Features

■ Col.1: Duration of connection

■ Col.2: Protocol (TCP, UDP, ICMP)

■ Col.3: Services (http, DNS request, email…)

■ Col. 4: Flags

■ Col.5-9: Header info

■ Col. 10-22: Connection-based info (from payload)

■ Col. 23-31: Time-based info (traffic analysed over a 2 sec. window)

■ Col. 32-42: Host-based info (over multiple connections)

13