Advances, Systems and Applications
Table 2 Top Decision Rules for 'attack' in RF model
Decision Rule | Most Frequent Category | Rule Accuracy | Ensemble Accuracy | Interestingness Index |
|---|---|---|---|---|
(src_bytes <  = 1032.0) &(dst_bytes > 4100.0) & (dst_host_srv_count > 168.0) | normal | 0.998 | 0.998 | 0.994 |
(dst_host_same_srv_rate > 0.02) &(serror_rate > 0.0) & (dst_bytes <  = 4100.0) &(same_srv_rate > 0.09) & (num_file_creations <  = 0.0) | apache2 | 0.346 | 0.977 | 0.124 |
(src_bytes > 0.0) &(hot <  = 0.0) &(flag = {RSTR,S2,S3,SF}) &(duration > 0.0) &(protocol_type = {icmp,tcp}) | apache2 | 0.210 | 0.479 | 0.073 |
(src_bytes > 0.0) &(dst_bytes <  = 0.0) & (land <  = 0.0) &(hot <  = 0.0) &(protocol_type = {icmp,tcp}) | apache2 | 0.192 | 0.688 | 0.067 |
(duration > 0.0) &(num_root <  = 0.0) & (src_bytes > 0.0) &(flag = {RSTR,S0,S2,S3,SF,SH}) & (land <  = 0.0) | apache2 | 0.173 | 0.572 | 0.059 |