OD-IDS2022

The OD-IDS2022 dataset is considered with 82 features, and
it was prepared for a much larger volume of network traffic
containing a total of 1031916 instances with 29 classes. This
the dataset comprises network traffic logs with over 82 different
features and patterns.

1 Apache_fink_directory_traversal (A1) Burp suite [35], apache-fink [36]
2 ARP_Spoofng (A2) arpspoof [37], Netcommander [38]
3 Authenticated Remote Code Execution (A3) Zabbix 5.0.17 [39]
4 BENIGN (A4) Normal Browsing
5 Brute Force Attacks (A5) Aircrack-ng [40], John the Ripper [41]
6 Denial-of-service (A6) libupnp [42], DoSePa [43], jQuery UI [44]
7 Distributed_denial-of-service (A7) Slowloris [45], Smurf6 [46], Trinoo [47]
8 DLL Hijacking (A8) DLLSpy [48]
9 EXE Hijacking (A9) GlassWireSetup [49]
10 EXE HijackinPrintNightMare-RCE [50] (A10) Eval Injection [51]
11 Exploiting Node Deserialization [52] (A11) Burp suite [35], serialization/deserialization module
12 Firmware Vulnerabilitie (A12) TrickBot’s [53]
13 Fragmented Packet Attacks (A13) Teardrop ICMP/UDP, IPFilter [54]
14 Google Chrome Remote Code Execution via Browser [55] (A14) Incorrect-security-UI vulnerability
15 Kernel Exploitation [56] (A15) xairy/linux-kernel-exploitation
16 ManageEngine ADSelfService Plus 6.1 - CSV Injection [57] (A16) python script
17 Man-in-the-middle (A17) Burp suite, Mitmproxy [58], Python script
18 Persistent Cross-Site Scripting in Blog page (A18) DVWA [59], stolen cookie [60], JavaScript keylogger
19 Print Spooler Service - Local Privilege Escalation [61] (A19) PrintDemon
20 Privilege Escalation Using Unquoted Service Path [62] (A20) Exploiting Unquoted Service path
21 Ransomware (Malware) (A21) MalwareBuster[63], Malware Infections, WannaCry [64]
22 Remote Code Execution via Unrestricted File Upload access [66] (A22) Bypassing client-side fltering
23 Slow_HTTP_attack (A23) slowhttptest [67]
24 SYN Floods (A24) aSYNcrone [68], OWASP ZAP [69]
25 TCP_Session_Hijacking (A25) Burp Suite, Ettercap [71]
26 Time-based SQL Injection (A26) SQLMap [72], BBQSQL [73]
27 Unauthenticated Arbitrary File Upload (A27) Joomla Core [74]
28 Unauthenticated RCE in Credit Card Customer Care System (A28) Log4j2 Vulnerability [75]
29 Webmin 1.962 - Package Update Escape Bypass RCE [76] (A29) MetasploitModule

OD-IDS2022 Features, Relative Importance, Scaled Importance, Percentage, and Descriptions

1 SrcIP 742453.5 1 0.4976 Attacker IP
2 SrcPort 183333.3438 0.2469 0.1229 Attacker Port
3 DstIP 114376.6641 0.1541 0.0767 Target IP
4 DstPort 113926.8359 0.1534 0.0764 Target Port
5 Protocol 3926.4497 0.0053 0.0026 Protocol Used
6 FlowDuration 1099.5739 0.0015 0.0007 Flow time in seconds
7 TotFwdPkts 3279.6143 0.0044 0.0022 Total network packets count in the forward fow
8 TotBwdPkts 9419.3105 0.0127 0.0063 Total network packets count in reverse
9 TotLenFwdPkts 339.6275 0.0005 0.0002 Total nework packet size in forward fow
10 TotLenBwdPkts 87.9262 0.0001 0.0001 Total network packet size in backward fow
11 FwdPktLenMax 1466.9271 0.002 0.001 Maximum length of forward packets
12 FwdPktLenMin 5650.416 0.0076 0.0038 Minimum length of forward packets
13 FwdPktLenMean 679.7752 0.0009 0.0005 Average packet size in the forward fow
14 FwdPktLenStd 987.6306 0.0013 0.0007 Standard deviation of network packet lengths in the forward fow
15 BwdPktLenMax 3929.5999 0.0053 0.0026 Maximum length of network packets in reverse fow
16 BwdPktLenMin 9292.5625 0.0125 0.0062 Minimum network packet size in the reverse fow
17 BwdPktLenMean 2547.7148 0.0034 0.0017 Average length of network packets in reverse fow
18 BwdPktLenStd 1636.4076 0.0022 0.0011 Standard deviation size of the network packet in the reverse fow
19 FlowByts/s 964.0507 0.0013 0.0006 Number of bytes fowing per second
20 FlowPkts/s 1854.9344 0.0025 0.0012 Number of packets fowing per second
21 FlowIATMean 145.0229 0.0002 0.0001 Mean of arrival times of packages
22 FlowIATStd 374.4635 0.0005 0.0003 Standard deviation of arrival times of packages
23 FlowIATMax 190.9945 0.0003 0.0001 Maximum Arrival Time of Packages
24 FlowIATMin 835.8781 0.0011 0.0006 Minimum Arrival Time of Packages
25 FwdIATTot 113.5827 0.0002 0.0001 Total time connecting two network packets sent forward fow
26 FwdIATMean 107.2331 0.0001 0.0001 Average time connecting two network packets sent in the fow
27 FwdIATStd 178.3949 0.0002 0.0001 Standard deviation of the time connecting two network packets sent in fow
28 FwdIATMax 354.6124 0.0005 0.0002 Maximum arrival time of packages in the fow
29 FwdIATMin 594.3224 0.0008 0.0004 Minimum time connecting two network packets sent in the direct fow
30 BwdIATTot 166.9702 0.0002 0.0001 Total time connecting two network packets sent backwards
31 BwdIATMean 359.9548 0.0005 0.0002 Average time connecting two network packets sent in the reverse fow
32 BwdIATStd 424.4207 0.0006 0.0003 standard deviation of time connecting
33 BwdIATMax 901.3358 0.0012 0.0006 Maximum time connecting two network packets sent backwards
34 BwdIATMin 14872.9756 0.02 0.01 Minimum time connecting two network packets sent back
35 FwdPSHFlags 0 0 0 N times the PSH fags were set in network packets traveling in the forward
fow (0 for UDP)
36 BwdPSHFlags 1251.521 0.0017 0.0008 N times the PSH fags are alive on network packets traveling backwards (0
for UDP)
37 FwdURGFlags 0 0 0 N times the URG fags are alive in forward-moving network packets (0 for
UDP)
38 BwdURGFlags 0 0 0 N times the URG fags are alive in network packets traveling backwards (0
for UDP)
39 FwdHeaderLen 2313.5061 0.0031 0.0016 Total bytes used for forward headers
40 BwdHeaderLen 7100.9326 0.0096 0.0048 Total bytes used for reverse headers
41 FwdPkts/s 1991.4585 0.0027 0.0013 Number of direct network packets per second
42 BwdPkts/s 151076.5469 0.2035 0.1013 Number of reverse network packets per second
43 PktLenMin 27233.8086 0.0367 0.0183 Minimum length of a stream
44 PktLenMax 4576.7539 0.0062 0.0031 Maximum length of a stream
45 PktLenMean 2547.7148 0.0034 0.0017 Average length of a stream
46 PktLenStd 2124.1421 0.0029 0.0014 Standard deviation of a stream
47 PktLenVar 29.6662 0 0 Length variance of a stream
48 FINFlagCnt 12924.834 0.0174 0.0087 Number of packages with FIN
49 SYNFlagCnt 881.4092 0.0012 0.0006 Number of network packets with SYN
50 RSTFlagCnt 89.8413 0.0001 0.0001 Number of network packets containing RST
51 PSHFlagCnt 0 0 0 Number of PUSHed network packets
52 ACKFlagCnt 0 0 0 Number of ACK network packets
53 URGFlagCnt 0 0 0 Number of packages containing URG
54 CWEFlagCount 99.3115 0.0001 0.0001 Number of network packets containing CWE
55 ECEFlagCnt 0 0 0 Number of packages containing ECE
56 Down/UpRatio 41191.2852 0.0555 0.0276 Download and upload rate
57 PktSizeAvg 1182.2847 0.0016 0.0008 Median package size
58 FwdSegSizeAvg 0.5162 0 0 Median size observed in the forward fow
59 BwdSegSizeAvg 0 0 0 Median size observed in the reverse fow
60 FwdByts/bAvg 0 0 0 Median number of bytes/mass ratio in forward fow
61 FwdPkts/bAvg 0 0 0 Median number of network packets/mass ratio in the forward fow
62 FwdBlkRateAvg 0 0 0 Median number of mass ratio in forward fow
63 BwdByts/bAvg 0 0 0 Median number of bytes/mass ratio in reverse fow
64 BwdPkts/bAvg 0 0 0 Median number of packages/mass ratio in the reverse fow
65 BwdBlkRateAvg 0 0 0 Median number of mass ratio in reverse fow
66 SubfowFwdPkts 1.0204 0 0 Median number of network packets in a downstream substream
67 SubfowFwdByts 5.0323 0 0 Median number of bytes in a substream in the direct fow
68 SubfowBwdPkts 3.2832 0 0 Median number of network packets in a downstream substream
69 SubfowBwdByts 3.2832 0 0 Median number of bytes in a downstream substream
70 InitFwdWinByts 0 0 0 Number of bytes sent in the beginning window in forward fow
71 InitBwdWinByts 5942.2227 0.008 0.004 Number of bytes sent in the beginning window in reverse fow
72 FwdActDataPkts 1865.947 0.0025 0.0013 Number of network packets with a TCP payload of at least 1 byte in the
forward fow
73 FwdSegSizeMin 0 0 0 Average number of mass ratio in reverse fow
74 ActiveMean 138.0705 0.0002 0.0001 Average time a fow was alive prior to going idle
75 ActiveStd 109.5522 0.0001 0.0001 Standard deviation of time a stream was alive prior to it was idle
76 ActiveMax 769.4111 0.001 0.0005 Maximum time a stream was alive prior to it was idle
77 ActiveMin 366.9055 0.0005 0.0002 Minimum time a fow was alive prior to going idle
78 IdleMean 1170.6119 0.0016 0.0008 Average time a stream is idle prior to it becomes active
79 IdleStd 210.679 0.0003 0.0001 The standard deviation of the time a stream is idle prior to it becomes active
80 IdleMax 4097.1211 0.0055 0.0027 Maximum time a stream is idle prior to it becomes active
81 IdleMin 1196.0841 0.0016 0.0008 Minimum time a stream is idle prior to it becomes active
82 Label – – – Attack tag