Created
October 19, 2016 06:44
-
-
Save agibsonccc/0e0b7fff71ee88df08e25eb11220b41b to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "initialSchema" : { | |
| "Schema" : { | |
| "columns" : [ { | |
| "String" : { | |
| "name" : "source ip" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "source port" | |
| } | |
| }, { | |
| "String" : { | |
| "name" : "destination ip" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "destination port" | |
| } | |
| }, { | |
| "String" : { | |
| "name" : "transaction protocol" | |
| } | |
| }, { | |
| "String" : { | |
| "name" : "state" | |
| } | |
| }, { | |
| "Double" : { | |
| "name" : "total duration", | |
| "allowNaN" : false, | |
| "allowInfinite" : false | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "source-dest bytes" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "dest-source bytes" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "source-dest time to live" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "dest-source time to live" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "source packets lost" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "destination packets lost" | |
| } | |
| }, { | |
| "String" : { | |
| "name" : "service" | |
| } | |
| }, { | |
| "Double" : { | |
| "name" : "source bits per second", | |
| "allowNaN" : false, | |
| "allowInfinite" : false | |
| } | |
| }, { | |
| "Double" : { | |
| "name" : "destination bits per second", | |
| "allowNaN" : false, | |
| "allowInfinite" : false | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "source-destination packet count" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "dest-source packet count" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "source TCP window adv" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "dest TCP window adv" | |
| } | |
| }, { | |
| "Long" : { | |
| "name" : "source TCP base sequence num" | |
| } | |
| }, { | |
| "Long" : { | |
| "name" : "dest TCP base sequence num" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "source mean flow packet size" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "dest mean flow packet size" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "transaction pipelined depth" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "content size" | |
| } | |
| }, { | |
| "Double" : { | |
| "name" : "source jitter ms", | |
| "allowNaN" : false, | |
| "allowInfinite" : false | |
| } | |
| }, { | |
| "Double" : { | |
| "name" : "dest jitter ms", | |
| "allowNaN" : false, | |
| "allowInfinite" : false | |
| } | |
| }, { | |
| "String" : { | |
| "name" : "timestamp start" | |
| } | |
| }, { | |
| "String" : { | |
| "name" : "timestamp end" | |
| } | |
| }, { | |
| "Double" : { | |
| "name" : "source interpacket arrival time", | |
| "allowNaN" : false, | |
| "allowInfinite" : false | |
| } | |
| }, { | |
| "Double" : { | |
| "name" : "destination interpacket arrival time", | |
| "allowNaN" : false, | |
| "allowInfinite" : false | |
| } | |
| }, { | |
| "Double" : { | |
| "name" : "tcp setup round trip time", | |
| "allowNaN" : false, | |
| "allowInfinite" : false | |
| } | |
| }, { | |
| "Double" : { | |
| "name" : "tcp setup time syn syn_ack", | |
| "allowNaN" : false, | |
| "allowInfinite" : false | |
| } | |
| }, { | |
| "Double" : { | |
| "name" : "tcp setup time syn_ack ack", | |
| "allowNaN" : false, | |
| "allowInfinite" : false | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "equal ips and ports" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "count time to live" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "count flow http methods" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "is ftp login" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "count ftp commands" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "count same service and source" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "count same service and dest" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "count same dest" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "count same source" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "count same source addr dest port" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "count same dest addr source port" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "count same source dest address" | |
| } | |
| }, { | |
| "String" : { | |
| "name" : "attack category" | |
| } | |
| }, { | |
| "Integer" : { | |
| "name" : "label" | |
| } | |
| } ] | |
| } | |
| }, | |
| "actionList" : [ { | |
| "transform" : { | |
| "RemoveColumnsTransform" : { | |
| "columnsToRemove" : [ "timestamp start", "timestamp end", "source ip", "destination ip", "source TCP base sequence num", "dest TCP base sequence num" ] | |
| } | |
| } | |
| }, { | |
| "filter" : { | |
| "FilterInvalidValues" : { | |
| "filterAnyInvalid" : false, | |
| "columnsToFilterIfInvalid" : [ "source port", "destination port" ] | |
| } | |
| } | |
| }, { | |
| "transform" : { | |
| "RemoveWhiteSpaceTransform" : { | |
| "columnName" : "attack category" | |
| } | |
| } | |
| }, { | |
| "transform" : { | |
| "ReplaceEmptyStringTransform" : { | |
| "columnName" : "attack category", | |
| "value" : "none" | |
| } | |
| } | |
| }, { | |
| "transform" : { | |
| "ReplaceEmptyIntegerWithValueTransform" : { | |
| "columnName" : "count flow http methods", | |
| "value" : 0 | |
| } | |
| } | |
| }, { | |
| "transform" : { | |
| "ReplaceInvalidWithIntegerTransform" : { | |
| "columnName" : "count ftp commands", | |
| "value" : 0 | |
| } | |
| } | |
| }, { | |
| "transform" : { | |
| "ConditionalTransform" : { | |
| "column" : "is ftp login", | |
| "newVal1" : 1, | |
| "newVal2" : 0, | |
| "filterColIdx" : 11, | |
| "filterCol" : "service", | |
| "filterVal" : [ "ftp", "ftp-data" ] | |
| } | |
| } | |
| }, { | |
| "transform" : { | |
| "ReplaceEmptyIntegerWithValueTransform" : { | |
| "columnName" : "count flow http methods", | |
| "value" : 0 | |
| } | |
| } | |
| }, { | |
| "transform" : { | |
| "StringMapTransform" : { | |
| "columnName" : "attack category", | |
| "map" : { | |
| "Backdoors" : "Backdoor" | |
| } | |
| } | |
| } | |
| }, { | |
| "transform" : { | |
| "StringToCategoricalTransform" : { | |
| "columnName" : "attack category", | |
| "stateNames" : [ "none", "Exploits", "Reconnaissance", "DoS", "Generic", "Shellcode", "Fuzzers", "Worms", "Backdoor", "Analysis" ] | |
| } | |
| } | |
| }, { | |
| "transform" : { | |
| "StringToCategoricalTransform" : { | |
| "columnName" : "service", | |
| "stateNames" : [ "-", "dns", "http", "smtp", "ftp-data", "ftp", "ssh", "pop3", "snmp", "ssl", "irc", "radius", "dhcp" ] | |
| } | |
| } | |
| }, { | |
| "transform" : { | |
| "MapAllStringsExceptListTransform" : { | |
| "columnName" : "transaction protocol", | |
| "newValue" : "other", | |
| "exceptions" : [ "tcp", "udp", "sctp", "unas", "ospf", "arp" ] | |
| } | |
| } | |
| }, { | |
| "transform" : { | |
| "StringToCategoricalTransform" : { | |
| "columnName" : "transaction protocol", | |
| "stateNames" : [ "unas", "sctp", "ospf", "tcp", "udp", "arp", "other" ] | |
| } | |
| } | |
| }, { | |
| "transform" : { | |
| "MapAllStringsExceptListTransform" : { | |
| "columnName" : "state", | |
| "newValue" : "other", | |
| "exceptions" : [ "RST", "CON", "FIN", "INT", "REQ" ] | |
| } | |
| } | |
| }, { | |
| "transform" : { | |
| "StringToCategoricalTransform" : { | |
| "columnName" : "state", | |
| "stateNames" : [ "FIN", "CON", "INT", "RST", "REQ", "other" ] | |
| } | |
| } | |
| }, { | |
| "transform" : { | |
| "IntegerToCategoricalTransform" : { | |
| "columnName" : "label", | |
| "map" : { | |
| "0" : "normal", | |
| "1" : "attack" | |
| } | |
| } | |
| } | |
| }, { | |
| "transform" : { | |
| "IntegerToCategoricalTransform" : { | |
| "columnName" : "equal ips and ports", | |
| "map" : { | |
| "0" : "notEqual", | |
| "1" : "equal" | |
| } | |
| } | |
| } | |
| }, { | |
| "transform" : { | |
| "IntegerToCategoricalTransform" : { | |
| "columnName" : "is ftp login", | |
| "map" : { | |
| "0" : "not ftp", | |
| "1" : "ftp login" | |
| } | |
| } | |
| } | |
| }, { | |
| "transform" : { | |
| "RemoveColumnsTransform" : { | |
| "columnsToRemove" : [ "label" ] | |
| } | |
| } | |
| } ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment