Skip to main content

Table 1 List of feature sets

From: An adaptive smartphone anomaly detection model based on data mining

Features names Feature descriptions
Src_IP Source IP
Dst_IP Destination IP
Service_domains Service domain name
Service Service type (service port)
Protocol Service protocol
Duration Duration
Status Status label for ending connection
Count_Src_Conn Number of connections initiated from source
Count_Des_Conn Number of connections initiated from destination
Count_Src_Data Total data traffic amount sent from source
Count_Dest_Data Total data traffic amount sent from destination
Count_Src_Retransmitted Number of retransmitted connections from source
Count_Dest_Retransmitted Number of retransmitted connections from destination
Src_Get_message encrypted-1;non-encrypted-0
Src_Post_message encrypted-1;non-encrypted-0
Fre_SrcIP Activity frequency of the TCP data flow from source IP within one time window
Fre_DestIP Activity frequency of the TCP data flow from destination IP within one time window
Count_conn Number of connections with identical service, destination IP, and status label within a certain period of time
Count_total_conn Number of total connections within one time window
  1. This table included 19 features, such as source address, destination address, service type, service protocol, duration, connection status and so on. These features included three stages of network traffic, which were establish the connection, keep the connection, Interactive the connection
\