/* 以下结论来自10%的数据,做一个简单的了解*/
1. 检查文件共有42行,即42个特征,特征表格如下
(back,buffer_overflow,ftp_write,guess_passwd,imap,ipsweep,land,loadmodule,multihop,neptune,nmap,normal,perl,phf,pod,portsweep,rootkit,satan,smurf,spy,teardrop,warezclient,warezmaster.)
2. 检查主要特征的内容包括:
2.1 protocol_type: symbolic. 协议类型包括三种
['tcp' 'udp' 'icmp']duration: continuous.
2.2 symbolic. service 目的地址的网络服务包括:
['http' 'smtp' 'finger' 'domain_u' 'auth' 'telnet' 'ftp' 'eco_i' 'ntp_u'
'ecr_i' 'other' 'private' 'pop_3' 'ftp_data' 'rje' 'time' 'mtp' 'link'
'remote_job' 'gopher' 'ssh' 'name' 'whois' 'domain' 'login' 'imap4'
'daytime' 'ctf' 'nntp' 'shell' 'IRC' 'nnsp' 'http_443' 'exec' 'printer'
'efs' 'courier' 'uucp' 'klogin' 'kshell' 'echo' 'discard' 'systat'
'supdup' 'iso_tsap' 'hostnames' 'csnet_ns' 'pop_2' 'sunrpc' 'uucp_path'
'netbios_ns' 'netbios_ssn' 'netbios_dgm' 'sql_net' 'vmnet' 'bgp' 'Z39_50'
'ldap' 'netstat' 'urh_i' 'X11' 'urp_i' 'pm_dump' 'tftp_u' 'tim_i' 'red_i']
2.3 flag: symbolic flag连接是正确或错误的flag,有:
['SF' 'S1' 'REJ' 'S2' 'S0' 'S3' 'RSTO' 'RSTR' 'RSTOS0' 'OTH' 'SH']
2.4 src_bytes: continuous.
2.5 dst_bytes: continuous.
2.6 land :“1”表示如果连接来自/到相同的主机/端口
[0 1]
2.7 wrong_fragment: continuous.错误的片段数量number of ``wrong'' fragments,
[0 1 3]
2.8 urgent: continuous. 紧急数据包
[0 2 1 3]
2.9 hot: number of ``hot'' indicators continuous.指标数量
[ 0 1 3 19 6 4 30 24 14 18 2 5 17 22 7 16 12 20 10 28 15 9]
2.10 num_failed_logins: continuous.登录失败的尝试次数
[0 1 5 2 4 3]
2.11 logged_in: symbolic.“1”表示成功登录
[1 0]
2.12 num_compromised: continuous. number of ``compromised'' conditions “妥协”的条件数量 是通信质量的妥协吗?
[ 0 2 1 4 16 3 767 7 22 21 238 6 281 5 11 275 12 18
38 13 884 9 102]
2.13 root_shell: continuous. 1 if root shell is obtained; 0 otherwise 如果获得root权限,则该值为1
[0 1]
2.14 su_attempted: continuous.1 if ``su root'' command attempted; 0 otherwise discrete 有“2”是什么意思
[0 1 2]
2.15 num_root: continuous.number of ``root'' accesses continuous 访问数量
[ 0 2 1 3 9 5 6 16 4 857 39 12 268 278 7 14 306 54
993 119]
2.16 num_file_creations: continuous.number of file creation operations continuous
[ 0 1 2 4 15 9 16 28 10 21 14 5 7 8 12 25 22 20]
2.17 num_shells: continuous.number of shell prompts 提示符的数量
[0 2 1]
2.18 num_access_files: continuous.number of operations on access control files 访问关键文件的次数
[0 1 2 4 6 3 8]
2.19 num_outbound_cmds: continuous.number of outbound commands in an ftp session ftp会话中出站命令的数量
[0]
2.20 is_host_login: symbolic.
2.21 is_guest_login: symbolic.
在两秒的窗口内的数据流量特征计算
包括两种类型,针对的是相同的host的连接,和相同的服务的连接
2.22 count: continuous.number of connections to the same host as the current connection in the past two seconds 与过去两秒内当前连接相同的主机连接数,相同host
Note: The following features refer to these same-host connections.
2.23 srv_count: continuous.
number of connections to the same service as the current connection in the past two seconds continuous 相同服务
2.24 serror_rate: continuous.
% of connections that have ``SYN'' errors continuous 同步错误?相同host
2.25 srv_serror_rate: continuous.
% of connections to the same service continuous 相同服务
2.26 rerror_rate: continuous.
% of connections that have ``REJ'' errors continuous 拒绝访问?相同host
2.27 srv_rerror_rate: continuous.
% of connections that have ``REJ'' errors continuous 和上面有区别??相同服务
2.28 same_srv_rate: continuous.
% of connections to the same service continuous 相同host当中的相同服务
2.29 diff_srv_rate: continuous.
% of connections to different services continuous相同host当中的不同服务
2.30 srv_diff_host_rate: continuous. 相同服务中的不同host
2.31 dst_host_count: continuous.目的地相同吗
2.32 dst_host_srv_count: continuous.目的地相同吗
2.33 dst_host_same_srv_r
1. 检查文件共有42行,即42个特征,特征表格如下
(back,buffer_overflow,ftp_write,guess_passwd,imap,ipsweep,land,loadmodule,multihop,neptune,nmap,normal,perl,phf,pod,portsweep,rootkit,satan,smurf,spy,teardrop,warezclient,warezmaster.)
2. 检查主要特征的内容包括:
2.1 protocol_type: symbolic. 协议类型包括三种
['tcp' 'udp' 'icmp']duration: continuous.
2.2 symbolic. service 目的地址的网络服务包括:
['http' 'smtp' 'finger' 'domain_u' 'auth' 'telnet' 'ftp' 'eco_i' 'ntp_u'
'ecr_i' 'other' 'private' 'pop_3' 'ftp_data' 'rje' 'time' 'mtp' 'link'
'remote_job' 'gopher' 'ssh' 'name' 'whois' 'domain' 'login' 'imap4'
'daytime' 'ctf' 'nntp' 'shell' 'IRC' 'nnsp' 'http_443' 'exec' 'printer'
'efs' 'courier' 'uucp' 'klogin' 'kshell' 'echo' 'discard' 'systat'
'supdup' 'iso_tsap' 'hostnames' 'csnet_ns' 'pop_2' 'sunrpc' 'uucp_path'
'netbios_ns' 'netbios_ssn' 'netbios_dgm' 'sql_net' 'vmnet' 'bgp' 'Z39_50'
'ldap' 'netstat' 'urh_i' 'X11' 'urp_i' 'pm_dump' 'tftp_u' 'tim_i' 'red_i']
2.3 flag: symbolic flag连接是正确或错误的flag,有:
['SF' 'S1' 'REJ' 'S2' 'S0' 'S3' 'RSTO' 'RSTR' 'RSTOS0' 'OTH' 'SH']
2.4 src_bytes: continuous.
2.5 dst_bytes: continuous.
2.6 land :“1”表示如果连接来自/到相同的主机/端口
[0 1]
2.7 wrong_fragment: continuous.错误的片段数量number of ``wrong'' fragments,
[0 1 3]
2.8 urgent: continuous. 紧急数据包
[0 2 1 3]
2.9 hot: number of ``hot'' indicators continuous.指标数量
[ 0 1 3 19 6 4 30 24 14 18 2 5 17 22 7 16 12 20 10 28 15 9]
2.10 num_failed_logins: continuous.登录失败的尝试次数
[0 1 5 2 4 3]
2.11 logged_in: symbolic.“1”表示成功登录
[1 0]
2.12 num_compromised: continuous. number of ``compromised'' conditions “妥协”的条件数量 是通信质量的妥协吗?
[ 0 2 1 4 16 3 767 7 22 21 238 6 281 5 11 275 12 18
38 13 884 9 102]
2.13 root_shell: continuous. 1 if root shell is obtained; 0 otherwise 如果获得root权限,则该值为1
[0 1]
2.14 su_attempted: continuous.1 if ``su root'' command attempted; 0 otherwise discrete 有“2”是什么意思
[0 1 2]
2.15 num_root: continuous.number of ``root'' accesses continuous 访问数量
[ 0 2 1 3 9 5 6 16 4 857 39 12 268 278 7 14 306 54
993 119]
2.16 num_file_creations: continuous.number of file creation operations continuous
[ 0 1 2 4 15 9 16 28 10 21 14 5 7 8 12 25 22 20]
2.17 num_shells: continuous.number of shell prompts 提示符的数量
[0 2 1]
2.18 num_access_files: continuous.number of operations on access control files 访问关键文件的次数
[0 1 2 4 6 3 8]
2.19 num_outbound_cmds: continuous.number of outbound commands in an ftp session ftp会话中出站命令的数量
[0]
2.20 is_host_login: symbolic.
2.21 is_guest_login: symbolic.
在两秒的窗口内的数据流量特征计算
包括两种类型,针对的是相同的host的连接,和相同的服务的连接
2.22 count: continuous.number of connections to the same host as the current connection in the past two seconds 与过去两秒内当前连接相同的主机连接数,相同host
Note: The following features refer to these same-host connections.
2.23 srv_count: continuous.
number of connections to the same service as the current connection in the past two seconds continuous 相同服务
2.24 serror_rate: continuous.
% of connections that have ``SYN'' errors continuous 同步错误?相同host
2.25 srv_serror_rate: continuous.
% of connections to the same service continuous 相同服务
2.26 rerror_rate: continuous.
% of connections that have ``REJ'' errors continuous 拒绝访问?相同host
2.27 srv_rerror_rate: continuous.
% of connections that have ``REJ'' errors continuous 和上面有区别??相同服务
2.28 same_srv_rate: continuous.
% of connections to the same service continuous 相同host当中的相同服务
2.29 diff_srv_rate: continuous.
% of connections to different services continuous相同host当中的不同服务
2.30 srv_diff_host_rate: continuous. 相同服务中的不同host
2.31 dst_host_count: continuous.目的地相同吗
2.32 dst_host_srv_count: continuous.目的地相同吗
2.33 dst_host_same_srv_r