Table 4 Description of selected IoT-23 Features.

1

duration

Duration of the network connection (in seconds)

2

orig_bytes

Number of bytes sent by the originator (source)

3

resp_bytes

Number of bytes sent by the responder (destination)

4

missed_bytes

Number of bytes missed due to dropped packets or data loss

5

orig_pkts

Total number of packets sent by the originator (source)

6

orig_ip_bytes

Total number of bytes, including headers, sent by the originator

7

resp_pkts

Total number of packets sent by the responder (destination)

8

resp_ip_bytes

Total number of bytes, including headers, sent by the responder

9

proto_icmp

Indicates if the connection uses the ICMP protocol (1 if true, 0 if false)

10

proto_tcp

Indicates if the connection uses the TCP protocol (1 if true, 0 if false)

11

proto_udp

Indicates if the connection uses the UDP protocol (1 if true, 0 if false)

12

conn_state_OTH

Connection in an “other” state (unusual states not categorized)

13

conn_state_REJ

The responder rejected the connection

14

conn_state_RSTO

The originator reset the connection

15

conn_state_RSTOS0

The originator sent a reset, and no response was received

16

conn_state_RSTR

The responder reset the connection

17

conn_state_RSTRH

The responder reset the connection after a handshake

18

conn_state_S0

A connection attempt was seen, but no reply was received

19

conn_state_S1

A connection was established, but no data was transferred

20

conn_state_S2

The connection was established, and the originator sent data but received no response

21

conn_state_S3

The connection was established, and the responder sent data but received no originator response

22

conn_state_SF

Connection fully established and terminated normally

23

conn_state_SH

A connection attempt was seen with a SYN-ACK, but there was no response from the originator

24

conn_state_SHR

A connection attempt was seen with a SYN-ACK, followed by a reset