nr-network-known-class-detector / example_records.json
simonmorley's picture
Add nr-network-known-class-detector: v10 public-CVE cut (39 primitives, 9 chains, held-out ROC 0.9082)
215671c verified
Raw
History Blame Contribute Delete
2.96 kB
[
{
"label": "bitcoin:btc_invdos_flood",
"expect": "attack",
"feat": {
"pcap.bytes_per_s": 79402.155,
"pcap.distinct_dst_ips": 1.0,
"pcap.distinct_src_dst_pairs": 295.0,
"pcap.distinct_src_ips": 1.0,
"pcap.duration_s": 7.679,
"pcap.mean_packet_size": 111.385,
"pcap.packet_count": 5474.0,
"pcap.packets_per_s": 712.862,
"pcap.rst_fraction": 0.056,
"pcap.syn_to_handshake_ratio": 0.402,
"pcap.tcp_fin": 1.0,
"pcap.tcp_handshake_ack": 1463.0,
"pcap.tcp_rst": 308.0,
"pcap.tcp_syn": 588.0,
"pcap.tcp_syn_ack": 294.0,
"pcap.tcp_total_packets": 5474.0,
"pcap.top_dst_port": 18444.0,
"pcap.top_dst_port_fraction": 0.484,
"pcap.top_src_port": 18444.0,
"pcap.top_src_port_fraction": 0.516,
"pcap.total_bytes": 609722.0,
"pcap.unique_dst_ports": 5.0,
"pcap.unique_src_ports": 5.0,
"resp.count": 0.0,
"resp.resp_bytes_total": 0.0
}
},
{
"label": "solana:sol_tpu_quic_initial_cpu",
"expect": "attack",
"feat": {
"pcap.bytes_per_s": 13828.406,
"pcap.distinct_dst_ips": 0.0,
"pcap.distinct_src_dst_pairs": 0.0,
"pcap.distinct_src_ips": 0.0,
"pcap.duration_s": 7.035,
"pcap.mean_packet_size": 256.0,
"pcap.packet_count": 380.0,
"pcap.packets_per_s": 54.017,
"pcap.rst_fraction": 0.0,
"pcap.syn_to_handshake_ratio": 0.0,
"pcap.tcp_fin": 0.0,
"pcap.tcp_handshake_ack": 0.0,
"pcap.tcp_rst": 0.0,
"pcap.tcp_syn": 0.0,
"pcap.tcp_syn_ack": 0.0,
"pcap.tcp_total_packets": 0.0,
"pcap.top_dst_port": 0.0,
"pcap.top_dst_port_fraction": 0.0,
"pcap.top_src_port": 0.0,
"pcap.top_src_port_fraction": 0.0,
"pcap.total_bytes": 97280.0,
"pcap.unique_dst_ports": 0.0,
"pcap.unique_src_ports": 0.0,
"resp.count": 0.0,
"resp.resp_bytes_total": 0.0
}
},
{
"label": "bitcoin:benign_bitcoin_mixed_normal",
"expect": "benign",
"feat": {
"pcap.bytes_per_s": 22167.878,
"pcap.distinct_dst_ips": 1.0,
"pcap.distinct_src_dst_pairs": 75.0,
"pcap.distinct_src_ips": 1.0,
"pcap.duration_s": 7.252,
"pcap.mean_packet_size": 112.416,
"pcap.packet_count": 1430.0,
"pcap.packets_per_s": 197.195,
"pcap.rst_fraction": 0.055,
"pcap.syn_to_handshake_ratio": 0.493,
"pcap.tcp_fin": 5.0,
"pcap.tcp_handshake_ack": 300.0,
"pcap.tcp_rst": 78.0,
"pcap.tcp_syn": 148.0,
"pcap.tcp_syn_ack": 74.0,
"pcap.tcp_total_packets": 1430.0,
"pcap.top_dst_port": 18444.0,
"pcap.top_dst_port_fraction": 0.517,
"pcap.top_src_port": 18444.0,
"pcap.top_src_port_fraction": 0.483,
"pcap.total_bytes": 160755.0,
"pcap.unique_dst_ports": 5.0,
"pcap.unique_src_ports": 5.0,
"resp.count": 0.0,
"resp.resp_bytes_total": 0.0
}
}
]