Table 1 Example features extracted from Snort alerts for an investigated internal host
From: A quality metric for IDS signatures: in the wild the size matters
Feature | Value |
|---|---|
Contacted remote hosts | {a.b.c.d, k.l.m.n} |
Target remote services | {80} |
Target local services | {80,135,443} |
Severe alert count | 271 |
Infection duration (hours) | 23 |
Severe alerts triggered (IDs) | {2801953, 2012642, 2912939, 240001} |