Outlier CCThreshold KDDCup99

// CCThreshold=0.001, jlh=131, time:1298.
318
1222
0
0
0
0
1226
0
0
0
0
1228
0
0
0
0
1230
0
0
0
0
1236
0
0
0
0
1241
0
0
0
0
1243
2
0
0
0.04
1244
1
0
0
0.04
1247
0
0
0
0
1248
0
0
0
0
1249
0
0
0
0
1250
0
0
0
0
0
0.43
0
0
0
0
0.33
0
0
0
0
0
0
0
0
0
0.17
0
0
0
0
0
0
0
0
0
0
0
192
0
0
0
0
179
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
tcp
http
1
0
0
5
5
255
normal
tcp
http
1
0
0
1
1
255
normal
tcp
http
1
0
0
2
18
255
normal
tcp
http
1
0
0
11
38
255
normal
tcp
http
1
0
0
1
17
255
normal
tcp
http
1
0
0
19
19
255
normal
tcp
ftp
1
0
1
1
255
1
multihop
tcp
ftp
1
0
1
1
255
2
multihop
tcp
http
1
0
0
15
15
96
normal
tcp
http
1
0
0
25
25
106
normal
tcp
http
1
0
0
8
35
116
normal
tcp
http
1
0
0
1
SF
0
7
1
223
0
0
0
17159
0
0
0.2
0
0
0
0.07
0
0
0
0
0
0
1
0
SF
0
6
1
253
0
0
0
2235
0
0
1
0
0
0
0.07
0
0
0
0
0
0
1
0
SF
0
2
1
177
0
0
0
1155
0
0
0.06
0
0
0
0.07
0
0
0
0
0
0
1
0
SF
0
12
1
291
0
0
0
15560
0
0
0.03
0
0
0
0.06
0
0
0
0
0
0
1
0
SF
0
1
1
147
0
0
0
971
0
0
0.06
0
0
0
0.06
0
0
0
0
0
0
1
0
SF
0
19
1
293
0
0
0
15441
0
0
0.05
0
0
0
0.04
0
0
0
0
0
0
1
0
SF
0
1
0
119
0
0
0.01
426
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
SF
0
1
0.01
87
0
0
0.01
319
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
SF
0
15
1
209
0
0
0
3008
0
0
0.07
0
0
0
0.04
0
0
0
0
0
0
1
0
SF
0
25
1
210
0
0
0
505
0
0
0.04
0
0
0
0.04
0
0
0
0
0
0
1
0
SF
0
8
1
222
0
0
0
861
0
0
0.03
0
0
0
0.03
0
0
0
0
0
0
1
0
SF
0
1
229
0
0
2611
0
0
0
0
0
0
0
0
0
0
1
0
0
1251
0
0
0
0
1252
0
0
0
0
1258
2
0
0
0
1265
0
0
0
0
1269
0
0
0
0
1270
0
0
0
0
1284
0
0
0
0
1285
0
0
0
0
1293
0
0
0
0
1299
0
0
1
0
1300
0
0
1
0
1301
0
0
0
0
0
0
0
0
0
0
0
0
0
0
6
0
0
0
0
0
0
0
1
0
0
0
0
0.15
0
0
0
0
0.11
0
337
0
0
0
0
299
0
0
0
0
0
0
0
0.38
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
normal
tcp
1
0
11
normal
tcp
1
0
21
normal
tcp
1
0
255
phf
tcp
1
0
255
normal
tcp
1
0
3
normal
tcp
1
0
10
normal
tcp
1
0
255
spy
tcp
0
0
255
spy
tcp
1
0
255
normal
tcp
1
0
1
normal
udp
0
0
1
0
tcp
1
0
126
0.04
http
0
6
136
SF
0
6
1
240
0
0
0
647
0
0
0.09
0
0
0
0.04
0
0
0
0
0
0
1
0
http
0
16
146
SF
0
16
1
232
0
0
0
268
0
0
0.05
0
0
0
0.03
0
0
0
0
0
0
1
0
http
0
1
249
SF
1
1
0.98
51
0
0
0.01
8127
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
http
0
1
255
SF
0
2
1
235
0
0
0
2063
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
0
1
255
SF
0
13
1
166
0
0
0
164
0
0
0.33
0
0
0
0.01
0
0
0
0
0
0
1
0
http
0
10
255
SF
0
19
1
293
0
0
0
38125
0
0
0.1
0
0
0
0.01
0
0
0
0
0
0
1
0
telnet
0
1
47
SF
0
1
0.18
237
1
0
0.02
1540
0
0
0
0
1
0
0
0
1
0
0.22
0
1
1
0.32
telnet
0
1
48
SF
0
1
0.19
112
0
0
0.02
847
0
0
0
0
0
0
0
0
0
0
0.22
0
0
1
0.31
http
0
4
255
SF
0
8
1
215
0
0
0
1108
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
smtp
0
2
1
SF
0
1
1
2936
0
0
0
329
0
0
1
0
0
0
0
0
0
0
0
0
0
0.5
0
domain_u
0
0
0
1
11
2
normal
smtp
SF
0
0
1
1
SF
0
2
0.18
30
0
0
0.27
0
0
0
0.18
0
0
0
0
0
0
0
0
3498
0
0
328
0
0
0
0
0
0
0
0
0
0
1
0
0
1302
0
0
0
0
1303
0
0
0
0
1304
0
0
1
0
1305
0
0
0
0
1306
0
0
0
0
1307
0
0
1
0
1308
0
0
1
0
1309
0
0
1
0
1310
0
0
0
0
1311
0
0
0
0
1312
0
0
0
0
1313
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
3
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
1
0
0
0
0
1
0
0
0
0
0
0
0
0
0
21
normal
tcp
1
0
31
normal
tcp
1
0
41
normal
udp
0
0
1
0
tcp
1
0
61
normal
tcp
1
0
71
normal
tcp
1
0
81
normal
tcp
1
0
91
normal
udp
0
0
1
0
tcp
1
0
111
normal
tcp
1
0
121
normal
tcp
1
0
17
normal
tcp
1
0
14
0.67
0.19
0.05
auth
0
1
4
SF
0
1
0.13
9
0
0
0.13
34
0
0
0.03
0
0
0
0
0
0
0
0
0
0
1
0
smtp
0
1
27
SF
0
1
0.66
841
0
0
0.12
328
0
0
0.02
0
0
0
0
0
0
0
0
0
0
1
0
domain_u
0
0
0
1
51
9
normal
smtp
SF
0
0
1
2
42
0.69
SF
0
2
0.18
33
0
0
0.1
0
0
0
0.18
0
0
0
0
0
0
0
0
2029
0
0
0.08
491
0
0
0.02
0
0
0
0
0
0
0
0
0
0
1
0
smtp
0
1
48
SF
0
1
0.68
1565
0
0
0.07
328
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
auth
0
2
7
SF
0
1
0.09
10
0
0
0.06
39
0
0
0.01
0
0
0
0
0
0
0
0
0
0
0.5
0
smtp
0
2
61
SF
0
1
0.67
1848
0
0
0.05
328
0
0
0.01
0
0
0
0
0
0
0
0
0
0
0.5
0
domain_u
0
0
0
1
101
21
normal
smtp
SF
0
0
1
3
71
0.64
SF
0
2
0.21
33
0
0
0.05
0
0
0
0.21
0
0
0
0
0
0
0
0
878
0
0
0.05
360
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
smtp
0
1
79
SF
0
2
0.65
1301
0
0
0.04
330
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
http
0
3
17
SF
0
3
1
215
0
0
0
12884
0
0
0.06
0
0
0
0
0
0
0
0
0
0
1
0
http
0
2
SF
0
2
227
0
0
1415
0
0
0
0
0
0
0
0
0
0
1
0
0
1314
0
0
0
0
1315
0
0
0
0
1316
0
0
0
0
1317
0
0
0
0
1318
0
0
0
0
1319
0
0
0
0
1320
0
0
0
0
1321
0
0
0
0
1322
0
0
0
0
1323
0
0
0
0
1324
0
0
0
0
1325
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0.14
0
0
0
0
0.14
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
27
normal
tcp
1
0
37
normal
tcp
1
0
47
normal
tcp
1
0
57
normal
tcp
1
0
67
normal
tcp
1
0
77
normal
tcp
1
0
87
normal
tcp
1
0
97
normal
tcp
1
0
107
normal
tcp
1
0
117
normal
tcp
1
0
127
normal
tcp
1
0
137
normal
tcp
1
0
27
0.04
http
0
7
37
SF
0
7
1
296
0
0
0
1227
0
0
0.03
0
0
0
0
0
0
0
0
0
0
1
0
http
0
1
47
SF
0
1
1
277
0
0
0
2295
0
0
0.02
0
0
0
0
0
0
0
0
0
0
1
0
http
0
7
57
SF
0
7
1
296
0
0
0
1227
0
0
0.02
0
0
0
0
0
0
0
0
0
0
1
0
http
0
3
67
SF
0
3
1
173
0
0
0
1493
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
http
0
10
77
SF
0
14
1
324
0
0
0
1227
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
http
0
9
87
SF
0
14
1
172
0
0
0
4145
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
http
0
8
97
SF
0
8
1
325
0
0
0
2531
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
http
0
5
107
SF
0
5
1
198
0
0
0
12884
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
http
0
4
117
SF
0
4
1
214
0
0
0
12884
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
http
0
3
127
SF
0
3
1
294
0
0
0
1415
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
http
0
1
137
SF
0
1
1
146
0
0
0
13187
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
http
0
11
SF
0
11
158
0
0
11889
0
0
0
0
0
0
0
0
0
0
1
0
0
1326
0
0
0
0
1327
0
0
0
0
1328
0
0
0
0
1332
0
0
0
0
1335
0
0
0
0
1337
0
0
0
0
1348
0
0
0
0
1349
0
0
0
0
1353
0
0
0
0
1357
1
0
0
0
1359
0
0
0
0
1366
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0.1
0
0
0
0
0.67
0
60
1
0
0
0
708
0
0
0
0
0
0
0
0.07
0
0
0
0
0
0
0
0
0
0.5
0
0
0
0
147
normal
tcp
1
0
157
normal
tcp
1
0
167
normal
tcp
1
0
177
normal
tcp
1
0
217
normal
tcp
1
0
247
normal
tcp
1
0
5
normal
tcp
0
0
255
rootkit
tcp
1
0
255
rootkit
tcp
1
0
47
normal
tcp
1
0
19
normal
tcp
1
0
3
normal
tcp
1
0
147
0.01
http
0
10
157
SF
0
10
1
223
0
0
0
1415
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
http
0
2
167
SF
0
2
1
297
0
0
0
2531
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
http
0
1
177
SF
0
1
1
305
0
0
0
106426
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
http
0
1
217
SF
0
3
1
232
0
0
0
13187
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
0
9
247
SF
0
21
1
173
0
0
0
11889
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
0
1
255
SF
0
3
1
167
0
0
0
2375
0
0
0.2
0
0
0
0.01
0
0
0
0
0
0
1
0
telnet
0
1
1
SF
0
1
0
86
0
0
0.02
183
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
telnet
6
1
3
SF
0
1
0.01
1727
0
0
0.02
24080
7
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
0
13
255
SF
0
28
1
204
0
0
0
74810
0
0
0.02
0
0
0
0.01
0
0
0
0
0
0
1
0
http
0
19
255
SF
1
19
1
272
0
0
0
60397
0
0
0.05
0
0
0
0.01
0
0
0
0
0
0
1
0
http
0
3
255
SF
0
4
1
263
0
0
0
4895
0
0
0.33
0
0
0
0.02
0
0
0
0
0
0
1
0
http
0
10
SF
0
11
240
0
0
125015 0
0
0
0
0
0
0
0
0
0
1
0
0
1368
0
0
0
0
1371
0
0
0
0
1372
0
0
0
0
1373
0
0
0
0
1377
0
0
0
0
1385
0
0
0
0
1386
0
0
0
0
1388
0
0
0
0
1389
0
0
0
0
1391
0
0
0
0
1394
0
0
0
0
1397
0
0
0.18
0
0
0
0
0.27
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0.67
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0.06
0
0
0
0
1
0
0
0
0
0.67
0
0
0
0
0.67
0
0
0
0
73
normal
tcp
1
0
93
normal
icmp
0
0
1
pod
icmp
0
0
2
pod
tcp
1
0
1
normal
tcp
1
0
154
normal
tcp
1
0
3
normal
tcp
1
0
13
normal
tcp
1
0
33
normal
tcp
1
0
6
normal
tcp
1
0
26
normal
tcp
1
0
56
normal
tcp
1
0
255
0.01
0.02
http
0
9
255
SF
0
11
1
256
0
0
0
125015
0
0
0.01
0
0
0
0.02
0
0
0
0
0
0
1
0
ecr_i
0
1
19
SF
0
1
1
1480
0
0
0
0
0
0
1
0
0
0
0.53
1
0
0
0
0
0
1
0
ecr_i
0
2
20
SF
0
2
1
1480
0
0
0
0
0
0
1
0
0
0
0.5
1
0
0
0
0
0
1
0
http
0
1
255
SF
0
1
1
232
0
0
0
15681
0
0
1
0
0
0
0.03
0
0
0
0
0
0
1
0
http
0
2
255
SF
0
3
1
297
0
0
0
373
0
0
0.01
0
0
0
0.02
0
0
0
0.01
0
0
1
0
http
0
3
255
SF
0
3
1
291
0
0.33
0
1236
0
0.33
0.33
0
0
0
0.04
0
0
0
0.33
0
0
1
0
http
0
13
255
SF
0
13
1
292
0
0.08
0
10420
0
0.08
0.08
0
0
0
0.04
0
0
0
0.08
0
0
1
0
http
0
33
255
SF
0
34
1
301
0
0.03
0
1349
0
0.03
0.03
0
0
0
0.04
0
0
0
0.03
0
0
1
0
http
0
1
255
SF
0
2
1
310
0
0
0
759
0
0
0.17
0
0
0
0.05
0
0
0
0
0
0
1
0
http
0
2
255
SF
0
6
1
233
0
0
0
760
0
0
0.04
0
0
0
0.05
0
0
0
0
0
0
1
0
http
0
2
255
SF
0
3
1
209
0
0
0
757
0
0
0.02
0
0
0
0.05
0
0
0
0
0
0
1
0
http
0
1
SF
0
2
210
0
0
755
0
0
0
0
0
0
0
0
0
0
1
0
0
1401
0
0
0
0
1402
0
0
0
0
1403
1
0
0
0.94
1404
2
0
0
0.04
1405
1
0
0
0.04
1406
0
0
0
0
1407
0
0
0
0
1413
0
0
0
0
1421
0
0
0
0
1422
0
0
0
0
1423
0
0
0
0
1426
0
0
1
0
0
0
0
0.5
0
0
0
0
0.33
0
0
1
0
0
0.94
192
0
0
0
0
179
0
0
0
0
0
0
0
0.75
0
0
0
0
0
0
0
0
0
0.5
0
0
0
0
0.5
0
0
0
0
0.5
0
0
0
0
0
0
0
0
0
86
255
normal
tcp
http
1
0
0
4
43
255
normal
tcp
http
1
0
0
2
53
255
normal
tcp
telnet
0
0
0
2
16
16
guess_passwd
tcp
ftp
1
0
1
1
255
1
multihop
tcp
ftp
1
0
1
1
255
2
multihop
tcp
http
1
0
0
1
63
255
normal
tcp
http
1
0
0
1
73
255
normal
tcp
http
1
0
0
3
133
255
normal
tcp
http
1
0
0
3
213
255
normal
tcp
http
1
0
0
3
223
255
normal
tcp
http
1
0
0
1
233
255
normal
tcp
http
1
0
0
6
0.01
0.04
SF
0
6
1
220
0
0
0
891
0
0
0.02
0
0
0
0.03
0
0
0
0
0
0
1
0
SF
0
9
1
185
0
0
0
1263
0
0
0.02
0
0
0
0.03
0
0
0
0
0
0
1
0
RSTO
0
2
1
126
0
0
0
179
0
0
0.06
0
0
1
0
0
0
1
0.06
0
0
1
0.06
SF
0
1
0
119
0
0
0.01
426
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
SF
0
1
0.01
87
0
0
0.01
319
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
SF
0
4
1
221
0
0
0
316
0
0
0.02
0
0
0
0.03
0
0
0
0
0
0
1
0
SF
0
1
1
141
0
0
0
16617
0
0
0.01
0
0
0
0.02
0
0
0
0
0
0
1
0
SF
0
4
1
296
0
0
0
784
0
0
0.01
0
0
0
0.02
0
0
0
0
0
0
1
0
SF
0
4
1
308
0
0
0
316
0
0
0
0
0
0
0.02
0
0
0
0
0
0
1
0
SF
0
4
1
303
0
0
0
784
0
0
0
0
0
0
0.02
0
0
0
0
0
0
1
0
SF
0
1
1
158
0
0
0
16617
0
0
0
0
0
0
0.02
0
0
0
0
0
0
1
0
SF
0
10
191
0
0
891
0
0
0
0
0
0
0
0
0
0
1
0
0
1427
0
0
0
0
1428
0
0
0
0
1429
0
0
0
1
1430
0
0
0
1
1431
1
0
0
1
1432
1
0
0
1
1433
1
0
0
1
1436
0
0
0
0
1439
0
0
0
0
1443
0
0
0
0
1444
0
0
0
0
1445
0
0
0.2
0
0
0
0
0.29
0
0
0
0
0.4
0
14
0
0
0
1
12
0
0
0
1
13
0
0
0
1
14
0
0
0
1
11
0
0
0
1
0
0
0
0.29
0
0
0
0
0
0
0
0
0
0.67
0
0
0
0
0.5
0
0
0
0
255
normal
tcp
1
0
255
normal
tcp
1
0
255
normal
tcp
1
0
1
back
tcp
1
0
2
back
tcp
1
0
3
back
tcp
1
0
4
back
tcp
1
0
5
back
tcp
1
0
255
normal
tcp
1
0
255
normal
tcp
1
0
255
normal
tcp
1
0
255
normal
tcp
1
0
255
http
0
5
255
SF
0
7
1
208
0
0
0
944
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
0
4
255
SF
0
5
1
217
0
0
0
841
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
0
1
1
RSTR
0
1
1
42340
0
0
0
1460
0
0
1
0
0
1
0
0
0
1
0
0
0
1
0
http
0
2
2
RSTR
0
2
1
13140
0
0
0
1460
0
0
0.5
0
0
1
0
0
0
1
0
0
0
1
0
http
0
3
3
RSTR
0
3
1
51100
0
0
0
4380
0
0
0.33
0
0
1
0
0
0
1
0
0
0
1
0
http
0
4
4
RSTR
0
4
1
33580
0
0
0
7300
0
0
0.25
0
0
1
0
0
0
1
0
0
0
1
0
http
0
5
5
RSTR
0
5
1
26280
0
0
0
1460
0
0
0.2
0
0
1
0
0
0
1
0
0
0
1
0
http
0
6
255
SF
0
7
1
207
0
0
0
2071
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
0
1
255
SF
0
1
1
288
0
0
0
22351
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
0
2
255
SF
0
3
1
291
0
0
0
2111
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
0
3
255
SF
0
4
1
278
0
0
0
944
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
0
2
SF
0
3
303
0
0
934
0
0
0
0
0
0
0
0
0
0
1
0
0
1454
0
0
0
0
1456
0
0
0
0
1465
0
0
0
0
1471
0
0
0
0
1472
0
0
0
0
1476
2
0
0
0
1477
0
0
0
0
1478
0
0
0
0
1479
0
0
1
0
1480
0
0
0
0
1483
0
0
0
0
1486
0
0
0.67
0
0
0
0
0
0
60
0
0
0
0
0
0
0
1
0
0
0
0
0.1
0
0
0
0
0.33
0
32
0
0
0
0
67
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
255
255
normal
tcp
http
1
0
0
5
255
255
normal
tcp
http
1
0
0
1
1
255
normal
tcp
http
1
0
0
1
24
255
normal
tcp
http
1
0
0
11
32
255
normal
tcp
http
1
0
0
9
42
255
normal
tcp
ftp
1
0
1
1
1
1
ftp_write
tcp
login
1
0
0
1
2
1
ftp_write
icmp
eco_i
0
0
0
1
4
2
nmap
tcp
private
0
0
0
2
14
1
nmap
tcp
private
0
0
0
1
24
1
nmap
tcp
http
1
0
0
36
36
255
normal
tcp
http
1
0
0
5
S2
0
5
1
244
0
0.2
0
27498
0
0.2
0
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
1
1
306
0
0
0
8564
0
0
1
0
0
0
0.02
0
0
0
0
0
0
1
0
SF
0
3
1
239
0
0
0
954
0
0
0.04
0
0
0
0.04
0
0
0
0
0
0
1
0
SF
0
29
1
180
0
0
0
3061
0
0
0.03
0
0
0
0.03
0
0
0
0
0
0
1
0
SF
0
12
1
204
0
0
0
17862
0
0
0.02
0
0
0
0.03
0
0
0
0
0
0
1
0
SF
0
1
1
104
0
0
0
449
0
0
1
0
1
0
0
0
0
0
0
0
1
1
0
SF
0
1
0.5
157
0
0
1
2703
0
0
0.5
0
0
0
0
0
0
0
0
1
0
1
0
SF
0
1
0.5
8
0
0
0.75
0
0
0
0.5
0
0
0
0
0
0
0
0
0
0
1
0
SH
0
1
0.07
0
0
1
0.71
0
0
1
0.5
0
0
0
0
0
0
0
0.5
0
0
0.5
1
SH
0
1
0.04
0
0
1
0.75
0
0
1
0.67
0
0
0
0
0
0
0
0.67
0
0
1
1
SF
0
36
1
313
0
0
0
1337
0
0
0.03
0
0
0
0.02
0
0
0
0
0
0
1
0
SF
0
23
214
0
0.2
924
0
0.04
0
0
0
0
0
0
0
0
1
0
0
1487
0
0
0
0
1489
0
0
0
0
1490
0
0
0
0
1491
0
0
0
0
1492
0
0
0
0
1493
2
0
0
0
1494
1
0
0
0.5
1497
0
0
0
0
1500
0
0
0
0
1501
0
0
0
0
1502
0
0
0
0
1505
2
0
0.13
0
0
0
0
0.09
0
0
0
0
0.12
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0.5
0
0
0
0.07
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
66
normal
tcp
1
0
76
normal
tcp
1
0
246
normal
tcp
1
0
255
normal
tcp
1
0
255
normal
tcp
1
0
255
normal
tcp
1
0
1
back
tcp
1
0
2
back
tcp
1
0
255
normal
tcp
1
0
255
normal
tcp
1
0
255
normal
tcp
1
0
255
normal
tcp
1
0
255
0.02
0.02
0.02
http
0
15
255
SF
0
33
1
217
0
0.07
0
654
0
0.03
0.01
0
0
0
0.02
0
0
0
0.01
0
0
1
0
http
0
7
255
SF
0
17
1
189
0
0
0
978
0
0
0
0
0
0
0.01
0
0
0
0
0
0
1
0
http
0
17
255
SF
0
17
1
192
0
0
0
5732
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
0
27
255
SF
0
27
1
192
0
0
0
2596
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
0
37
255
SF
0
37
1
192
0
0
0
5628
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
1
2
1
SF
0
2
1
54540
0
0
0
8314
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
http
0
2
2
RSTR
0
2
1
45908
0
0
0
7300
0
0
0.5
0
0
0.5
0
0
0
0.5
0
0
0
1
0
http
0
39
255
SF
0
41
1
232
0
0
0
1035
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
0
13
255
SF
0
13
1
208
0
0
0
17733
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
0
23
255
SF
0
23
1
205
0
0
0
2996
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
0
33
255
SF
0
33
1
205
0
0
0
315
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
1
3
SF
0
5
54540
0
0
8314
0
0
0
0
0
0
0
0
0
0
1
0
0.14
1506
2
0
0
0.12
1507
2
0
0
0.11
1508
0
0
0
0
1512
0
0
0
0
1514
0
0
0
0
1515
0
0
0
0
1517
0
0
0
0
1518
0
0
0
0
1519
0
0
0
0
1520
1
0
0
0
1524
0
0
0
0
0.6
0.14
0
0
0
0
0.12
0
0
0
0
0.11
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
21
0
0
0
0
0
0
0
0
0
7
back
tcp
1
0
8
back
tcp
1
0
9
back
tcp
1
0
255
normal
tcp
1
0
255
normal
tcp
1
0
255
normal
tcp
1
0
255
normal
tcp
1
0
255
normal
tcp
1
0
255
normal
tcp
1
0
255
normal
tcp
1
0
255
rootkit
tcp
1
0
255
normal
0.14
http
1
3
8
SF
0
3
1
54540
0
0
0
8314
0
0
0.12
0
0
0
0
0
0
0
0
0
0
1
0
http
1
4
9
SF
0
4
1
54540
0
0
0
8314
0
0
0.11
0
0
0
0
0
0
0
0
0
0
1
0
http
0
4
255
SF
0
4
1
234
0
0
0
22023
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
0
10
255
SF
0
10
1
194
0
0
0
1707
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
0
30
255
SF
0
30
1
196
0
0
0
1337
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
0
40
255
SF
0
40
1
216
0
0
0
1035
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
0
7
255
SF
0
7
1
198
0
0
0
609
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
0
17
255
SF
0
17
1
200
0
0
0
2658
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
0
27
255
SF
0
27
1
195
0
0
0
313
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
ftp
0
1
1
SF
0
1
0
89
0
0
0.02
345
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
http
0
5
255
SF
0
5
1
200
0
0
0
767
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
//CCThreshold=0.005, jlh=59, time:1343.213
1243
2
0
0
0.04
1244
1
0
0
0.04
1250
0
0
0
0
1258
2
0
0
0
1284
0
0
0
0
1285
0
0
0
0
1299
0
0
1
0
1300
0
0
1
0
1301
0
0
0
0
1302
0
0
0
0
1303
0
0
0
0
1304
0
0
1
192
0
0
0
0
179
0
0
0
0
0
0
0
0
0
6
0
0
0
0
337
0
0
0
0
299
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
tcp
ftp
SF
1
0
0
1
1
1
255
1
0
multihop
tcp
ftp
SF
1
0
0
1
1
1
255
2
0.01
multihop
tcp
http
SF
1
0
0
0
1
1
1
126
1
normal
tcp
http
SF
1
0
1
0
1
1
255
249
0.98
phf
tcp
telnet SF
1
0
0
0
1
1
255
47
0.18
spy
tcp
telnet SF
0
0
0
0
1
1
255
48
0.19
spy
tcp
smtp
SF
1
0
0
0
2
1
1
1
1
normal
udp
domain_u
0
0
0
0
0
1
1
11
2
0
normal
tcp
smtp
SF
1
0
0
0
1
1
21
14
0.67
normal
tcp
auth
SF
1
0
0
0
1
1
31
4
0.13
normal
tcp
smtp
SF
1
0
0
0
1
1
41
27
0.66
normal
udp
domain_u
0
0
0
0
0
1
1
51
9
119
0
0
0.01
426
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
87
0
0
0.01
319
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
229
0
0
0
2611
0
0
1
0
0
0
0.04
0
0
0
0
0
0
1
0
51
0
0
0.01
8127
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
237
1
0
0.02
1540
0
0
0
0
1
0
0
0
1
0
0.22
0
1
1
0.32
112
0
0
0.02
847
0
0
0
0
0
0
0
0
0
0
0.22
0
0
1
0.31
2936
0
0
0
329
0
0
1
0
0
0
0
0
0
0
0
0
0
0.5
0
SF
0
2
0.18
30
0
0
0.27
0
0
0
0.18
0
0
0
0
0
0
0
0
3498
0
0
0.19
328
0
0
0.05
0
0
0
0
0
0
0
0
0
0
1
0
9
0
0
0.13
34
0
0
0.03
0
0
0
0
0
0
0
0
0
0
1
0
841
0
0
0.12
328
0
0
0.02
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
2
0.18
33
0
0
0.1
0
0
0
0.18
0
0
0
0
0
0
0
0
0
1305
0
0
0
0
1306
0
0
0
0
1307
0
0
1
0
1308
0
0
1
0
1309
0
0
1
0
1310
0
0
0
0
1311
0
0
0
0
1312
0
0
0
0
1313
0
0
0
0
1314
0
0
0
0
1315
0
0
0
0
1316
0
0
0
0
3
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
1
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
tcp
1
0
61
normal
tcp
1
0
71
normal
tcp
1
0
81
normal
tcp
1
0
91
normal
udp
0
0
1
0
tcp
1
0
111
normal
tcp
1
0
121
normal
tcp
1
0
17
normal
tcp
1
0
27
normal
tcp
1
0
37
normal
tcp
1
0
47
normal
tcp
1
0
57
normal
smtp
0
1
42
SF
0
2
0.69
2029
0
0
0.08
491
0
0
0.02
0
0
0
0
0
0
0
0
0
0
1
0
smtp
0
1
48
SF
0
1
0.68
1565
0
0
0.07
328
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
auth
0
2
7
SF
0
1
0.09
10
0
0
0.06
39
0
0
0.01
0
0
0
0
0
0
0
0
0
0
0.5
0
smtp
0
2
61
SF
0
1
0.67
1848
0
0
0.05
328
0
0
0.01
0
0
0
0
0
0
0
0
0
0
0.5
0
domain_u
0
0
0
1
101
21
normal
smtp
SF
0
0
1
3
71
0.64
SF
0
2
0.21
33
0
0
0.05
0
0
0
0.21
0
0
0
0
0
0
0
0
878
0
0
0.05
360
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
smtp
0
1
79
SF
0
2
0.65
1301
0
0
0.04
330
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
http
0
3
17
SF
0
3
1
215
0
0
0
12884
0
0
0.06
0
0
0
0
0
0
0
0
0
0
1
0
http
0
2
27
SF
0
2
1
227
0
0
0
1415
0
0
0.04
0
0
0
0
0
0
0
0
0
0
1
0
http
0
7
37
SF
0
7
1
296
0
0
0
1227
0
0
0.03
0
0
0
0
0
0
0
0
0
0
1
0
http
0
1
47
SF
0
1
1
277
0
0
0
2295
0
0
0.02
0
0
0
0
0
0
0
0
0
0
1
0
http
0
7
57
SF
0
7
1
296
0
0
0
1227
0
0
0.02
0
0
0
0
0
0
0
0
0
0
1
0
0
1317
0
0
0
0
1318
0
0
0
0
1319
0
0
0
0
1328
0
0
0
0
1348
0
0
0
0
1349
0
0
0
0
1353
0
0
0
0
1357
1
0
0
0
1366
0
0
0
0
1368
0
0
0
0
1371
0
0
0
0
1372
0
0
0
0
0
0
0
0
0
0
0
0
0.14
0
0
0
0
0.14
0
0
0
0
0
0
60
1
0
0
0
708
0
0
0
0
0
0
0
0.07
0
0
0
0
0
0
0
0
0
0.18
0
0
0
0
0.27
0
0
0
0
0
0
0
0
0
0
normal
tcp
1
0
67
normal
tcp
1
0
77
normal
tcp
1
0
87
normal
tcp
1
0
177
normal
tcp
0
0
255
rootkit
tcp
1
0
255
rootkit
tcp
1
0
47
normal
tcp
1
0
19
normal
tcp
1
0
73
normal
tcp
1
0
93
normal
icmp
0
0
1
pod
icmp
0
0
2
http
0
3
67
SF
0
3
1
173
0
0
0
1493
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
http
0
10
77
SF
0
14
1
324
0
0
0
1227
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
http
0
9
87
SF
0
14
1
172
0
0
0
4145
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
http
0
1
177
SF
0
1
1
305
0
0
0
106426
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
telnet
0
1
1
SF
0
1
0
86
0
0
0.02
183
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
telnet
6
1
3
SF
0
1
0.01
1727
0
0
0.02
24080
7
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
0
13
255
SF
0
28
1
204
0
0
0
74810
0
0
0.02
0
0
0
0.01
0
0
0
0
0
0
1
0
http
0
19
255
SF
1
19
1
272
0
0
0
60397
0
0
0.05
0
0
0
0.01
0
0
0
0
0
0
1
0
http
0
10
255
SF
0
11
1
240
0
0
0
125015
0
0
0.01
0
0
0
0.02
0
0
0
0
0
0
1
0
http
0
9
255
SF
0
11
1
256
0
0
0
125015
0
0
0.01
0
0
0
0.02
0
0
0
0
0
0
1
0
ecr_i
0
1
19
SF
0
1
1
1480
0
0
0
0
0
0
1
0
0
0
0.53
1
0
0
0
0
0
1
0
ecr_i
0
2
20
SF
0
2
1
1480
0
0
0
0
0
0
1
0
0
0
0.5
1
0
0
0
0
0
1
0
0
1385
0
0
0
0
1403
1
0
0
0.94
1404
2
0
0
0.04
1405
1
0
0
0.04
1429
0
0
0
1
1430
0
0
0
1
1431
1
0
0
1
1432
1
0
0
1
1433
1
0
0
1
1454
0
0
0
0
1456
0
0
0
0
1476
2
0
0
0
0
0
0
0
0
0
1
0
0
0.94
192
0
0
0
0
179
0
0
0
0
14
0
0
0
1
12
0
0
0
1
13
0
0
0
1
14
0
0
0
1
11
0
0
0
1
0
0
0
0
0
60
0
0
0
0
32
0
0
0
pod
tcp
http
1
0
0
3
3
255
normal
tcp
telnet
0
0
0
2
16
16
guess_passwd
tcp
ftp
1
0
1
1
255
1
multihop
tcp
ftp
1
0
1
1
255
2
multihop
tcp
http
1
0
0
1
1
1
back
tcp
http
1
0
0
2
2
2
back
tcp
http
1
0
0
3
3
3
back
tcp
http
1
0
0
4
4
4
back
tcp
http
1
0
0
5
5
5
back
tcp
http
1
0
0
5
255
255
normal
tcp
http
1
0
0
1
1
255
normal
tcp
ftp
1
0
1
1
1
1
SF
0
3
1
291
0
0.33
0
1236
0
0.33
0.33
0
0
0
0.04
0
0
0
0.33
0
0
1
0
RSTO
0
2
1
126
0
0
0
179
0
0
0.06
0
0
1
0
0
0
1
0.06
0
0
1
0.06
SF
0
1
0
119
0
0
0.01
426
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
SF
0
1
0.01
87
0
0
0.01
319
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
RSTR
0
1
1
42340
0
0
0
1460
0
0
1
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
2
1
13140
0
0
0
1460
0
0
0.5
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
3
1
51100
0
0
0
4380
0
0
0.33
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
4
1
33580
0
0
0
7300
0
0
0.25
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
5
1
26280
0
0
0
1460
0
0
0.2
0
0
1
0
0
0
1
0
0
0
1
0
S2
0
5
1
244
0
0.2
0
27498
0
0.2
0
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
1
1
306
0
0
0
8564
0
0
1
0
0
0
0.02
0
0
0
0
0
0
1
0
SF
0
1
1
104
0
0
0
449
0
0
1
0
1
0
0
0
0
0
0
0
1
1
0
0
1477
0
0
0
0
1478
0
0
0
0
1479
0
0
1
0
1480
0
0
0
0
1486
0
0
0
0
1493
2
0
0
0
1494
1
0
0
0.5
1505
2
0
0
0.14
1506
2
0
0
0.12
1507
2
0
0
0.11
1520
1
0
0
0
0
67
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0.13
0
0
0
0
0
0
0
0
0
0
0.5
0
0
0
0.6
0.14
0
0
0
0
0.12
0
0
0
0
0.11
21
0
0
0
0
ftp_write
tcp
login
1
0
0
1
2
1
ftp_write
icmp
eco_i
0
0
0
1
4
2
nmap
tcp
private
0
0
0
2
14
1
nmap
tcp
private
0
0
0
1
24
1
nmap
tcp
http
1
0
0
5
66
255
normal
tcp
http
1
1
0
2
1
1
back
tcp
http
1
0
0
2
2
2
back
tcp
http
1
1
0
3
7
7
back
tcp
http
1
1
0
3
8
8
back
tcp
http
1
1
0
4
9
9
back
tcp
ftp
1
0
0
1
255
1
rootkit
SF
0
1
0.5
157
0
0
1
2703
0
0
0.5
0
0
0
0
0
0
0
0
1
0
1
0
SF
0
1
0.5
8
0
0
0.75
0
0
0
0.5
0
0
0
0
0
0
0
0
0
0
1
0
SH
0
1
0.07
0
0
1
0.71
0
0
1
0.5
0
0
0
0
0
0
0
0.5
0
0
0.5
1
SH
0
1
0.04
0
0
1
0.75
0
0
1
0.67
0
0
0
0
0
0
0
0.67
0
0
1
1
SF
0
23
1
214
0
0.2
0
924
0
0.04
0.02
0
0
0
0.02
0
0
0
0.02
0
0
1
0
SF
0
2
1
54540
0
0
0
8314
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
RSTR
0
2
1
45908
0
0
0
7300
0
0
0.5
0
0
0.5
0
0
0
0.5
0
0
0
1
0
SF
0
5
1
54540
0
0
0
8314
0
0
0.14
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
3
1
54540
0
0
0
8314
0
0
0.12
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
4
1
54540
0
0
0
8314
0
0
0.11
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
1
0
89
0
0
0.02
345
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
// CCThreshold=0.01, jlh=48, time:1502.020
1243
2
0
0
0.04
1244
1
0
0
0.04
1250
0
0
0
0
1258
2
0
0
0
1284
0
0
0
0
1285
0
0
0
0
1299
0
0
1
0
1300
0
0
1
0
1301
0
0
0
0
1302
0
0
0
0
1303
0
0
0
0
1304
0
0
1
192
0
0
0
0
179
0
0
0
0
0
0
0
0
0
6
0
0
0
0
337
0
0
0
0
299
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
tcp
ftp
SF
1
0
0
1
1
1
255
1
0
multihop
tcp
ftp
SF
1
0
0
1
1
1
255
2
0.01
multihop
tcp
http
SF
1
0
0
0
1
1
1
126
1
normal
tcp
http
SF
1
0
1
0
1
1
255
249
0.98
phf
tcp
telnet SF
1
0
0
0
1
1
255
47
0.18
spy
tcp
telnet SF
0
0
0
0
1
1
255
48
0.19
spy
tcp
smtp
SF
1
0
0
0
2
1
1
1
1
normal
udp
domain_u
0
0
0
0
0
1
1
11
2
0
normal
tcp
smtp
SF
1
0
0
0
1
1
21
14
0.67
normal
tcp
auth
SF
1
0
0
0
1
1
31
4
0.13
normal
tcp
smtp
SF
1
0
0
0
1
1
41
27
0.66
normal
udp
domain_u
0
0
0
0
0
1
1
51
9
119
0
0
0.01
426
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
87
0
0
0.01
319
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
229
0
0
0
2611
0
0
1
0
0
0
0.04
0
0
0
0
0
0
1
0
51
0
0
0.01
8127
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
237
1
0
0.02
1540
0
0
0
0
1
0
0
0
1
0
0.22
0
1
1
0.32
112
0
0
0.02
847
0
0
0
0
0
0
0
0
0
0
0.22
0
0
1
0.31
2936
0
0
0
329
0
0
1
0
0
0
0
0
0
0
0
0
0
0.5
0
SF
0
2
0.18
30
0
0
0.27
0
0
0
0.18
0
0
0
0
0
0
0
0
3498
0
0
0.19
328
0
0
0.05
0
0
0
0
0
0
0
0
0
0
1
0
9
0
0
0.13
34
0
0
0.03
0
0
0
0
0
0
0
0
0
0
1
0
841
0
0
0.12
328
0
0
0.02
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
2
0.18
33
0
0
0.1
0
0
0
0.18
0
0
0
0
0
0
0
0
0
1305
0
0
0
0
1306
0
0
0
0
1307
0
0
1
0
1308
0
0
1
0
1309
0
0
1
0
1310
0
0
0
0
1311
0
0
0
0
1312
0
0
0
0
1328
0
0
0
0
1348
0
0
0
0
1349
0
0
0
0
1357
1
0
0
0
3
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
1
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
60
1
0
0
0
708
0
0
0
0
0
0
0
0
0
tcp
1
0
61
normal
tcp
1
0
71
normal
tcp
1
0
81
normal
tcp
1
0
91
normal
udp
0
0
1
0
tcp
1
0
111
normal
tcp
1
0
121
normal
tcp
1
0
17
normal
tcp
1
0
177
normal
tcp
0
0
255
rootkit
tcp
1
0
255
rootkit
tcp
1
0
19
normal
smtp
0
1
42
SF
0
2
0.69
2029
0
0
0.08
491
0
0
0.02
0
0
0
0
0
0
0
0
0
0
1
0
smtp
0
1
48
SF
0
1
0.68
1565
0
0
0.07
328
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
auth
0
2
7
SF
0
1
0.09
10
0
0
0.06
39
0
0
0.01
0
0
0
0
0
0
0
0
0
0
0.5
0
smtp
0
2
61
SF
0
1
0.67
1848
0
0
0.05
328
0
0
0.01
0
0
0
0
0
0
0
0
0
0
0.5
0
domain_u
0
0
0
1
101
21
normal
smtp
SF
0
0
1
3
71
0.64
SF
0
2
0.21
33
0
0
0.05
0
0
0
0.21
0
0
0
0
0
0
0
0
878
0
0
0.05
360
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
smtp
0
1
79
SF
0
2
0.65
1301
0
0
0.04
330
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
http
0
3
17
SF
0
3
1
215
0
0
0
12884
0
0
0.06
0
0
0
0
0
0
0
0
0
0
1
0
http
0
1
177
SF
0
1
1
305
0
0
0
106426
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
telnet
0
1
1
SF
0
1
0
86
0
0
0.02
183
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
telnet
6
1
3
SF
0
1
0.01
1727
0
0
0.02
24080
7
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
0
19
255
SF
1
19
1
272
0
0
0
60397
0
0
0.05
0
0
0
0.01
0
0
0
0
0
0
1
0
0
1371
0
0
0
0
1372
0
0
0
0
1385
0
0
0
0
1403
1
0
0
0.94
1404
2
0
0
0.04
1405
1
0
0
0.04
1429
0
0
0
1
1430
0
0
0
1
1431
1
0
0
1
1432
1
0
0
1
1433
1
0
0
1
1454
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0.94
192
0
0
0
0
179
0
0
0
0
14
0
0
0
1
12
0
0
0
1
13
0
0
0
1
14
0
0
0
1
11
0
0
0
1
0
0
0
0
normal
icmp
ecr_i
0
0
0
1
1
19
pod
icmp
ecr_i
0
0
0
2
2
20
pod
tcp
http
1
0
0
3
3
255
normal
tcp
telnet
0
0
0
2
16
16
guess_passwd
tcp
ftp
1
0
1
1
255
1
multihop
tcp
ftp
1
0
1
1
255
2
multihop
tcp
http
1
0
0
1
1
1
back
tcp
http
1
0
0
2
2
2
back
tcp
http
1
0
0
3
3
3
back
tcp
http
1
0
0
4
4
4
back
tcp
http
1
0
0
5
5
5
back
tcp
http
1
0
0
5
255
255
SF
0
1
1
1480
0
0
0
0
0
0
1
0
0
0
0.53
1
0
0
0
0
0
1
0
SF
0
2
1
1480
0
0
0
0
0
0
1
0
0
0
0.5
1
0
0
0
0
0
1
0
SF
0
3
1
291
0
0.33
0
1236
0
0.33
0.33
0
0
0
0.04
0
0
0
0.33
0
0
1
0
RSTO
0
2
1
126
0
0
0
179
0
0
0.06
0
0
1
0
0
0
1
0.06
0
0
1
0.06
SF
0
1
0
119
0
0
0.01
426
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
SF
0
1
0.01
87
0
0
0.01
319
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
RSTR
0
1
1
42340
0
0
0
1460
0
0
1
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
2
1
13140
0
0
0
1460
0
0
0.5
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
3
1
51100
0
0
0
4380
0
0
0.33
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
4
1
33580
0
0
0
7300
0
0
0.25
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
5
1
26280
0
0
0
1460
0
0
0.2
0
0
1
0
0
0
1
0
0
0
1
0
S2
0
5
1
244
0
0.2
0
27498
0
0.2
0
0
0
0
0
0
0
0
0
0
0
1
0
0
1456
0
0
0
0
1476
2
0
0
0
1477
0
0
0
0
1478
0
0
0
0
1479
0
0
1
0
1480
0
0
0
0
1493
2
0
0
0
1494
1
0
0
0.5
1505
2
0
0
0.14
1506
2
0
0
0.12
1507
2
0
0
0.11
1520
1
0
0
0
60
0
0
0
0
32
0
0
0
0
67
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0.5
0
0
0
0.6
0.14
0
0
0
0
0.12
0
0
0
0
0.11
21
0
0
0
normal
tcp
http
1
0
0
1
1
255
normal
tcp
ftp
1
0
1
1
1
1
ftp_write
tcp
login
1
0
0
1
2
1
ftp_write
icmp
eco_i
0
0
0
1
4
2
nmap
tcp
private
0
0
0
2
14
1
nmap
tcp
private
0
0
0
1
24
1
nmap
tcp
http
1
1
0
2
1
1
back
tcp
http
1
0
0
2
2
2
back
tcp
http
1
1
0
3
7
7
back
tcp
http
1
1
0
3
8
8
back
tcp
http
1
1
0
4
9
9
back
tcp
ftp
1
0
0
1
255
1
SF
0
1
1
306
0
0
0
8564
0
0
1
0
0
0
0.02
0
0
0
0
0
0
1
0
SF
0
1
1
104
0
0
0
449
0
0
1
0
1
0
0
0
0
0
0
0
1
1
0
SF
0
1
0.5
157
0
0
1
2703
0
0
0.5
0
0
0
0
0
0
0
0
1
0
1
0
SF
0
1
0.5
8
0
0
0.75
0
0
0
0.5
0
0
0
0
0
0
0
0
0
0
1
0
SH
0
1
0.07
0
0
1
0.71
0
0
1
0.5
0
0
0
0
0
0
0
0.5
0
0
0.5
1
SH
0
1
0.04
0
0
1
0.75
0
0
1
0.67
0
0
0
0
0
0
0
0.67
0
0
1
1
SF
0
2
1
54540
0
0
0
8314
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
RSTR
0
2
1
45908
0
0
0
7300
0
0
0.5
0
0
0.5
0
0
0
0.5
0
0
0
1
0
SF
0
5
1
54540
0
0
0
8314
0
0
0.14
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
3
1
54540
0
0
0
8314
0
0
0.12
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
4
1
54540
0
0
0
8314
0
0
0.11
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
1
0
89
0
0
0.02
345
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
rootkit
//CCThreshold=0.05, jlh=44, time : 1451.547

1243
2
0
0
0.04
1244
1
0
0
0.04
1258
2
0
0
0
1284
0
0
0
0
1285
0
0
0
0
1299
0
0
1
0
1300
0
0
1
0
1301
0
0
0
0
1302
0
0
0
0
1303
0
0
0
0
1304
0
0
1
192
0
0
0
0
179
0
0
0
0
6
0
0
0
0
337
0
0
0
0
299
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
tcp
ftp
SF
1
0
0
1
1
1
255
1
0
multihop
tcp
ftp
SF
1
0
0
1
1
1
255
2
0.01
multihop
tcp
http
SF
1
0
1
0
1
1
255
249
0.98
phf
tcp
telnet SF
1
0
0
0
1
1
255
47
0.18
spy
tcp
telnet SF
0
0
0
0
1
1
255
48
0.19
spy
tcp
smtp
SF
1
0
0
0
2
1
1
1
1
normal
udp
domain_u
0
0
0
0
0
1
1
11
2
0
normal
tcp
smtp
SF
1
0
0
0
1
1
21
14
0.67
normal
tcp
auth
SF
1
0
0
0
1
1
31
4
0.13
normal
tcp
smtp
SF
1
0
0
0
1
1
41
27
0.66
normal
udp
domain_u
0
0
0
0
0
1
1
51
9
119
0
0
0.01
426
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
87
0
0
0.01
319
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
51
0
0
0.01
8127
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
237
1
0
0.02
1540
0
0
0
0
1
0
0
0
1
0
0.22
0
1
1
0.32
112
0
0
0.02
847
0
0
0
0
0
0
0
0
0
0
0.22
0
0
1
0.31
2936
0
0
0
329
0
0
1
0
0
0
0
0
0
0
0
0
0
0.5
0
SF
0
2
0.18
30
0
0
0.27
0
0
0
0.18
0
0
0
0
0
0
0
0
3498
0
0
0.19
328
0
0
0.05
0
0
0
0
0
0
0
0
0
0
1
0
9
0
0
0.13
34
0
0
0.03
0
0
0
0
0
0
0
0
0
0
1
0
841
0
0
0.12
328
0
0
0.02
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
2
0.18
33
0
0
0.1
0
0
0
0.18
0
0
0
0
0
0
0
0
0
1305
0
0
0
0
1306
0
0
0
0
1307
0
0
1
0
1308
0
0
1
0
1309
0
0
1
0
1310
0
0
0
0
1311
0
0
0
0
1348
0
0
0
0
1349
0
0
0
0
1357
1
0
0
0
1371
0
0
0
0
1372
0
0
0
0
3
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
1
0
0
0
0
1
0
60
1
0
0
0
708
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
tcp
1
0
61
normal
tcp
1
0
71
normal
tcp
1
0
81
normal
tcp
1
0
91
normal
udp
0
0
1
0
tcp
1
0
111
normal
tcp
1
0
121
normal
tcp
0
0
255
rootkit
tcp
1
0
255
rootkit
tcp
1
0
19
normal
icmp
0
0
1
pod
icmp
0
0
2
normal
smtp
0
1
42
SF
0
2
0.69
2029
0
0
0.08
491
0
0
0.02
0
0
0
0
0
0
0
0
0
0
1
0
smtp
0
1
48
SF
0
1
0.68
1565
0
0
0.07
328
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
auth
0
2
7
SF
0
1
0.09
10
0
0
0.06
39
0
0
0.01
0
0
0
0
0
0
0
0
0
0
0.5
0
smtp
0
2
61
SF
0
1
0.67
1848
0
0
0.05
328
0
0
0.01
0
0
0
0
0
0
0
0
0
0
0.5
0
domain_u
0
0
0
1
101
21
normal
smtp
SF
0
0
1
3
71
0.64
SF
0
2
0.21
33
0
0
0.05
0
0
0
0.21
0
0
0
0
0
0
0
0
878
0
0
0.05
360
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
smtp
0
1
79
SF
0
2
0.65
1301
0
0
0.04
330
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
telnet
0
1
1
SF
0
1
0
86
0
0
0.02
183
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
telnet
6
1
3
SF
0
1
0.01
1727
0
0
0.02
24080
7
0
0
0
0
0
0
0
0
0
0
0
0
1
0
http
0
19
255
SF
1
19
1
272
0
0
0
60397
0
0
0.05
0
0
0
0.01
0
0
0
0
0
0
1
0
ecr_i
0
1
19
SF
0
1
1
1480
0
0
0
0
0
0
1
0
0
0
0.53
1
0
0
0
0
0
1
0
ecr_i
0
2
20
SF
0
2
1
1480
0
0
0
0
0
0
1
0
0
0
0.5
1
0
0
0
0
0
1
0
0
1403
1
0
0
0.94
1404
2
0
0
0.04
1405
1
0
0
0.04
1429
0
0
0
1
1430
0
0
0
1
1431
1
0
0
1
1432
1
0
0
1
1433
1
0
0
1
1454
0
0
0
0
1456
0
0
0
0
1476
2
0
0
0
1477
0
0
0
0
0
1
0
0
0.94
192
0
0
0
0
179
0
0
0
0
14
0
0
0
1
12
0
0
0
1
13
0
0
0
1
14
0
0
0
1
11
0
0
0
1
0
0
0
0
0
60
0
0
0
0
32
0
0
0
0
67
0
0
0
pod
tcp
telnet
0
0
0
2
16
16
guess_passwd
tcp
ftp
1
0
1
1
255
1
multihop
tcp
ftp
1
0
1
1
255
2
multihop
tcp
http
1
0
0
1
1
1
back
tcp
http
1
0
0
2
2
2
back
tcp
http
1
0
0
3
3
3
back
tcp
http
1
0
0
4
4
4
back
tcp
http
1
0
0
5
5
5
back
tcp
http
1
0
0
5
255
255
normal
tcp
http
1
0
0
1
1
255
normal
tcp
ftp
1
0
1
1
1
1
ftp_write
tcp
login
1
0
0
1
2
1
RSTO
0
2
1
126
0
0
0
179
0
0
0.06
0
0
1
0
0
0
1
0.06
0
0
1
0.06
SF
0
1
0
119
0
0
0.01
426
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
SF
0
1
0.01
87
0
0
0.01
319
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
RSTR
0
1
1
42340
0
0
0
1460
0
0
1
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
2
1
13140
0
0
0
1460
0
0
0.5
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
3
1
51100
0
0
0
4380
0
0
0.33
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
4
1
33580
0
0
0
7300
0
0
0.25
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
5
1
26280
0
0
0
1460
0
0
0.2
0
0
1
0
0
0
1
0
0
0
1
0
S2
0
5
1
244
0
0.2
0
27498
0
0.2
0
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
1
1
306
0
0
0
8564
0
0
1
0
0
0
0.02
0
0
0
0
0
0
1
0
SF
0
1
1
104
0
0
0
449
0
0
1
0
1
0
0
0
0
0
0
0
1
1
0
SF
0
1
0.5
157
0
0
1
2703
0
0
0.5
0
0
0
0
0
0
0
0
1
0
1
0
0
1478
0
0
0
0
1479
0
0
1
0
1480
0
0
0
0
1493
2
0
0
0
1494
1
0
0
0.5
1505
2
0
0
0.14
1506
2
0
0
0.12
1507
2
0
0
0.11
1520
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0.5
0
0
0
0.6
0.14
0
0
0
0
0.12
0
0
0
0
0.11
21
0
0
0
0
ftp_write
icmp
eco_i
0
0
0
1
4
2
nmap
tcp
private
0
0
0
2
14
1
nmap
tcp
private
0
0
0
1
24
1
nmap
tcp
http
1
1
0
2
1
1
back
tcp
http
1
0
0
2
2
2
back
tcp
http
1
1
0
3
7
7
back
tcp
http
1
1
0
3
8
8
back
tcp
http
1
1
0
4
9
9
back
tcp
ftp
1
0
0
1
255
1
rootkit
SF
0
1
0.5
8
0
0
0.75
0
0
0
0.5
0
0
0
0
0
0
0
0
0
0
1
0
SH
0
1
0.07
0
0
1
0.71
0
0
1
0.5
0
0
0
0
0
0
0
0.5
0
0
0.5
1
SH
0
1
0.04
0
0
1
0.75
0
0
1
0.67
0
0
0
0
0
0
0
0.67
0
0
1
1
SF
0
2
1
54540
0
0
0
8314
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
RSTR
0
2
1
45908
0
0
0
7300
0
0
0.5
0
0
0.5
0
0
0
0.5
0
0
0
1
0
SF
0
5
1
54540
0
0
0
8314
0
0
0.14
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
3
1
54540
0
0
0
8314
0
0
0.12
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
4
1
54540
0
0
0
8314
0
0
0.11
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
1
0
89
0
0
0.02
345
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0

1243
2
0
0
0.04
1244
1
0
0
192
0
0
0
0
179
0
0
0
tcp
ftp
1
0
1
1
255
1
multihop
tcp
ftp
1
0
1
1
255
2
SF
0
1
0
119
0
0
0.01
426
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
SF
0
1
0.01
87
0
0
0.01
319
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
0.04
1258
2
0
0
0
1284
0
0
0
0
1285
0
0
0
0
1299
0
0
1
0
1300
0
0
1
0
1301
0
0
0
0
1302
0
0
0
0
1303
0
0
0
0
1304
0
0
1
0
1305
0
0
0
0
1306
0
0
0
0
1308
0
0
1
0
6
0
0
0
0
337
0
0
0
0
299
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
3
0
0
1
0
0
0
0
0
0
0
0
0
0
multihop
tcp
http
SF
1
0
1
0
1
1
255
249
0.98
phf
tcp
telnet SF
1
0
0
0
1
1
255
47
0.18
spy
tcp
telnet SF
0
0
0
0
1
1
255
48
0.19
spy
tcp
smtp
SF
1
0
0
0
2
1
1
1
1
normal
udp
domain_u
0
0
0
0
0
1
1
11
2
0
normal
tcp
smtp
SF
1
0
0
0
1
1
21
14
0.67
normal
tcp
auth
SF
1
0
0
0
1
1
31
4
0.13
normal
tcp
smtp
SF
1
0
0
0
1
1
41
27
0.66
normal
udp
domain_u
0
0
0
0
0
1
1
51
9
0
normal
tcp
smtp
SF
1
0
0
0
1
2
61
42
0.69
normal
tcp
smtp
SF
1
0
0
0
1
1
71
48
0.68
normal
tcp
smtp
SF
1
0
0
0
2
1
91
61
0.67
51
0
0
0.01
8127
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
237
1
0
0.02
1540
0
0
0
0
1
0
0
0
1
0
0.22
0
1
1
0.32
112
0
0
0.02
847
0
0
0
0
0
0
0
0
0
0
0.22
0
0
1
0.31
2936
0
0
0
329
0
0
1
0
0
0
0
0
0
0
0
0
0
0.5
0
SF
0
2
0.18
30
0
0
0.27
0
0
0
0.18
0
0
0
0
0
0
0
0
3498
0
0
0.19
328
0
0
0.05
0
0
0
0
0
0
0
0
0
0
1
0
9
0
0
0.13
34
0
0
0.03
0
0
0
0
0
0
0
0
0
0
1
0
841
0
0
0.12
328
0
0
0.02
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
2
0.18
33
0
0
0.1
0
0
0
0.18
0
0
0
0
0
0
0
0
2029
0
0
0.08
491
0
0
0.02
0
0
0
0
0
0
0
0
0
0
1
0
1565
0
0
0.07
328
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
1848
0
0
0.05
328
0
0
0.01
0
0
0
0
0
0
0
0
0
0
0.5
0
0
1309
0
0
1
0
1310
0
0
0
0
1348
0
0
0
0
1349
0
0
0
0
1371
0
0
0
0
1372
0
0
0
0
1403
1
0
0
0.94
1404
2
0
0
0.04
1405
1
0
0
0.04
1429
0
0
0
1
1430
0
0
0
1
1431
1
0
0
0
0
0
0
0
0
1
0
0
1
0
60
1
0
0
0
708
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0.94
192
0
0
0
0
179
0
0
0
0
14
0
0
0
1
12
0
0
0
1
13
0
0
0
normal
udp
domain_u
0
0
0
0
0
1
1
101
21
0
normal
tcp
smtp
SF
1
0
0
0
1
3
111
71
0.64
normal
tcp
telnet SF
0
0
0
0
1
1
255
1
0
rootkit
tcp
telnet SF
1
6
0
0
1
1
255
3
0.01
rootkit
icmp
ecr_i SF
0
0
0
0
1
1
1
19
1
pod
icmp
ecr_i SF
0
0
0
0
2
2
2
20
1
pod
tcp
telnet RSTO
0
0
0
0
2
2
16
16
1
guess_passwd
tcp
ftp
SF
1
0
0
1
1
1
255
1
0
multihop
tcp
ftp
SF
1
0
0
1
1
1
255
2
0.01
multihop
tcp
http
RSTR
1
0
0
0
1
1
1
1
1
back
tcp
http
RSTR
1
0
0
0
2
2
2
2
1
back
tcp
http
RSTR
1
0
0
0
3
3
3
3
1
SF
0
2
0.21
33
0
0
0.05
0
0
0
0.21
0
0
0
0
0
0
0
0
878
0
0
0.05
360
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
86
0
0
0.02
183
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
1727
0
0
0.02
24080
7
0
0
0
0
0
0
0
0
0
0
0
0
1
0
1480
0
0
0
0
0
0
1
0
0
0
0.53
1
0
0
0
0
0
1
0
1480
0
0
0
0
0
0
1
0
0
0
0.5
1
0
0
0
0
0
1
0
126
0
0
0
179
0
0
0.06
0
0
1
0
0
0
1
0.06
0
0
1
0.06
119
0
0
0.01
426
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
87
0
0
0.01
319
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
42340
0
0
0
1460
0
0
1
0
0
1
0
0
0
1
0
0
0
1
0
13140
0
0
0
1460
0
0
0.5
0
0
1
0
0
0
1
0
0
0
1
0
51100
0
0
0
4380
0
0
0.33
0
0
1
0
0
0
1
0
0
0
1
0
1
1432
1
0
0
1
1433
1
0
0
1
1454
0
0
0
0
1456
0
0
0
0
1476
2
0
0
0
1477
0
0
0
0
1478
0
0
0
0
1479
0
0
1
0
1480
0
0
0
0
1493
2
0
0
0
1494
1
0
0
0.5
1505
2
0
0
1
14
0
0
0
1
11
0
0
0
1
0
0
0
0
0
60
0
0
0
0
32
0
0
0
0
67
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0.5
0
0
0
0.6
back
tcp
http
1
0
0
4
4
4
back
tcp
http
1
0
0
5
5
5
back
tcp
http
1
0
0
5
255
255
normal
tcp
http
1
0
0
1
1
255
normal
tcp
ftp
1
0
1
1
1
1
ftp_write
tcp
login
1
0
0
1
2
1
ftp_write
icmp
eco_i
0
0
0
1
4
2
nmap
tcp
private
0
0
0
2
14
1
nmap
tcp
private
0
0
0
1
24
1
nmap
tcp
http
1
1
0
2
1
1
back
tcp
http
1
0
0
2
2
2
back
tcp
http
1
1
0
3
7
7
RSTR
0
4
1
33580
0
0
0
7300
0
0
0.25
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
5
1
26280
0
0
0
1460
0
0
0.2
0
0
1
0
0
0
1
0
0
0
1
0
S2
0
5
1
244
0
0.2
0
27498
0
0.2
0
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
1
1
306
0
0
0
8564
0
0
1
0
0
0
0.02
0
0
0
0
0
0
1
0
SF
0
1
1
104
0
0
0
449
0
0
1
0
1
0
0
0
0
0
0
0
1
1
0
SF
0
1
0.5
157
0
0
1
2703
0
0
0.5
0
0
0
0
0
0
0
0
1
0
1
0
SF
0
1
0.5
8
0
0
0.75
0
0
0
0.5
0
0
0
0
0
0
0
0
0
0
1
0
SH
0
1
0.07
0
0
1
0.71
0
0
1
0.5
0
0
0
0
0
0
0
0.5
0
0
0.5
1
SH
0
1
0.04
0
0
1
0.75
0
0
1
0.67
0
0
0
0
0
0
0
0.67
0
0
1
1
SF
0
2
1
54540
0
0
0
8314
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
RSTR
0
2
1
45908
0
0
0
7300
0
0
0.5
0
0
0.5
0
0
0
0.5
0
0
0
1
0
SF
0
5
1
54540
0
0
0
8314
0
0
0.14
0
0
0
0
0
0
0
0
0
0
1
0
0.14
1506
2
0
0
0.12
1507
2
0
0
0.11
1520
1
0
0
0
0.14
0
0
0
0
0.12
0
0
0
0
0.11
21
0
0
0
0
back
tcp
1
0
8
back
tcp
1
0
9
back
tcp
1
0
255
rootkit
http
1
3
8
SF
0
3
1
54540
0
0
0
8314
0
0
0.12
0
0
0
0
0
0
0
0
0
0
1
0
http
1
4
9
SF
0
4
1
54540
0
0
0
8314
0
0
0.11
0
0
0
0
0
0
0
0
0
0
1
0
ftp
0
1
1
SF
0
1
0
89
0
0
0.02
345
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
119
0
0
0.01
426
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
87
0
0
0.01
319
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
51
0
0
0.01
8127
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
237
1
0
0.02
1540
0
0
0
0
1
0
0
0
1
0
0.22
0
1
1
0.32
112
0
0
0.02
847
0
0
0
0
0
0
0
0
0
0
0.22
0
0
1
0.31
2936
0
0
0
329
0
0
1
0
0
0
0
0
0
0
0
0
0
0.5
0
SF
0
2
0.18
30
0
0
0.27
0
0
0
0.18
0
0
0
0
0
0
0
0
3498
0
0
0.19
328
0
0
0.05
0
0
0
0
0
0
0
0
0
0
1
0

1243
2
0
0
0.04
1244
1
0
0
0.04
1258
2
0
0
0
1284
0
0
0
0
1285
0
0
0
0
1299
0
0
1
0
1300
0
0
1
0
1301
0
0
0
0
192
0
0
0
0
179
0
0
0
0
6
0
0
0
0
337
0
0
0
0
299
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
tcp
ftp
SF
1
0
0
1
1
1
255
1
0
multihop
tcp
ftp
SF
1
0
0
1
1
1
255
2
0.01
multihop
tcp
http
SF
1
0
1
0
1
1
255
249
0.98
phf
tcp
telnet SF
1
0
0
0
1
1
255
47
0.18
spy
tcp
telnet SF
0
0
0
0
1
1
255
48
0.19
spy
tcp
smtp
SF
1
0
0
0
2
1
1
1
1
normal
udp
domain_u
0
0
0
0
0
1
1
11
2
0
normal
tcp
smtp
SF
1
0
0
0
1
1
21
14
0.67
normal
1302
0
0
0
0
1303
0
0
0
0
1304
0
0
1
0
1309
0
0
1
0
1310
0
0
0
0
1348
0
0
0
0
1349
0
0
0
0
1371
0
0
0
0
1372
0
0
0
0
1403
1
0
0
0.94
1404
2
0
0
0.04
1405
1
0
0
0.04
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
1
0
60
1
0
0
0
708
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0.94
192
0
0
0
0
179
0
0
0
0
tcp
auth
SF
1
0
0
0
1
1
31
4
0.13
normal
tcp
smtp
SF
1
0
0
0
1
1
41
27
0.66
normal
udp
domain_u
0
0
0
0
0
1
1
51
9
0
normal
udp
domain_u
0
0
0
0
0
1
1
101
21
0
normal
tcp
smtp
SF
1
0
0
0
1
3
111
71
0.64
normal
tcp
telnet SF
0
0
0
0
1
1
255
1
0
rootkit
tcp
telnet SF
1
6
0
0
1
1
255
3
0.01
rootkit
icmp
ecr_i SF
0
0
0
0
1
1
1
19
1
pod
icmp
ecr_i SF
0
0
0
0
2
2
2
20
1
pod
tcp
telnet RSTO
0
0
0
0
2
2
16
16
1
guess_passwd
tcp
ftp
SF
1
0
0
1
1
1
255
1
0
multihop
tcp
ftp
SF
1
0
0
1
1
1
255
2
0.01
multihop
9
0
0
0.13
34
0
0
0.03
0
0
0
0
0
0
0
0
0
0
1
0
841
0
0
0.12
328
0
0
0.02
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
2
0.18
33
0
0
0.1
0
0
0
0.18
0
0
0
0
0
0
0
0
SF
0
2
0.21
33
0
0
0.05
0
0
0
0.21
0
0
0
0
0
0
0
0
878
0
0
0.05
360
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
86
0
0
0.02
183
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
1727
0
0
0.02
24080
7
0
0
0
0
0
0
0
0
0
0
0
0
1
0
1480
0
0
0
0
0
0
1
0
0
0
0.53
1
0
0
0
0
0
1
0
1480
0
0
0
0
0
0
1
0
0
0
0.5
1
0
0
0
0
0
1
0
126
0
0
0
179
0
0
0.06
0
0
1
0
0
0
1
0.06
0
0
1
0.06
119
0
0
0.01
426
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
87
0
0
0.01
319
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
1429
0
0
0
1
1430
0
0
0
1
1431
1
0
0
1
1432
1
0
0
1
1433
1
0
0
1
1454
0
0
0
0
1476
2
0
0
0
1477
0
0
0
0
1478
0
0
0
0
1479
0
0
1
0
1480
0
0
0
0
1493
2
0
0
0
14
0
0
0
1
12
0
0
0
1
13
0
0
0
1
14
0
0
0
1
11
0
0
0
1
0
0
0
0
0
32
0
0
0
0
67
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
tcp
http
1
0
0
1
1
1
back
tcp
http
1
0
0
2
2
2
back
tcp
http
1
0
0
3
3
3
back
tcp
http
1
0
0
4
4
4
back
tcp
http
1
0
0
5
5
5
back
tcp
http
1
0
0
5
255
255
normal
tcp
ftp
1
0
1
1
1
1
ftp_write
tcp
login
1
0
0
1
2
1
ftp_write
icmp
eco_i
0
0
0
1
4
2
nmap
tcp
private
0
0
0
2
14
1
nmap
tcp
private
0
0
0
1
24
1
nmap
tcp
http
1
1
0
2
1
1
back
RSTR
0
1
1
42340
0
0
0
1460
0
0
1
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
2
1
13140
0
0
0
1460
0
0
0.5
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
3
1
51100
0
0
0
4380
0
0
0.33
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
4
1
33580
0
0
0
7300
0
0
0.25
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
5
1
26280
0
0
0
1460
0
0
0.2
0
0
1
0
0
0
1
0
0
0
1
0
S2
0
5
1
244
0
0.2
0
27498
0
0.2
0
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
1
1
104
0
0
0
449
0
0
1
0
1
0
0
0
0
0
0
0
1
1
0
SF
0
1
0.5
157
0
0
1
2703
0
0
0.5
0
0
0
0
0
0
0
0
1
0
1
0
SF
0
1
0.5
8
0
0
0.75
0
0
0
0.5
0
0
0
0
0
0
0
0
0
0
1
0
SH
0
1
0.07
0
0
1
0.71
0
0
1
0.5
0
0
0
0
0
0
0
0.5
0
0
0.5
1
SH
0
1
0.04
0
0
1
0.75
0
0
1
0.67
0
0
0
0
0
0
0
0.67
0
0
1
1
SF
0
2
1
54540
0
0
0
8314
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
1494
1
0
0
0.5
1505
2
0
0
0.14
1506
2
0
0
0.12
1507
2
0
0
0.11
1520
1
0
0
0
0
0
0
0
0.5
0
0
0
0.6
0.14
0
0
0
0
0.12
0
0
0
0
0.11
21
0
0
0
0
tcp
1
0
2
back
tcp
1
0
7
back
tcp
1
0
8
back
tcp
1
0
9
back
tcp
1
0
255
rootkit
http
0
2
2
RSTR
0
2
1
45908
0
0
0
7300
0
0
0.5
0
0
0.5
0
0
0
0.5
0
0
0
1
0
http
1
3
7
SF
0
5
1
54540
0
0
0
8314
0
0
0.14
0
0
0
0
0
0
0
0
0
0
1
0
http
1
3
8
SF
0
3
1
54540
0
0
0
8314
0
0
0.12
0
0
0
0
0
0
0
0
0
0
1
0
http
1
4
9
SF
0
4
1
54540
0
0
0
8314
0
0
0.11
0
0
0
0
0
0
0
0
0
0
1
0
ftp
0
1
1
SF
0
1
0
89
0
0
0.02
345
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
119
0
0
0.01
426
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
87
0
0
0.01
319
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
51
0
0
0.01
8127
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
237
1
0
0.02
1540
0
0
0
0
1
0
0
0
1
0
0.22
0
1
1
0.32
112
0
0
0.02
847
0
0
0
0
0
0
0
0
0
0
0.22
0
0
1
0.31
2936
0
0
0
329
0
0
1
0
0
0
0
0
0
0
0
0
0
0.5
0
SF
0
30
0
0
0
0
0
0
0

1243
2
0
0
0.04
1244
1
0
0
0.04
1258
2
0
0
0
1284
0
0
0
0
1285
0
0
0
0
1299
0
0
1
0
1300
0
192
0
0
0
0
179
0
0
0
0
6
0
0
0
0
337
0
0
0
0
299
0
0
0
0
0
0
0
0
0
0
0
tcp
ftp
SF
1
0
0
1
1
1
255
1
0
multihop
tcp
ftp
SF
1
0
0
1
1
1
255
2
0.01
multihop
tcp
http
SF
1
0
1
0
1
1
255
249
0.98
phf
tcp
telnet SF
1
0
0
0
1
1
255
47
0.18
spy
tcp
telnet SF
0
0
0
0
1
1
255
48
0.19
spy
tcp
smtp
SF
1
0
0
0
2
1
1
1
1
normal
udp
domain_u
0
0
0
0
1
0
1301
0
0
0
0
1302
0
0
0
0
1303
0
0
0
0
1304
0
0
1
0
1309
0
0
1
0
1310
0
0
0
0
1348
0
0
0
0
1349
0
0
0
0
1371
0
0
0
0
1372
0
0
0
0
1403
1
0
0
0.94
1404
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
1
0
60
1
0
0
0
708
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0.94
192
0
0
0
1
1
11
2
0
normal
tcp
smtp
SF
1
0
0
0
1
1
21
14
0.67
normal
tcp
auth
SF
1
0
0
0
1
1
31
4
0.13
normal
tcp
smtp
SF
1
0
0
0
1
1
41
27
0.66
normal
udp
domain_u
0
0
0
0
0
1
1
51
9
0
normal
udp
domain_u
0
0
0
0
0
1
1
101
21
0
normal
tcp
smtp
SF
1
0
0
0
1
3
111
71
0.64
normal
tcp
telnet SF
0
0
0
0
1
1
255
1
0
rootkit
tcp
telnet SF
1
6
0
0
1
1
255
3
0.01
rootkit
icmp
ecr_i SF
0
0
0
0
1
1
1
19
1
pod
icmp
ecr_i SF
0
0
0
0
2
2
2
20
1
pod
tcp
telnet RSTO
0
0
0
0
2
2
16
16
1
guess_passwd
tcp
ftp
SF
1
0
0
2
0.18
0
0.27
0
0.18
0
0
0
0
3498
0
0
0.19
328
0
0
0.05
0
0
0
0
0
0
0
0
0
0
1
0
9
0
0
0.13
34
0
0
0.03
0
0
0
0
0
0
0
0
0
0
1
0
841
0
0
0.12
328
0
0
0.02
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
2
0.18
33
0
0
0.1
0
0
0
0.18
0
0
0
0
0
0
0
0
SF
0
2
0.21
33
0
0
0.05
0
0
0
0.21
0
0
0
0
0
0
0
0
878
0
0
0.05
360
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
86
0
0
0.02
183
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
1727
0
0
0.02
24080
7
0
0
0
0
0
0
0
0
0
0
0
0
1
0
1480
0
0
0
0
0
0
1
0
0
0
0.53
1
0
0
0
0
0
1
0
1480
0
0
0
0
0
0
1
0
0
0
0.5
1
0
0
0
0
0
1
0
126
0
0
0
179
0
0
0.06
0
0
1
0
0
0
1
0.06
0
0
1
0.06
119
0
426
0
0
1
0
0
0
0
0
0
0.04
1405
1
0
0
0.04
1429
0
0
0
1
1430
0
0
0
1
1431
1
0
0
1
1432
1
0
0
1
1433
1
0
0
1
1454
0
0
0
0
1476
2
0
0
0
1477
0
0
0
0
1478
0
0
0
0
1479
0
0
1
0
1480
0
0
0
0
179
0
0
0
0
14
0
0
0
1
12
0
0
0
1
13
0
0
0
1
14
0
0
0
1
11
0
0
0
1
0
0
0
0
0
32
0
0
0
0
67
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
255
1
multihop
tcp
ftp
1
0
1
1
255
2
multihop
tcp
http
1
0
0
1
1
1
back
tcp
http
1
0
0
2
2
2
back
tcp
http
1
0
0
3
3
3
back
tcp
http
1
0
0
4
4
4
back
tcp
http
1
0
0
5
5
5
back
tcp
http
1
0
0
5
255
255
normal
tcp
ftp
1
0
1
1
1
1
ftp_write
tcp
login
1
0
0
1
2
1
ftp_write
icmp
eco_i
0
0
0
1
4
2
nmap
tcp
private
0
0
0
2
14
1
nmap
tcp
private
0
0
1
0
0
0.01
0
0
0
0
0
0
1
0
SF
0
1
0.01
87
0
0
0.01
319
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
RSTR
0
1
1
42340
0
0
0
1460
0
0
1
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
2
1
13140
0
0
0
1460
0
0
0.5
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
3
1
51100
0
0
0
4380
0
0
0.33
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
4
1
33580
0
0
0
7300
0
0
0.25
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
5
1
26280
0
0
0
1460
0
0
0.2
0
0
1
0
0
0
1
0
0
0
1
0
S2
0
5
1
244
0
0.2
0
27498
0
0.2
0
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
1
1
104
0
0
0
449
0
0
1
0
1
0
0
0
0
0
0
0
1
1
0
SF
0
1
0.5
157
0
0
1
2703
0
0
0.5
0
0
0
0
0
0
0
0
1
0
1
0
SF
0
1
0.5
8
0
0
0.75
0
0
0
0.5
0
0
0
0
0
0
0
0
0
0
1
0
SH
0
1
0.07
0
0
1
0.71
0
0
1
0.5
0
0
0
0
0
0
0
0.5
0
0
0.5
1
SH
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1493
2
0
0
0
1494
1
0
0
0.5
1505
2
0
0
0.14
1506
2
0
0
0.12
1507
2
0
0
0.11
1520
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0.5
0
0
0
0.6
0.14
0
0
0
0
0.12
0
0
0
0
0.11
21
0
0
0
0
0
24
nmap
tcp
1
0
1
back
tcp
1
0
2
back
tcp
1
0
7
back
tcp
1
0
8
back
tcp
1
0
9
back
tcp
1
0
255
rootkit
1
1
1
0.04
1
0.75
1
0.67
0
0
0
0.67
1
1
http
1
2
1
SF
0
2
1
54540
0
0
0
8314
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
http
0
2
2
RSTR
0
2
1
45908
0
0
0
7300
0
0
0.5
0
0
0.5
0
0
0
0.5
0
0
0
1
0
http
1
3
7
SF
0
5
1
54540
0
0
0
8314
0
0
0.14
0
0
0
0
0
0
0
0
0
0
1
0
http
1
3
8
SF
0
3
1
54540
0
0
0
8314
0
0
0.12
0
0
0
0
0
0
0
0
0
0
1
0
http
1
4
9
SF
0
4
1
54540
0
0
0
8314
0
0
0.11
0
0
0
0
0
0
0
0
0
0
1
0
ftp
0
1
1
SF
0
1
0
89
0
0
0.02
345
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0

1243
2
0
0
0.04
1244
1
0
0
0.04
1258
2
0
0
0
1284
0
0
0
0
1285
0
0
192
0
0
0
0
179
0
0
0
0
6
0
0
0
0
337
0
0
0
0
299
0
0
tcp
ftp
1
0
1
1
255
1
multihop
tcp
ftp
1
0
1
1
255
2
multihop
tcp
http
1
0
0
1
255
249
phf
tcp
telnet
1
0
0
1
255
47
spy
tcp
telnet
0
0
0
1
SF
0
1
0
119
0
0
0.01
426
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
SF
0
1
0.01
87
0
0
0.01
319
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
SF
1
1
0.98
51
0
0
0.01
8127
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
SF
0
1
0.18
237
1
0
0.02
1540
0
0
0
0
1
0
0
0
1
0
0.22
0
1
1
0.32
SF
0
1
112
0
0
847
0
0
0
0
0
0
0
0
0
0
1
0
0
1299
0
0
1
0
1300
0
0
1
0
1301
0
0
0
0
1302
0
0
0
0
1303
0
0
0
0
1304
0
0
1
0
1309
0
0
1
0
1310
0
0
0
0
1348
0
0
0
0
1349
0
0
0
0
1371
0
0
0
0
1372
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
1
0
60
1
0
0
0
708
0
0
0
0
0
0
0
0
0
0
0
0
255
spy
tcp
1
0
1
normal
udp
0
0
1
0
tcp
1
0
21
normal
tcp
1
0
31
normal
tcp
1
0
41
normal
udp
0
0
1
0
udp
0
0
1
0
tcp
1
0
111
normal
tcp
0
0
255
rootkit
tcp
1
0
255
rootkit
icmp
0
0
1
pod
icmp
0
0
48
0.19
0.02
0.22
0.31
smtp
0
2
1
SF
0
1
1
2936
0
0
0
329
0
0
1
0
0
0
0
0
0
0
0
0
0
0.5
0
domain_u
0
0
0
1
11
2
normal
smtp
SF
0
0
1
1
14
0.67
SF
0
2
0.18
30
0
0
0.27
0
0
0
0.18
0
0
0
0
0
0
0
0
3498
0
0
0.19
328
0
0
0.05
0
0
0
0
0
0
0
0
0
0
1
0
auth
0
1
4
SF
0
1
0.13
9
0
0
0.13
34
0
0
0.03
0
0
0
0
0
0
0
0
0
0
1
0
smtp
0
1
27
SF
0
1
0.66
841
0
0
0.12
328
0
0
0.02
0
0
0
0
0
0
0
0
0
0
1
0
domain_u
0
0
0
1
51
9
normal
domain_u
0
0
0
1
101
21
normal
smtp
SF
0
0
1
3
71
0.64
SF
0
2
0.18
33
0
0
0.1
0
0
0
0.18
0
0
0
0
0
0
0
0
SF
0
2
0.21
33
0
0
0.05
0
0
0
0.21
0
0
0
0
0
0
0
0
878
0
0
0.05
360
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
telnet
0
1
1
SF
0
1
0
86
0
0
0.02
183
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
telnet
6
1
3
SF
0
1
0.01
1727
0
0
0.02
24080
7
0
0
0
0
0
0
0
0
0
0
0
0
1
0
ecr_i
0
1
19
SF
0
1
1
1480
0
0
0
0
0
0
1
0
0
0
0.53
1
0
0
0
0
0
1
0
ecr_i
0
2
SF
0
2
1480
0
0
0
0
0
0
0
0
1
0
0
0
0
1
0
0
1403
1
0
0
0.94
1404
2
0
0
0.04
1405
1
0
0
0.04
1429
0
0
0
1
1430
0
0
0
1
1431
1
0
0
1
1432
1
0
0
1
1433
1
0
0
1
1454
0
0
0
0
1476
2
0
0
0
1477
0
0
0
0
1478
0
0
0
0
0
1
0
0
0.94
192
0
0
0
0
179
0
0
0
0
14
0
0
0
1
12
0
0
0
1
13
0
0
0
1
14
0
0
0
1
11
0
0
0
1
0
0
0
0
0
32
0
0
0
0
67
0
0
0
0
0
0
0
2
20
pod
tcp
telnet
0
0
0
2
16
16
guess_passwd
tcp
ftp
1
0
1
1
255
1
multihop
tcp
ftp
1
0
1
1
255
2
multihop
tcp
http
1
0
0
1
1
1
back
tcp
http
1
0
0
2
2
2
back
tcp
http
1
0
0
3
3
3
back
tcp
http
1
0
0
4
4
4
back
tcp
http
1
0
0
5
5
5
back
tcp
http
1
0
0
5
255
255
normal
tcp
ftp
1
0
1
1
1
1
ftp_write
tcp
login
1
0
0
1
2
1
ftp_write
icmp
eco_i
0
0
0
1
0.5
RSTO
0
2
1
126
0
0
0
179
0
0
0.06
0
0
1
0
0
0
1
0.06
0
0
1
0.06
SF
0
1
0
119
0
0
0.01
426
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
SF
0
1
0.01
87
0
0
0.01
319
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
RSTR
0
1
1
42340
0
0
0
1460
0
0
1
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
2
1
13140
0
0
0
1460
0
0
0.5
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
3
1
51100
0
0
0
4380
0
0
0.33
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
4
1
33580
0
0
0
7300
0
0
0.25
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
5
1
26280
0
0
0
1460
0
0
0.2
0
0
1
0
0
0
1
0
0
0
1
0
S2
0
5
1
244
0
0.2
0
27498
0
0.2
0
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
1
1
104
0
0
0
449
0
0
1
0
1
0
0
0
0
0
0
0
1
1
0
SF
0
1
0.5
157
0
0
1
2703
0
0
0.5
0
0
0
0
0
0
0
0
1
0
1
0
SF
0
1
8
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
1479
0
0
1
0
1493
2
0
0
0
1494
1
0
0
0.5
1505
2
0
0
0.14
1506
2
0
0
0.12
1507
2
0
0
0.11
1520
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0.5
0
0
0
0.6
0.14
0
0
0
0
0.12
0
0
0
0
0.11
21
0
0
0
0
4
nmap
tcp
0
0
14
nmap
tcp
1
0
1
back
tcp
1
0
2
back
tcp
1
0
7
back
tcp
1
0
8
back
tcp
1
0
9
back
tcp
1
0
255
rootkit
0.5
0.75
0.5
private
0
2
1
SH
0
1
0.07
0
0
1
0.71
0
0
1
0.5
0
0
0
0
0
0
0
0.5
0
0
0.5
1
http
1
2
1
SF
0
2
1
54540
0
0
0
8314
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
http
0
2
2
RSTR
0
2
1
45908
0
0
0
7300
0
0
0.5
0
0
0.5
0
0
0
0.5
0
0
0
1
0
http
1
3
7
SF
0
5
1
54540
0
0
0
8314
0
0
0.14
0
0
0
0
0
0
0
0
0
0
1
0
http
1
3
8
SF
0
3
1
54540
0
0
0
8314
0
0
0.12
0
0
0
0
0
0
0
0
0
0
1
0
http
1
4
9
SF
0
4
1
54540
0
0
0
8314
0
0
0.11
0
0
0
0
0
0
0
0
0
0
1
0
ftp
0
1
1
SF
0
1
0
89
0
0
0.02
345
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0

1243
2
0
0
0.04
1244
1
0
0
0.04
1258
2
0
0
0
1284
0
0
0
192
0
0
0
0
179
0
0
0
0
6
0
0
0
0
337
0
0
0
tcp
ftp
1
0
1
1
255
1
multihop
tcp
ftp
1
0
1
1
255
2
multihop
tcp
http
1
0
0
1
255
249
phf
tcp
telnet
1
0
0
1
255
47
SF
0
1
0
119
0
0
0.01
426
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
SF
0
1
0.01
87
0
0
0.01
319
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
SF
1
1
0.98
51
0
0
0.01
8127
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
SF
0
1
0.18
237
1
0
0.02
1540
0
0
0
0
1
0
0
0
1
0
0.22
0
1
1
0.32
0
1285
0
0
0
0
1299
0
0
1
0
1300
0
0
1
0
1301
0
0
0
0
1302
0
0
0
0
1303
0
0
0
0
1304
0
0
1
0
1309
0
0
1
0
1310
0
0
0
0
1348
0
0
0
0
1349
0
0
0
0
1371
0
0
0
0
299
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
1
0
60
1
0
0
0
708
0
0
0
0
0
0
0
0
spy
tcp
0
0
255
spy
tcp
1
0
1
normal
udp
0
0
1
0
tcp
1
0
21
normal
tcp
1
0
31
normal
tcp
1
0
41
normal
udp
0
0
1
0
udp
0
0
1
0
tcp
1
0
111
normal
tcp
0
0
255
rootkit
tcp
1
0
255
rootkit
icmp
0
0
1
telnet
0
1
48
SF
0
1
0.19
112
0
0
0.02
847
0
0
0
0
0
0
0
0
0
0
0.22
0
0
1
0.31
smtp
0
2
1
SF
0
1
1
2936
0
0
0
329
0
0
1
0
0
0
0
0
0
0
0
0
0
0.5
0
domain_u
0
0
0
1
11
2
normal
smtp
SF
0
0
1
1
14
0.67
SF
0
2
0.18
30
0
0
0.27
0
0
0
0.18
0
0
0
0
0
0
0
0
3498
0
0
0.19
328
0
0
0.05
0
0
0
0
0
0
0
0
0
0
1
0
auth
0
1
4
SF
0
1
0.13
9
0
0
0.13
34
0
0
0.03
0
0
0
0
0
0
0
0
0
0
1
0
smtp
0
1
27
SF
0
1
0.66
841
0
0
0.12
328
0
0
0.02
0
0
0
0
0
0
0
0
0
0
1
0
domain_u
0
0
0
1
51
9
normal
domain_u
0
0
0
1
101
21
normal
smtp
SF
0
0
1
3
71
0.64
SF
0
2
0.18
33
0
0
0.1
0
0
0
0.18
0
0
0
0
0
0
0
0
SF
0
2
0.21
33
0
0
0.05
0
0
0
0.21
0
0
0
0
0
0
0
0
878
0
0
0.05
360
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
telnet
0
1
1
SF
0
1
0
86
0
0
0.02
183
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
telnet
6
1
3
SF
0
1
0.01
1727
0
0
0.02
24080
7
0
0
0
0
0
0
0
0
0
0
0
0
1
0
ecr_i
0
1
19
SF
0
1
1
1480
0
0
0
0
0
0
1
0
0
0
0.53
1
0
0
0
0
0
1
0
0
1372
0
0
0
0
1403
1
0
0
0.94
1404
2
0
0
0.04
1405
1
0
0
0.04
1429
0
0
0
1
1430
0
0
0
1
1431
1
0
0
1
1432
1
0
0
1
1433
1
0
0
1
1454
0
0
0
0
1476
2
0
0
0
1477
0
0
0
0
0
0
0
0
0
0
1
0
0
0.94
192
0
0
0
0
179
0
0
0
0
14
0
0
0
1
12
0
0
0
1
13
0
0
0
1
14
0
0
0
1
11
0
0
0
1
0
0
0
0
0
32
0
0
0
0
67
0
0
0
pod
icmp
ecr_i
0
0
0
2
2
20
pod
tcp
telnet
0
0
0
2
16
16
guess_passwd
tcp
ftp
1
0
1
1
255
1
multihop
tcp
ftp
1
0
1
1
255
2
multihop
tcp
http
1
0
0
1
1
1
back
tcp
http
1
0
0
2
2
2
back
tcp
http
1
0
0
3
3
3
back
tcp
http
1
0
0
4
4
4
back
tcp
http
1
0
0
5
5
5
back
tcp
http
1
0
0
5
255
255
normal
tcp
ftp
1
0
1
1
1
1
ftp_write
tcp
login
1
0
0
1
2
1
SF
0
2
1
1480
0
0
0
0
0
0
1
0
0
0
0.5
1
0
0
0
0
0
1
0
RSTO
0
2
1
126
0
0
0
179
0
0
0.06
0
0
1
0
0
0
1
0.06
0
0
1
0.06
SF
0
1
0
119
0
0
0.01
426
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
SF
0
1
0.01
87
0
0
0.01
319
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
RSTR
0
1
1
42340
0
0
0
1460
0
0
1
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
2
1
13140
0
0
0
1460
0
0
0.5
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
3
1
51100
0
0
0
4380
0
0
0.33
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
4
1
33580
0
0
0
7300
0
0
0.25
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
5
1
26280
0
0
0
1460
0
0
0.2
0
0
1
0
0
0
1
0
0
0
1
0
S2
0
5
1
244
0
0.2
0
27498
0
0.2
0
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
1
1
104
0
0
0
449
0
0
1
0
1
0
0
0
0
0
0
0
1
1
0
SF
0
1
0.5
157
0
0
1
2703
0
0
0.5
0
0
0
0
0
0
0
0
1
0
1
0
0
1478
0
0
0
0
1479
0
0
1
0
1493
2
0
0
0
1505
2
0
0
0.14
1506
2
0
0
0.12
1520
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0.6
0.14
0
0
0
0
0.12
21
0
0
0
0
ftp_write
icmp
eco_i
0
0
0
1
4
2
nmap
tcp
private
0
0
0
2
14
1
nmap
tcp
http
1
1
0
2
1
1
back
tcp
http
1
1
0
3
7
7
back
tcp
http
1
1
0
3
8
8
back
tcp
ftp
1
0
0
1
255
1
rootkit
SF
0
1
0.5
8
0
0
0.75
0
0
0
0.5
0
0
0
0
0
0
0
0
0
0
1
0
SH
0
1
0.07
0
0
1
0.71
0
0
1
0.5
0
0
0
0
0
0
0
0.5
0
0
0.5
1
SF
0
2
1
54540
0
0
0
8314
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
5
1
54540
0
0
0
8314
0
0
0.14
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
3
1
54540
0
0
0
8314
0
0
0.12
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
1
0
89
0
0
0.02
345
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
SF
0
1
0
119
0
0
0.01
426
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
SF
1
1
0.98
51
0
0
0.01
8127
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
SF
0
1
0.18
237
1
0
0.02
1540
0
0
0
0
1
0
0
0
1
0
0.22
0
1
1
0.32
SF
0
1
0.19
112
0
0
0.02
847
0
0
0
0
0
0
0
0
0
0
0.22
0
0
1
0.31
SF
0
1
1
2936
0
0
0
329
0
0
1
0
0
0
0
0
0
0
0
0
0
0.5
0
//CCThreshold=1, jlh=32, time : 1576.917

1243
2
0
0
0.04
1258
2
0
0
0
1284
0
0
0
0
1285
0
0
0
0
1299
0
0
1
0
192
0
0
0
0
6
0
0
0
0
337
0
0
0
0
299
0
0
0
0
0
0
0
0
0
tcp
ftp
1
0
1
1
255
1
multihop
tcp
http
1
0
0
1
255
249
phf
tcp
telnet
1
0
0
1
255
47
spy
tcp
telnet
0
0
0
1
255
48
spy
tcp
smtp
1
0
0
2
1
1
normal
1300
0
0
1
0
1301
0
0
0
0
1302
0
0
0
0
1303
0
0
0
0
1304
0
0
1
0
1309
0
0
1
0
1310
0
0
0
0
1348
0
0
0
0
1371
0
0
0
0
1372
0
0
0
0
1403
1
0
0
0.94
1404
2
0
0
0.04
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
1
0
60
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0.94
192
0
0
0
0
udp
domain_u
0
0
0
0
0
1
1
11
2
0
normal
tcp
smtp
SF
1
0
0
0
1
1
21
14
0.67
normal
tcp
auth
SF
1
0
0
0
1
1
31
4
0.13
normal
tcp
smtp
SF
1
0
0
0
1
1
41
27
0.66
normal
udp
domain_u
0
0
0
0
0
1
1
51
9
0
normal
udp
domain_u
0
0
0
0
0
1
1
101
21
0
normal
tcp
smtp
SF
1
0
0
0
1
3
111
71
0.64
normal
tcp
telnet SF
0
0
0
0
1
1
255
1
0
rootkit
icmp
ecr_i SF
0
0
0
0
1
1
1
19
1
pod
icmp
ecr_i SF
0
0
0
0
2
2
2
20
1
pod
tcp
telnet RSTO
0
0
0
0
2
2
16
16
1
guess_passwd
tcp
ftp
SF
1
0
0
1
1
1
255
1
0
multihop
SF
0
2
0.18
30
0
0
0.27
0
0
0
0.18
0
0
0
0
0
0
0
0
3498
0
0
0.19
328
0
0
0.05
0
0
0
0
0
0
0
0
0
0
1
0
9
0
0
0.13
34
0
0
0.03
0
0
0
0
0
0
0
0
0
0
1
0
841
0
0
0.12
328
0
0
0.02
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
2
0.18
33
0
0
0.1
0
0
0
0.18
0
0
0
0
0
0
0
0
SF
0
2
0.21
33
0
0
0.05
0
0
0
0.21
0
0
0
0
0
0
0
0
878
0
0
0.05
360
0
0
0.01
0
0
0
0
0
0
0
0
0
0
1
0
86
0
0
0.02
183
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
1480
0
0
0
0
0
0
1
0
0
0
0.53
1
0
0
0
0
0
1
0
1480
0
0
0
0
0
0
1
0
0
0
0.5
1
0
0
0
0
0
1
0
126
0
0
0
179
0
0
0.06
0
0
1
0
0
0
1
0.06
0
0
1
0.06
119
0
0
0.01
426
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
1405
1
0
0
0.04
1429
0
0
0
1
1430
0
0
0
1
1431
1
0
0
1
1432
1
0
0
1
1433
1
0
0
1
1454
0
0
0
0
1476
2
0
0
0
1477
0
0
0
0
1478
0
0
0
0
1479
0
0
1
0
1493
2
0
0
0
179
0
0
0
0
14
0
0
0
1
12
0
0
0
1
13
0
0
0
1
14
0
0
0
1
11
0
0
0
1
0
0
0
0
0
32
0
0
0
0
67
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
tcp
ftp
1
0
1
1
255
2
multihop
tcp
http
1
0
0
1
1
1
back
tcp
http
1
0
0
2
2
2
back
tcp
http
1
0
0
3
3
3
back
tcp
http
1
0
0
4
4
4
back
tcp
http
1
0
0
5
5
5
back
tcp
http
1
0
0
5
255
255
normal
tcp
ftp
1
0
1
1
1
1
ftp_write
tcp
login
1
0
0
1
2
1
ftp_write
icmp
eco_i
0
0
0
1
4
2
nmap
tcp
private
0
0
0
2
14
1
nmap
tcp
http
1
1
0
2
1
1
back
SF
0
1
0.01
87
0
0
0.01
319
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
RSTR
0
1
1
42340
0
0
0
1460
0
0
1
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
2
1
13140
0
0
0
1460
0
0
0.5
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
3
1
51100
0
0
0
4380
0
0
0.33
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
4
1
33580
0
0
0
7300
0
0
0.25
0
0
1
0
0
0
1
0
0
0
1
0
RSTR
0
5
1
26280
0
0
0
1460
0
0
0.2
0
0
1
0
0
0
1
0
0
0
1
0
S2
0
5
1
244
0
0.2
0
27498
0
0.2
0
0
0
0
0
0
0
0
0
0
0
1
0
SF
0
1
1
104
0
0
0
449
0
0
1
0
1
0
0
0
0
0
0
0
1
1
0
SF
0
1
0.5
157
0
0
1
2703
0
0
0.5
0
0
0
0
0
0
0
0
1
0
1
0
SF
0
1
0.5
8
0
0
0.75
0
0
0
0.5
0
0
0
0
0
0
0
0
0
0
1
0
SH
0
1
0.07
0
0
1
0.71
0
0
1
0.5
0
0
0
0
0
0
0
0.5
0
0
0.5
1
SF
0
2
1
54540
0
0
0
8314
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
1505
2
0
0
0.14
1506
2
0
0
0.12
1520
1
0
0
0
0
0
0
0.6
0.14
0
0
0
0
0.12
21
0
0
0
0
tcp
1
0
7
back
tcp
1
0
8
back
tcp
1
0
255
rootkit
http
1
3
7
SF
0
5
1
54540
0
0
0
8314
0
0
0.14
0
0
0
0
0
0
0
0
0
0
1
0
http
1
3
8
SF
0
3
1
54540
0
0
0
8314
0
0
0.12
0
0
0
0
0
0
0
0
0
0
1
0
ftp
0
1
1
SF
0
1
0
89
0
0
0.02
345
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0

Outlier CCThreshold KDDCup99

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Outlier CCThreshold KDDCup99

Uploaded by

Copyright:

Available Formats

// CCThreshold=0.001, jlh=131, time:1298.

//CCThreshold=0.005, jlh=59, time:1343.213

// CCThreshold=0.01, jlh=48, time:1502.020

//CCThreshold=0.05, jlh=44, time : 1451.547

//CCThreshold=0.1, jlh=41, time : 1421.566

//CCThreshold=0.2, jlh=37, time : 1432.477

//CCThreshold=0.3, jlh=37, time : 1422.633

//CCThreshold=0.4, jlh=36, time : 1687.467

//CCThreshold=0.5, jlh=34, time : 1698.367

//CCThreshold=1, jlh=32, time : 1576.917

You might also like