File size: 6,064 Bytes
721fce4 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 | {
"feature_names": [
"source_port",
"dest_port",
"flow_duration_ms",
"total_fwd_packets",
"total_bwd_packets",
"total_bytes_fwd",
"total_bytes_bwd",
"fwd_packet_len_mean",
"fwd_packet_len_std",
"bwd_packet_len_mean",
"bwd_packet_len_std",
"flow_bytes_per_sec",
"flow_packets_per_sec",
"inter_arrival_time_mean",
"inter_arrival_time_std",
"tcp_flag_syn_count",
"tcp_flag_ack_count",
"tcp_flag_fin_count",
"tcp_flag_rst_count",
"tcp_flag_psh_count",
"tcp_flag_urg_count",
"retransmission_flag",
"fragmentation_flag",
"protocol_violation_flag",
"payload_entropy_mean",
"retransmission_rate",
"protocol_violation_count",
"c2_beacon_flag",
"session_risk_score",
"trust_level",
"avg_concurrent_flows",
"bandwidth_mbps",
"nat_enabled",
"ids_coverage",
"diurnal_peak_factor",
"feature_space_dim",
"alert_threshold",
"retraining_cadence_days",
"ensemble_size",
"device_count",
"iat_cv",
"fwd_bwd_byte_ratio",
"bytes_per_packet_fwd",
"tcp_flag_anomaly_score",
"payload_density",
"hour_of_day",
"is_off_hours",
"is_well_known_dest_port",
"is_ephemeral_src_port",
"protocol_DNS",
"protocol_FTP",
"protocol_HTTPS",
"protocol_NTP",
"protocol_SMTP",
"protocol_SSH",
"protocol_TCP",
"protocol_UDP",
"flow_lifecycle_phase_connection_initiation",
"flow_lifecycle_phase_connection_teardown",
"flow_lifecycle_phase_data_transfer",
"flow_lifecycle_phase_protocol_handshake",
"flow_lifecycle_phase_session_maintenance",
"source_device_type_cloud_service",
"source_device_type_iot_device",
"source_device_type_mobile_endpoint",
"source_device_type_ot_controller",
"source_device_type_server",
"source_device_type_workstation",
"dest_device_type_cloud_service",
"dest_device_type_iot_device",
"dest_device_type_mobile_endpoint",
"dest_device_type_ot_controller",
"dest_device_type_server",
"dest_device_type_workstation",
"segment_type_cloud_workload",
"segment_type_corporate_lan",
"segment_type_data_centre_spine",
"segment_type_dmz_perimeter",
"segment_type_endpoint_fleet",
"segment_type_guest_wifi",
"segment_type_ot_ics_control_network",
"segment_type_soc_management_plane",
"segment_type_zero_trust_segment",
"firewall_policy_default_deny",
"firewall_policy_open_permissive",
"firewall_policy_stateful_inspection",
"firewall_policy_strict_allowlist",
"firewall_policy_zone_based",
"qos_policy_best_effort",
"qos_policy_dscp_expedited",
"qos_policy_none",
"qos_policy_priority_queue",
"qos_policy_weighted_fair_queue",
"defender_architecture_autoencoder_anomaly",
"defender_architecture_ensemble_stacked",
"defender_architecture_gradient_boosted_tree",
"defender_architecture_isolation_forest",
"defender_architecture_lstm_behavioural",
"defender_architecture_neural_network_dense",
"defender_architecture_rule_based_threshold",
"defender_architecture_transformer_sequence"
],
"numeric_features": [
"source_port",
"dest_port",
"flow_duration_ms",
"total_fwd_packets",
"total_bwd_packets",
"total_bytes_fwd",
"total_bytes_bwd",
"fwd_packet_len_mean",
"fwd_packet_len_std",
"bwd_packet_len_mean",
"bwd_packet_len_std",
"flow_bytes_per_sec",
"flow_packets_per_sec",
"inter_arrival_time_mean",
"inter_arrival_time_std",
"tcp_flag_syn_count",
"tcp_flag_ack_count",
"tcp_flag_fin_count",
"tcp_flag_rst_count",
"tcp_flag_psh_count",
"tcp_flag_urg_count",
"retransmission_flag",
"fragmentation_flag",
"protocol_violation_flag",
"payload_entropy_mean",
"retransmission_rate",
"protocol_violation_count",
"c2_beacon_flag",
"session_risk_score",
"trust_level",
"avg_concurrent_flows",
"bandwidth_mbps",
"nat_enabled",
"ids_coverage",
"diurnal_peak_factor",
"feature_space_dim",
"alert_threshold",
"retraining_cadence_days",
"ensemble_size",
"device_count",
"iat_cv",
"fwd_bwd_byte_ratio",
"bytes_per_packet_fwd",
"tcp_flag_anomaly_score",
"payload_density",
"hour_of_day",
"is_off_hours",
"is_well_known_dest_port",
"is_ephemeral_src_port"
],
"categorical_levels": {
"protocol": [
"DNS",
"FTP",
"HTTPS",
"NTP",
"SMTP",
"SSH",
"TCP",
"UDP"
],
"flow_lifecycle_phase": [
"connection_initiation",
"connection_teardown",
"data_transfer",
"protocol_handshake",
"session_maintenance"
],
"source_device_type": [
"cloud_service",
"iot_device",
"mobile_endpoint",
"ot_controller",
"server",
"workstation"
],
"dest_device_type": [
"cloud_service",
"iot_device",
"mobile_endpoint",
"ot_controller",
"server",
"workstation"
],
"segment_type": [
"cloud_workload",
"corporate_lan",
"data_centre_spine",
"dmz_perimeter",
"endpoint_fleet",
"guest_wifi",
"ot_ics_control_network",
"soc_management_plane",
"zero_trust_segment"
],
"firewall_policy": [
"default_deny",
"open_permissive",
"stateful_inspection",
"strict_allowlist",
"zone_based"
],
"qos_policy": [
"best_effort",
"dscp_expedited",
"none",
"priority_queue",
"weighted_fair_queue"
],
"defender_architecture": [
"autoencoder_anomaly",
"ensemble_stacked",
"gradient_boosted_tree",
"isolation_forest",
"lstm_behavioural",
"neural_network_dense",
"rule_based_threshold",
"transformer_sequence"
]
},
"label_to_int": {
"BENIGN": 0,
"MALICIOUS": 1,
"AMBIGUOUS": 2
},
"int_to_label": {
"0": "BENIGN",
"1": "MALICIOUS",
"2": "AMBIGUOUS"
}
} |