CICFlowMeter icon indicating copy to clipboard operation
CICFlowMeter copied to clipboard

Published 20 hours ago verified publisher icon ahlashkari

Bulk calculations incorrect

Open lisa-lthorrold opened this issue 3 years ago • 1 comments 

	public void updateFlowBulk (BasicPacketInfo packet){

		if(this.src == packet.getSrc()){
			updateForwardBulk(packet,blastBulkTS);
		}else {
			updateBackwardBulk(packet,flastBulkTS);
		}

	}

The src/dest values are byte arrays. This is a memory address comparison that will always return false, so everything is added to the backward bulk summary statistics. The correct comparison method should be if (Arrays.equals(this.src, packet.getSrc()))

This has implications for 6 features:

  • Fwd Avg Bytes
  • Fwd Avg Packets
  • Fwd Avg Bulk Rate
  • Bwd Avg Bytes
  • Bwd Avg Packets
  • Bwd Avg Bulk Rate

And the datasets generated before this is fixed will not have the correct values as the author intended, I suspect

lisa-lthorrold avatar Oct 22 '21 14:10 lisa-lthorrold

I'm implementing this project to c++ and I just found the same issue with you. I also noticed that the 6 features you listed have been set to 0 in the released cicids2017.

zyzshishui avatar Jul 27 '23 18:07 zyzshishui