Skip to main content
EURASIP Journal on Wireless Communications and Networking

Table 5 Shows all four clusters and the features in them

From: Intrusion detection in internet of things using supervised machine learning based on application and transport layer features using UNSW-NB15 data-set

Number Full features Flow/MQTT features TCP features Top features (flow/MQTT and TCP)
1 sport dur sport dur
2 dsport Stime dsport dmeansz
3 dur Ltime dbytes Dload
4 dbytes Dload sloss Ltime
5 dttl dmeansz dloss Stime
6 sloss is_sm_ips_ports Spkts Dpkts
7 dloss ct_srv_src Dpkts dbytes
8 Dload ct_srv_dst swin Sintpkt
9 Spkts ct_dst_ltm dwin Dintpkt
10 Dpkts ct_src_ltm stcpb sport
11 swin ct_src_dport_ltm dtcpb dsport
12 dwin ct_dst_sport_ltm Sjit  
13 stcpb ct_dst_src_ltm Djit  
14 dtcpb   Sintpkt  
15 dmeansz   Dintpkt  
16 trans_depth   tcprtt  
17 res_bdy_len   synack  
18 Sjit   ackdat  
19 Djit    
20 Stime    
21 Ltime    
22 Sintpkt    
23 Dintpkt    
24 tcprtt    
25 synack    
26 ackdat    
27 is_sm_ips_ports    
28 ct_flw_http_mthd    
29 is_ftp_login    
30 ct_ftp_cmd    
31 ct_srv_src    
32 ct_srv_dst    
33 ct_dst_ltm    
34 ct_src_ltm    
35 ct_src_dport_ltm    
36 ct_dst_sport_ltm    
37 ct_dst_src_ltm    
Back to article page