What's mean src_tx, dst_tx?

[SupremeYE]

I don't know what src_tx,dst_tx is because there is no data.

[shahifaqeer]

I don't know what src_tx,dst_tx is because there is no data.

Edit: Fixed.
src_tx is the number of bytes transmitted by the src_ip, i.e., outbound traffic.
dst_tx is the number of bytes transmitted by the dst_ip, i.e., inbound traffic.

[SupremeYE]

Thank you very much.

And I'm a student who wants to study about this topic, but it's hard to proceed because I don't have the data csv_file needed for the code.

Could you please share the data csv file?
If it's difficult to share it publicly, I'd really appreciate it if you could share it via personal email.
Thank you for allowing me to study good contents.

If possible, please email this [email protected]. Thank you

[SupremeYE]

Data files are necessary for studying, but I would appreciate it if you could leave me a reply even if you can't. Thank you.

[shahifaqeer]

I can't directly provide the data.csv since it doesn't belong to me.
Below is an example of the data file.
Each row is a flow with the fields ["ts", "ip_protocol", "state", "src_ip", "src_port", "dst_ip", "dst_port", "src_tx", "dst_tx",]

2017-01-27 16:24:42,tcp,closed,10.2.1.39,60707,74.201.65.31,443,21687,8999
2017-01-27 16:24:42,tcp,closed,10.2.1.39,60708,74.201.65.31,443,37065,14484
2017-01-27 16:24:42,tcp,closed,192.168.111.106,38190,10.2.1.38,443,124834,47898
2017-01-27 16:24:42,tcp,closed,192.168.111.46,44178,10.2.1.39,443,0,31
2017-01-27 16:24:42,tcp,established,10.2.20.1,60246,10.12.0.31,80,20125,1422804

[SupremeYE]

Thank you!

[SupremeYE]

Hello, Can you tell me why you use num_conns? I don't know what role this plays in measuring anomalies. What can you tell from the number of states?