KDD Cup'99 数据熟悉和特征分析

/* 以下结论来自10%的数据，做一个简单的了解*/


1. 检查文件共有42行，即42个特征，特征表格如下


（back,buffer_overflow,ftp_write,guess_passwd,imap,ipsweep,land,loadmodule,multihop,neptune,nmap,normal,perl,phf,pod,portsweep,rootkit,satan,smurf,spy,teardrop,warezclient,warezmaster.）


2. 检查主要特征的内容包括：


2.1 protocol_type: symbolic. 协议类型包括三种


['tcp' 'udp' 'icmp']duration: continuous.


2.2 symbolic. service 目的地址的网络服务包括：


['http' 'smtp' 'finger' 'domain_u' 'auth' 'telnet' 'ftp' 'eco_i' 'ntp_u'
 'ecr_i' 'other' 'private' 'pop_3' 'ftp_data' 'rje' 'time' 'mtp' 'link'
 'remote_job' 'gopher' 'ssh' 'name' 'whois' 'domain' 'login' 'imap4'
 'daytime' 'ctf' 'nntp' 'shell' 'IRC' 'nnsp' 'http_443' 'exec' 'printer'
 'efs' 'courier' 'uucp' 'klogin' 'kshell' 'echo' 'discard' 'systat'
 'supdup' 'iso_tsap' 'hostnames' 'csnet_ns' 'pop_2' 'sunrpc' 'uucp_path'
 'netbios_ns' 'netbios_ssn' 'netbios_dgm' 'sql_net' 'vmnet' 'bgp' 'Z39_50'
 'ldap' 'netstat' 'urh_i' 'X11' 'urp_i' 'pm_dump' 'tftp_u' 'tim_i' 'red_i']


2.3 flag: symbolic flag连接是正确或错误的flag，有：


['SF' 'S1' 'REJ' 'S2' 'S0' 'S3' 'RSTO' 'RSTR' 'RSTOS0' 'OTH' 'SH']




2.4 src_bytes: continuous.


2.5 dst_bytes: continuous.


2.6 land :“1”表示如果连接来自/到相同的主机/端口


[0 1]


2.7 wrong_fragment: continuous.错误的片段数量number of ``wrong'' fragments，


[0 1 3]


2.8 urgent: continuous. 紧急数据包


[0 2 1 3]


2.9 hot: number of ``hot'' indicators continuous.指标数量


[ 0  1  3 19  6  4 30 24 14 18  2  5 17 22  7 16 12 20 10 28 15  9]


2.10 num_failed_logins: continuous.登录失败的尝试次数


[0 1 5 2 4 3]


2.11 logged_in: symbolic.“1”表示成功登录


[1 0]


2.12 num_compromised: continuous. number of ``compromised'' conditions “妥协”的条件数量 是通信质量的妥协吗？
 
[  0   2   1   4  16   3 767   7  22  21 238   6 281   5  11 275  12  18
  38  13 884   9 102]


2.13 root_shell: continuous. 1 if root shell is obtained; 0 otherwise 如果获得root权限，则该值为1


[0 1]


2.14 su_attempted: continuous.1 if ``su root'' command attempted; 0 otherwise discrete 有“2”是什么意思


[0 1 2] 


2.15 num_root: continuous.number of ``root'' accesses continuous 访问数量


[  0   2   1   3   9   5   6  16   4 857  39  12 268 278   7  14 306  54
 993 119]


2.16 num_file_creations: continuous.number of file creation operations continuous


[ 0  1  2  4 15  9 16 28 10 21 14  5  7  8 12 25 22 20]


2.17 num_shells: continuous.number of shell prompts 提示符的数量


[0 2 1]


2.18 num_access_files: continuous.number of operations on access control files 访问关键文件的次数


[0 1 2 4 6 3 8]


2.19 num_outbound_cmds: continuous.number of outbound commands in an ftp session ftp会话中出站命令的数量


[0]


2.20 is_host_login: symbolic.


2.21 is_guest_login: symbolic.


在两秒的窗口内的数据流量特征计算


包括两种类型，针对的是相同的host的连接，和相同的服务的连接


2.22 count: continuous.number of connections to the same host as the current connection in the past two seconds 与过去两秒内当前连接相同的主机连接数，相同host


Note: The following  features refer to these same-host connections.


2.23 srv_count: continuous.


number of connections to the same service as the current connection in the past two seconds continuous  相同服务


2.24 serror_rate: continuous.


% of connections that have ``SYN'' errors continuous 同步错误？相同host


2.25 srv_serror_rate: continuous.


% of connections to the same service continuous 相同服务


2.26 rerror_rate: continuous.


% of connections that have ``REJ'' errors continuous 拒绝访问？相同host


2.27 srv_rerror_rate: continuous.


% of connections that have ``REJ'' errors continuous 和上面有区别？？相同服务


2.28 same_srv_rate: continuous.


% of connections to the same service continuous 相同host当中的相同服务


2.29 diff_srv_rate: continuous.


% of connections to different services continuous相同host当中的不同服务


2.30 srv_diff_host_rate: continuous. 相同服务中的不同host


2.31 dst_host_count: continuous.目的地相同吗


2.32 dst_host_srv_count: continuous.目的地相同吗


2.33 dst_host_same_srv_r