I'm probably getting a bit uppity, but this seems like another case of people just doing stuff that other people have done before and then not bothering to document almost anything of importance.
For example, they mention how significant "benign behavior" is, and then this is their entire description of benign behavior in their dataset:
In network security, a "benign profile" is a baseline of normal or expected network behaviour that can be used as a reference point to identify potential security threats. A benign profile provides a baseline of normal network traffic, applications, and protocols. Creating a benign profile involves collecting and analyzing data on network behaviour over time and then using that data to create a baseline profile representing normal network behaviour. This baseline profile is then used as a reference point to detect deviations from normal behaviour that could indicate a security threat. It represents all the expected daily events in such an environment.
They do this for almost everything, beginning by defining what XY is in general, and then... just leaving it at that. Frustrating.
Do not merge before #70
I'm probably getting a bit uppity, but this seems like another case of people just doing stuff that other people have done before and then not bothering to document almost anything of importance.
For example, they mention how significant "benign behavior" is, and then this is their entire description of benign behavior in their dataset:
They do this for almost everything, beginning by defining what XY is in general, and then... just leaving it at that. Frustrating.