{"id":15648604,"url":"https://github.com/mohab-sameh/kdd99-feature-extractor-prebuilt","last_synced_at":"2025-07-17T14:07:05.928Z","repository":{"id":136033695,"uuid":"370387699","full_name":"mohab-sameh/Kdd99-Feature-Extractor-Prebuilt","owner":"mohab-sameh","description":null,"archived":false,"fork":false,"pushed_at":"2021-06-17T22:22:32.000Z","size":2501,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-12T08:45:54.767Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mohab-sameh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-05-24T14:51:10.000Z","updated_at":"2021-06-17T22:22:35.000Z","dependencies_parsed_at":null,"dependency_job_id":"225a9f85-5fb1-4ddc-ae76-d96fefa448cb","html_url":"https://github.com/mohab-sameh/Kdd99-Feature-Extractor-Prebuilt","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mohab-sameh/Kdd99-Feature-Extractor-Prebuilt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mohab-sameh%2FKdd99-Feature-Extractor-Prebuilt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mohab-sameh%2FKdd99-Feature-Extractor-Prebuilt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mohab-sameh%2FKdd99-Feature-Extractor-Prebuilt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mohab-sameh%2FKdd99-Feature-Extractor-Prebuilt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mohab-sameh","download_url":"https://codeload.github.com/mohab-sameh/Kdd99-Feature-Extractor-Prebuilt/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mohab-sameh%2FKdd99-Feature-Extractor-Prebuilt/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265614332,"owners_count":23798427,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-03T12:25:28.570Z","updated_at":"2025-07-17T14:07:05.905Z","avatar_url":"https://github.com/mohab-sameh.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# kdd99_feature_extractor\nUtility for extraction of subset of KDD '99 features [1] from realtime network traffic or .pcap file\n\nSome feature might not be calculated exactly same way as in KDD, because there was no documentation explaining the details of KDD implementation found. Algorithms are based on some articles [2][3] and observation of values in KDD dataset. \n\nFeatures in KDD should be the same as features introduced by Lee \u0026 Stolfo in their work [2].\n\n## Status\n* Current version is not 100% guarenteed to be perfect in sense that some features might be calculated bit different algorighms than KDD '99 dataset a Lee \u0026 Stolfo used. Hovewer, it is suitable for educational purposes.\n* Compiled \u0026 tested in following environments:\n  * Windows 7 x64, MSCV 2015 (14), WinPcap 4.1.3\n  * Windows 7 x64, MSCV 2013 (12), WinPcap 4.1.3\n  * Ubuntu 12.04 x64, gcc 4.6.3, libpcap 4.2\n\n## Features\n* Subset of KDD '99 features [1]\n  * Content features (columns 10-22 of KDD) are not included\n* Optional extra features - IP addresses, ports, timestamp of last packet (option `-e`)\n\n## Main components\n1. Sniffer\n  * Network traffic sniffer \u0026 frame parser\n2. IP reassembler\n  * Only IP header \"summaries\" \n  * Payload not reassembled (content features not extracted, it is not needed)\n3. Connection/Conversation reconstructor\n  * Reconstructs conversations\n  * Computes intrinsic features (columns 1-9 of KDD)\n4. Statistical engine\n  * Computes derived features (columns 23-41 of KDD)\n\n## Build instructions to Linux (tested on Ubuntu)\n1. Create a folder to temporal build files\u003cbr/\u003e\n   `mkdir build-files`\u003cbr/\u003e\u003cbr/\u003e\n2. Enter in the folder and compile the cache\u003cbr/\u003e\n  `cd build-files`\u003cbr/\u003e\n   `cmake -DCMAKE_BUILD_TYPE=Debug -G \"CodeBlocks - Unix Makefiles\" ..`\u003cbr/\u003e\u003cbr/\u003e\n3. Exit the folder of build cache and compile the project\u003cbr/\u003e\n  `cd ..`\u003cbr/\u003e\n  `cmake --build ./build-files --target kdd99extractor -- -j 4`\u003cbr/\u003e\u003cbr/\u003e\n4. Path to compiled project is:\u003cbr/\u003e\n  `build-files/src/kdd99extractor`\u003cbr/\u003e\u003cbr/\u003e\n\n## Planned sections in this readme\n* TODOs (e.g. IP checksum checking not implemented)\n* Known/possible problems, bugs \u0026 limitations\n\n\n## Main sources of feature documentation\n[1] KDD Cup 1999 Data, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html\n\n[2] [Lee, W. \u0026 Stolfo, S. J. (2000), 'A framework for \nonstructing features and models for intrusion detection systems', Information and System Security 3 (4) , 227-261.](http://wenke.gtisc.gatech.edu/ids-readings/lee_dmids_frmwk.pdf)\n\n[3] [Dybey, D. \u0026 Dubey, J. (2014), 'A Survey Intrusion Detection with KDD99 Cup Dataset', International Journal of Computer Science and Information Technology Research 2 (3), 146-157.](http://www.researchpublish.com/download.php?file=A%20Survey%20Intrusion%20Detection%20with%20KDD99-403.pdf\u0026act=book)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmohab-sameh%2Fkdd99-feature-extractor-prebuilt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmohab-sameh%2Fkdd99-feature-extractor-prebuilt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmohab-sameh%2Fkdd99-feature-extractor-prebuilt/lists"}