For feature engineering I will most likley drop any 'Protocols' that were not 17 (udp) or 6 (tcp). I would also like to see what impact removing 'FLOW_DURATION' == 0 would have. This column might have an impact on scanning activities but not for simply classifying as bening or malicious attacks. I would also REALLY like to get a timestamp but not sure how to do that. Time of day would be an interesting feature to add (normal business hours vs non normal business hours transactions).
For feature engineering I will most likley drop any 'Protocols' that were not 17 (udp) or 6 (tcp). I would also like to see what impact removing 'FLOW_DURATION' == 0 would have. This column might have an impact on scanning activities but not for simply classifying as bening or malicious attacks. I would also REALLY like to get a timestamp but not sure how to do that. Time of day would be an interesting feature to add (normal business hours vs non normal business hours transactions).