Abstract
Researchers must often decide whether to use destination port as an input feature when building predictive models for intrusion detection systems. To evaluate this feature, we use the Bot-IoT dataset with three different sets of input features. The first and second set of input features comprise all Bot-IoT features (26 variables) and all Bot-IoT features excluding destination port (25 variables), respectively, while the third includes destination port as the only feature. Our results show that classification models trained on the first (26 variables) and second (25 variables) set of input features generally yield favourable results. We note that several destination port values are associated with disproportionate label distributions. Hence, it is possible in some cases, that the classifiers have been trained to closely correlate specific attack types with specific values of destination port. To the best of our knowledge, this is the first Bot-IoT study based on the destination port feature.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
