yet another kdd cup question
Oğuz Yarımtepe
oguzyarimtepe at gmail.com
Mon Sep 30 07:41:14 EDT 2013
It seems payload analysis is not a good approach in my situation, because i
will be testing the algorithm against DDoS attacks.
So better to ask how can i calculate the below features by using Argus?
count: number of connections to the same host as the current connection in
the past two second, the number of connections whose source IP address and
destination IP address are the same to those of the current connection in
the
past two seconds
serror_rate: % of connections that have ``SYN'' errors, % of connections
that have “SYN” errors in Count feature
rerror_rate: % of connections that have ``REJ'' errors
same_srv_rate: % of connections to the same service, % of connections to
the same service in Count feature
diff_srv_rate: % of connections to different services in Count feature
srv_count: number of connections to the same service as the current
connection in the past two seconds
srv_serror_rate: % of connections that have ``SYN'' errors, % of
connections that have “SYN” errors in Srv_count(the number of connections
whose service type is the same to that of the current connection in the
past two seconds) feature
srv_rerror_rate: % of connections that have ``REJ'' errors
srv_diff_host_rate: % of connections to different hosts
Any tip will be great.
--
Oğuz Yarımtepe
http://about.me/oguzy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130930/2c2f1a9b/attachment.html>
More information about the argus
mailing list