Advances, Systems and Applications
From: A fog-edge-enabled intrusion detection system for smart grids
Feature Category | Description |
---|---|
Basic Features | Â |
 Duration | The length of the connection in seconds (continuous) |
 Protocol Type | The protocol used in the connection (categorical: TCP, UDP, ICMP) |
 Service | The network service on the destination machine (categorical) |
 Flag | The status of the connection (categorical) |
 Source Bytes | The number of data bytes sent by the source (continuous) |
 Destination Bytes | The number of data bytes sent by the destination (continuous) |
 Land | Indicator of a connection from/to the same host/port (categorical: 0, 1) |
Content-Based Features | Â |
 Source IP Address | The IP address of the source machine (categorical) |
 Destination IP Address | The IP address of the destination machine (categorical) |
 Source Port Number | The port number used by the source machine (continuous) |
 Destination Port Number | The port number used by the destination machine (continuous) |
 Number of Failed Logins | The count of failed login attempts (continuous) |
 Number of Successful Logins | The count of successful login attempts (continuous) |
 Number of Root Shell | The count of root shell accesses (continuous) |
 Number of File Creations | The count of file creation operations (continuous) |
 Number of Sudo | The count of sudo (superuser) commands executed (continuous) |
Traffic-Based Features | Â |
 Number of Inbound Connections | The count of inbound connections to the same host/IP address (continuous) |
 Number of Outbound Connections | The count of outbound connections from the same host/IP address (continuous) |
 Number of Same Service Connections | The count of connections to the same service (continuous) |
 Number of Same Host Connections | The count of connections to the same host (continuous) |
 Number of Same Host with Same Service Connections | The count of connections to the same host and service (continuous) |
Attack Types | Â |
 DoS | Denial of Service |
 R2L | Remote-to-Local |
 U2R | User-to-Root |
 Probing | Probing Attacks |