in the last two seconds Note: these same service links are referred to as the following functions