Bulk calculations incorrect

[lisa-lthorrold]

    public void updateFlowBulk (BasicPacketInfo packet){

        if(this.src == packet.getSrc()){
            updateForwardBulk(packet,blastBulkTS);
        }else {
            updateBackwardBulk(packet,flastBulkTS);
        }

    }

The src/dest values are byte arrays. This is a memory address comparison that will always return false, so everything is added to the backward bulk summary statistics. The correct comparison method should be if (Arrays.equals(this.src, packet.getSrc()))

This has implications for 6 features:

• Fwd Avg Bytes
• Fwd Avg Packets
• Fwd Avg Bulk Rate
• Bwd Avg Bytes
• Bwd Avg Packets
• Bwd Avg Bulk Rate

And the datasets generated before this is fixed will not have the correct values as the author intended, I suspect

[zyzshishui]

I'm implementing this project to c++ and I just found the same issue with you. I also noticed that the 6 features you listed have been set to 0 in the released cicids2017.

[ahlashkari]

Hi, We are pleased to announce that the first version of the Network and Transportation Layers Flow Analyzer (NTLFlowLyzer) is now available as part of the Understanding Cybersecurity Series (UCS) knowledge mobilization program. This Python open-source project has been designed and developed to address many issues encountered with CICFlowMeter. It extracts over 300 features from TCP-based network traffic, tailored explicitly for Anomaly Profiling (AP). NTLFlowLyzer serves as a key component of the upcoming NetFlowLyzer.

https://github.com/ahlashkari/NTLFlowLyzer

Best, BCCC Team https://www.yorku.ca/research/bccc/