The first flow to contain any XSS attack, by inspection of pcap files occurs at 13:16:16.603214 (UTC), port 52298, and the last flow to contain any XSS attack occurs at 13:34:28 (UTC). I think that 7 flows are incorrectly labeled, according to the following label logic for this attack.
With that said, in between the attack time period, two additional flows (port 52300, and 52318) also contain no XSS content in any part of the client requests.
I think a total of 9 flows have been mislabeled, which is basically 1/3 of the total flows for this attack
The first flow to contain any XSS attack, by inspection of pcap files occurs at 13:16:16.603214 (UTC), port 52298, and the last flow to contain any XSS attack occurs at 13:34:28 (UTC). I think that 7 flows are incorrectly labeled, according to the following label logic for this attack.
t_start = datetime.strptime('06/07/2017 10:13:00 AM', DATE_FORMAT_INTERNAL) t_end = datetime.strptime('06/07/2017 10:37:00 AM', DATE_FORMAT_INTERNAL)
With that said, in between the attack time period, two additional flows (port 52300, and 52318) also contain no XSS content in any part of the client requests.
I think a total of 9 flows have been mislabeled, which is basically 1/3 of the total flows for this attack