Research Article
Towards Accurate Node-Based Detection of P2P Botnets
Table 4
Features for flow-based detection comparison.
| | Attribute | Description |
| | SrcIp | Flow source IP address | | SrcPort | Flow source port address | | DstIp | Flow destination IP address | | DstPort | Flow destination port address | | Protocol | Transport layer protocol or “mixed” | | APL | Average payload packet length for time interval | | PV | Variance of payload packet length for time interval | | PX | Number of packets exchanged for time interval | | PPS | Number of packets exchanged per second in time interval | | FPS | The size of the first packet in the flow | | TBP | The average time between packets in time interval | | NR | The number of reconnections for a flow | | FPH | Number of flows from this address over the total number of flows generated per hour |
|
|
