Feature Inventory
This section provides a comprehensive list of all features extracted from the dataset.
Each feature represents either metadata, log-based statistics, or network traffic characteristics captured during benign and attack scenarios.
⚠️ Important: All of these are window-based features.
This means that both network packets and sensor log messages are first split into fixed-size time windows.
Within each window, statistical summaries (e.g., min, max, mean, standard deviation) are computed for numeric values, while categorical values (e.g., IPs, MACs, ports, protocols) are represented as lists of observed items along with their counts.
The features are organized into groups such as Log Data Stats, Packet Traffic Rate, Network Multiplexing, Address Diversity, Fragmentation, Header Flags, Timing Control, and Size/Length.
Together, these features provide a rich representation of device behavior, enabling correlation of network and sensor activity, anomaly detection, and the training of machine learning or deep learning models for intrusion detection.
The following table lists every feature with its description and the group to which it belongs.
Feature List
| # | Feature | Description | Group |
|---|---|---|---|
| 1 | device_name | Name of the device in the testbed | Metadata |
| 2 | device_mac | MAC address of the device | Metadata |
| 3 | label_full | Full label (benign / specific attack type) | Labels |
| 4 | label1 | High-level label (e.g., benign / attack) | Labels |
| 5 | label2 | Attack category (e.g., dos, ddos, recon) | Labels |
| 6 | label3 | Sub-category of attack | Labels |
| 7 | label4 | Specific variant or parameterization of attack | Labels |
| 8 | timestamp | Time window identifier (UTC, ISO8601 or epoch) | Metadata |
| 9 | timestamp_start | Start timestamp of the time window (UTC, ISO8601 or epoch) | Metadata |
| 10 | timestamp_end | End timestamp of the time window (UTC, ISO8601 or epoch) | Metadata |
| 11 | log_data-ranges_avg | Mean of value ranges across log entries | Log Data Stats |
| 12 | log_data-ranges_max | Maximum value range across log entries | Log Data Stats |
| 13 | log_data-ranges_min | Minimum value range across log entries | Log Data Stats |
| 14 | log_data-ranges_std_dev | Standard deviation of value ranges across log entries | Log Data Stats |
| 15 | log_data-types | List of distinct data types in log entries | Log Data Stats |
| 16 | log_data-types_count | Count of distinct data types in log entries | Log Data Stats |
| 17 | log_interval-messages | Time interval of log messages in a window | Log Data Rate |
| 18 | log_messages_count | Total number of log messages in a time window | Log Data Rate |
| 19 | network_fragmentation-score | Overall fragmentation score | Fragmentation |
| 20 | network_fragmented-packets | Number of fragmented packets | Fragmentation |
| 21 | network_header-length_avg | Mean IP header length | Size/Length |
| 22 | network_header-length_max | Maximum IP header length | Size/Length |
| 23 | network_header-length_min | Minimum IP header length | Size/Length |
| 24 | network_header-length_std_deviation | Std. deviation of IP header length | Size/Length |
| 25 | network_interval-packets | Time interval of packets in a time window | Packet Traffic Rate |
| 26 | network_ip-flags_avg | Mean of IP flag values | Header Flags |
| 27 | network_ip-flags_max | Maximum IP flag values | Header Flags |
| 28 | network_ip-flags_min | Minimum IP flag values | Header Flags |
| 29 | network_ip-flags_std_deviation | Std. deviation of IP flag values | Header Flags |
| 30 | network_ip-length_avg | Mean IP packet length | Size/Length |
| 31 | network_ip-length_max | Maximum IP packet length | Size/Length |
| 32 | network_ip-length_min | Minimum IP packet length | Size/Length |
| 33 | network_ip-length_std_deviation | Std. deviation of IP packet length | Size/Length |
| 34 | network_ips_all | List of all IPs observed | Address Diversity |
| 35 | network_ips_all_count | Count of all IPs observed | Address Diversity |
| 36 | network_ips_dst | List of destination IPs observed | Address Diversity |
| 37 | network_ips_dst_count | Count of destination IPs observed | Address Diversity |
| 38 | network_ips_src | List of source IPs observed | Address Diversity |
| 39 | network_ips_src_count | Count of source IPs observed | Address Diversity |
| 40 | network_macs_all | List of all MACs observed | Address Diversity |
| 41 | network_macs_all_count | Count of all MACs observed | Address Diversity |
| 42 | network_macs_dst | List of destination MACs observed | Address Diversity |
| 43 | network_macs_dst_count | Count of destination MACs observed | Address Diversity |
| 44 | network_macs_src | List of source MACs observed | Address Diversity |
| 45 | network_macs_src_count | Count of source MACs observed | Address Diversity |
| 46 | network_mss_avg | Mean maximum segment size | Size/Length |
| 47 | network_mss_max | Maximum segment size | Size/Length |
| 48 | network_mss_min | Minimum segment size | Size/Length |
| 49 | network_mss_std_deviation | Std. deviation of segment size | Size/Length |
| 50 | network_packet-size_avg | Mean packet size | Size/Length |
| 51 | network_packet-size_max | Maximum packet size | Size/Length |
| 52 | network_packet-size_min | Minimum packet size | Size/Length |
| 53 | network_packet-size_std_deviation | Std. deviation of packet size | Size/Length |
| 54 | network_packets_all_count | Total number of packets | Packet Traffic Rate |
| 55 | network_packets_dst_count | Number of destination packets | Packet Traffic Rate |
| 56 | network_packets_src_count | Number of source packets | Packet Traffic Rate |
| 57 | network_payload-length_avg | Mean payload length | Size/Length |
| 58 | network_payload-length_max | Maximum payload length | Size/Length |
| 59 | network_payload-length_min | Minimum payload length | Size/Length |
| 60 | network_payload-length_std_deviation | Std. deviation of payload length | Size/Length |
| 61 | network_ports_all | List of all ports observed | Network Multiplexing |
| 62 | network_ports_all_count | Count of all ports observed | Network Multiplexing |
| 63 | network_ports_dst | List of destination ports observed | Network Multiplexing |
| 64 | network_ports_dst_count | Count of destination ports observed | Network Multiplexing |
| 65 | network_ports_src | List of source ports observed | Network Multiplexing |
| 66 | network_ports_src_count | Count of source ports observed | Network Multiplexing |
| 67 | network_protocols_all | List of all protocols observed | Network Multiplexing |
| 68 | network_protocols_all_count | Count of all protocols observed | Network Multiplexing |
| 69 | network_protocols_dst | List of destination protocols observed | Network Multiplexing |
| 70 | network_protocols_dst_count | Count of destination protocols observed | Network Multiplexing |
| 71 | network_protocols_src | List of source protocols observed | Network Multiplexing |
| 72 | network_protocols_src_count | Count of source protocols observed | Network Multiplexing |
| 73 | network_tcp-flags-ack_count | Count of TCP ACK flags | Header Flags |
| 74 | network_tcp-flags-fin_count | Count of TCP FIN flags | Header Flags |
| 75 | network_tcp-flags-psh_count | Count of TCP PSH flags | Header Flags |
| 76 | network_tcp-flags-rst_count | Count of TCP RST flags | Header Flags |
| 77 | network_tcp-flags-syn_count | Count of TCP SYN flags | Header Flags |
| 78 | network_tcp-flags-urg_count | Count of TCP URG flags | Header Flags |
| 79 | network_tcp-flags_avg | Mean of TCP flag values | Header Flags |
| 80 | network_tcp-flags_max | Maximum of TCP flag values | Header Flags |
| 81 | network_tcp-flags_min | Minimum of TCP flag values | Header Flags |
| 82 | network_tcp-flags_std_deviation | Std. deviation of TCP flag values | Header Flags |
| 83 | network_time-delta_avg | Mean inter-packet time delta | Timing Control |
| 84 | network_time-delta_max | Maximum inter-packet time delta | Timing Control |
| 85 | network_time-delta_min | Minimum inter-packet time delta | Timing Control |
| 86 | network_time-delta_std_deviation | Std. deviation of inter-packet time delta | Timing Control |
| 87 | network_ttl_avg | Mean TTL value | Timing Control |
| 88 | network_ttl_max | Maximum TTL value | Timing Control |
| 89 | network_ttl_min | Minimum TTL value | Timing Control |
| 90 | network_ttl_std_deviation | Std. deviation of TTL values | Timing Control |
| 91 | network_window-size_avg | Mean TCP window size | Timing Control |
| 92 | network_window-size_max | Maximum TCP window size | Timing Control |
| 93 | network_window-size_min | Minimum TCP window size | Timing Control |
| 94 | network_window-size_std_deviation | Std. deviation of TCP window size | Timing Control |