You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 line
1.3 KiB
1 line
1.3 KiB
Objective: We want to predict whether the firewall is going to be affected by malware or not or has a vulnerability or not based on various traffic indicators on the firewall.
|
|
|
|
1. License: Free to use
|
|
|
|
2. Data Source: Corporate network
|
|
|
|
3. Field Meanings:
|
|
A. receive_time: Time when the log was received from the firewall.
|
|
B. has_known_vulnerability: Indicates whether the interface has known vulnerabilities or not.
|
|
C. session_id: Numerical identifier for the session.
|
|
D. src_ip: Anonymized IP of the session source.
|
|
E. dst_ip: Anonymized IP of the session destination.
|
|
F. bytes_sent: Number of bytes sent from the client to the server.
|
|
G. bytes_received: Number of bytes received by the client from the server.
|
|
H. packets_sent: Number of packets sent from the client to the server.
|
|
I. packets_received: Number of packets received by the client from the server.
|
|
J. dest_port: Destination port.
|
|
K. src_port: Source port.
|
|
L. used_by_malware: Affected by malware or not.
|
|
|
|
4. Parameter Selection:
|
|
A. Dashboard usage: Predict Categorical Fields
|
|
B. Field to predict: used_by_malware or has_known_vulnerability
|
|
C. Field to use for predicting: bytes_sent, bytes_received, packets_sent, packets_received, dest_port, src_port, has_known_vulnerability (if field to predict is used_by_malware), used_by_malware (if field to predict is has_known_vulnerability)
|