Table 3.
A subset of the attributes and their descriptions that characterize a single attack record in the dataset [15].
| Name | Description |
|---|---|
| srcip | Source IP address |
| sport | Source port number |
| dstip | Destination IP address |
| dsport | Destination port number |
| proto | Transaction protocol |
| state | Protocol state |
| dur | Record total duration |
| sbytes | Source to destination bytes sent |
| dbytes | Destination to source bytes sent |
| service | e.g., http, ftp, smtp, ssh, dns |
| sload | Source bits per second |
| dload | Destination bits per second |
| spkts | Source to destination packet count |
| dpkts | Destination to source packet count |
| attack_cat | Name of attack |
| label | 0 for benign, 1 for attack records |