I
nte
rna
t
io
na
l J
o
urna
l o
f
E
lect
rica
l a
nd
Co
m
p
ute
r
E
ng
in
ee
ring
(
I
J
E
CE
)
Vo
l.
9
,
No
.
3
,
J
u
n
e
201
9
,
p
p
.
2177
~
2
1
8
4
I
SS
N:
2088
-
8708
,
DOI
: 1
0
.
1
1
5
9
1
/
i
j
ec
e
.
v
9
i
3
.
p
p
2
1
7
7
-
2184
2177
J
o
ur
na
l ho
m
ep
a
g
e
:
h
ttp
:
//ia
e
s
co
r
e
.
co
m/
jo
u
r
n
a
ls
/in
d
ex
.
p
h
p
/
I
JE
C
E
O
pti
m
a
l
r
e
m
o
te
a
ccess
T
ro
jans
d
e
t
ection
b
a
sed
o
n
n
etw
o
rk
b
eha
v
io
r
K
hin
Sw
e
Yin
,
M
a
y
Ay
e
K
hi
ne
F
a
c
u
lt
y
o
f
Co
m
p
u
ti
n
g
,
Un
iv
e
rsity
o
f
Co
m
p
u
ter S
t
u
d
ies
,
M
y
a
n
m
a
r
Art
icle
I
nfo
AB
ST
RAC
T
A
r
ticle
his
to
r
y:
R
ec
eiv
ed
J
an
1
5
,
2
0
1
8
R
ev
i
s
ed
Dec
1
8
,
2
0
1
8
A
cc
ep
ted
J
an
1
1
,
2
0
1
9
RAT
is
o
n
e
o
f
th
e
m
o
st
in
f
e
c
ted
m
a
l
w
a
re
in
th
e
h
y
p
e
r
-
c
o
n
n
e
c
ted
w
o
rld
.
Da
ta
is
b
e
in
g
lea
k
e
d
o
r
d
isc
lo
se
d
e
v
e
ry
d
a
y
b
e
c
a
u
se
n
e
w
r
e
m
o
te
a
c
c
e
ss
T
ro
jan
s
a
re
e
m
e
r
g
in
g
a
n
d
th
e
y
a
re
u
se
d
to
ste
a
l
c
o
n
f
id
e
n
ti
a
l
d
a
ta
f
ro
m
tar
g
e
t
h
o
sts.
N
e
tw
o
rk
b
e
h
a
v
io
r
-
b
a
se
d
d
e
tec
ti
o
n
h
a
s
b
e
e
n
u
se
d
t
o
p
r
o
v
id
e
a
n
e
ff
e
c
ti
v
e
d
e
tec
ti
o
n
m
o
d
e
l
f
o
r
Re
m
o
te
Ac
c
e
ss
T
ro
jan
s.
Ho
w
e
v
e
r,
th
e
re
is
stil
l
sh
o
rt
c
o
m
in
g
s:
t
o
d
e
tec
t
a
s
e
a
rly
a
s
p
o
ss
i
b
le,
so
m
e
F
a
lse
Ne
g
a
ti
v
e
Ra
te
a
n
d
a
c
c
u
ra
c
y
th
a
t
m
a
y
v
a
r
y
d
e
p
e
n
d
in
g
on
ra
ti
o
o
f
n
o
rm
a
l
a
n
d
m
a
li
c
io
u
s
RA
T
se
ss
io
n
s.
A
s
t
y
p
ica
l
n
e
t
w
o
rk
c
o
n
tain
s
larg
e
a
m
o
u
n
t
o
f
n
o
rm
a
l
t
ra
ff
ic
a
n
d
s
m
a
ll
a
m
o
u
n
t
o
f
m
a
li
c
io
u
s
tra
ff
ic
,
th
e
d
e
tec
ti
o
n
m
o
d
e
l
wa
s
b
u
il
t
b
a
se
d
o
n
th
e
d
if
fe
re
n
t
ra
ti
o
o
f
n
o
rm
a
l
a
n
d
m
a
li
c
io
u
s
se
ss
io
n
s
i
n
p
re
v
io
u
s
w
o
rk
s.
A
t
th
a
t
ti
m
e
f
a
lse
n
e
g
a
ti
v
e
r
a
te
i
s
les
s
th
a
n
2
%
,
a
n
d
it
v
a
rie
s
d
e
p
e
n
d
in
g
o
n
d
if
fe
re
n
t
ra
ti
o
o
f
n
o
rm
a
l
a
n
d
m
a
li
c
io
u
s
in
sta
n
c
e
s
.
A
n
u
n
b
a
lan
c
e
d
d
a
tas
e
t
w
il
l
b
ias
th
e
p
re
d
ictio
n
m
o
d
e
l
t
o
w
a
rd
s
th
e
m
o
re
c
o
m
m
o
n
c
las
s.
In
th
is p
a
p
e
r,
e
a
c
h
RAT
is
ru
n
m
a
n
y
ti
m
e
s
in
o
rd
e
r
to
c
a
p
tu
re
v
a
rian
t
b
e
h
a
v
io
r
o
f
a
R
e
m
o
te
A
c
c
e
ss
T
ro
jan
in
th
e
e
a
rly
sta
g
e
,
a
n
d
b
a
l
a
n
c
e
d
in
sta
n
c
e
s
o
f
n
o
rm
a
l
a
p
p
li
c
a
ti
o
n
s
a
n
d
Re
m
o
te
Ac
c
e
s
s
T
ro
jan
s
a
re
u
se
d
f
o
r
d
e
tec
ti
o
n
m
o
d
e
l.
Ou
r
a
p
p
ro
a
c
h
a
c
h
iev
e
s
9
9
%
a
c
c
u
ra
c
y
a
n
d
0
.
3
%
F
a
lse
N
e
g
a
ti
v
e
Ra
te b
y
Ra
n
d
o
m
F
o
re
st
Alg
o
rit
h
m
.
K
ey
w
o
r
d
s
:
Net
w
o
r
k
b
eh
av
io
r
d
etec
tio
n
R
an
d
o
m
f
o
r
ests
al
g
o
r
ith
m
R
e
m
o
te
a
cc
es
s
T
r
o
j
an
s
Co
p
y
rig
h
t
©
2
0
1
9
In
stit
u
te o
f
A
d
v
a
n
c
e
d
E
n
g
i
n
e
e
rin
g
a
n
d
S
c
ien
c
e
.
Al
l
rig
h
ts re
se
rv
e
d
.
C
o
r
r
e
s
p
o
nd
ing
A
uth
o
r
:
Kh
i
n
S
w
e
Yi
n
,
Facu
lt
y
o
f
C
o
m
p
u
tin
g
,
Un
i
v
er
s
it
y
o
f
C
o
m
p
u
ter
Stu
d
i
es,
Yan
g
o
n
,
No
.
4
,
Ma
in
R
o
ad
,
Sh
w
eP
y
iT
h
ar
T
o
w
n
s
h
ip
,
Yan
g
o
n
,
M
y
a
n
m
ar
.
E
m
ail:
k
h
in
s
w
e
y
in
@
u
cs
y
.
ed
u
.
m
m
1.
I
NT
RO
D
UCT
I
O
N
An
o
r
g
an
izatio
n
o
r
a
p
er
s
o
n
s
u
f
f
er
s
f
i
n
an
cia
l
lo
s
s
,
r
ep
u
tatio
n
lo
s
s
a
n
d
b
u
s
i
n
ess
d
is
r
u
p
tio
n
b
ec
au
s
e
o
f
d
ata
b
r
ea
ch
.
As
t
h
e
t
h
r
ea
t
o
f
d
ata
b
r
ea
ch
es
is
i
n
cr
ea
s
i
n
g
e
v
er
y
y
ea
r
,
s
ec
u
r
it
y
o
f
co
n
f
id
e
n
tial
in
f
o
r
m
at
io
n
i
s
m
o
r
e
i
m
p
o
r
tan
t
th
a
n
b
e
f
o
r
e.
On
e
o
f
th
e
m
ai
n
r
ea
s
o
n
s
o
f
o
cc
u
r
r
in
g
d
ata
b
r
ea
ch
i
s
tar
g
et
ed
m
al
w
ar
e
attac
k
s
.
R
e
m
o
te
A
cc
es
s
T
r
o
j
an
s
ar
e
in
s
tal
led
o
n
e
n
d
p
o
in
t
s
u
s
i
n
g
d
r
iv
e
-
by
-
d
o
w
n
lo
ad
,
e
m
ail
a
n
d
USB
tactics.
I
f
a
co
m
p
u
t
er
is
in
f
ec
ted
w
it
h
R
e
m
o
te
A
cc
e
s
s
T
r
o
j
an
,
its
’
co
m
m
an
d
an
d
co
n
tr
o
l
tr
af
f
ic
s
t
ea
lth
il
y
co
n
tr
o
l
th
e
v
icti
m
an
d
s
teal
s
co
n
f
id
e
n
tial
in
f
o
r
m
a
tio
n
.
A
d
v
a
n
ce
d
p
er
s
is
ten
t
t
h
r
ea
ts
g
a
th
er
co
n
f
id
en
ti
al
d
ata
f
r
o
m
tar
g
e
t
h
o
s
ts
b
y
p
la
n
ti
n
g
T
r
o
j
an
s
.
Fire
w
all,
i
n
tr
u
s
io
n
d
e
tectio
n
/p
r
ev
en
tio
n
s
y
s
te
m
s
a
n
d
an
ti
v
ir
u
s
s
ca
n
n
er
s
ar
e
u
s
ed
to
s
ec
u
r
e
n
et
w
o
r
k
f
r
o
m
m
al
icio
u
s
ac
tiv
i
ties
.
T
h
er
e
ar
e
t
w
o
d
etec
tio
n
tech
n
iq
u
e
s
:
h
o
s
t
-
b
ased
an
d
n
et
w
o
r
k
-
b
ased
.
As
h
o
s
t
-
b
a
s
ed
d
etec
tio
n
s
y
s
t
e
m
h
as
to
b
e
i
n
s
ta
lled
o
n
e
ac
h
h
o
s
t
[
1
]
,
[
2
]
,
it
h
as
s
o
m
e
co
m
p
le
x
it
y
a
n
d
o
v
er
h
ea
d
.
Net
w
o
r
k
b
ased
d
et
ec
tio
n
tec
h
n
iq
u
e
ap
p
lies
Dee
p
P
ac
k
et
I
n
s
p
ec
tio
n
(
DP
I
)
tec
h
n
iq
u
es
th
at
g
ai
n
a
v
er
y
h
i
g
h
ac
c
u
r
ac
y
b
u
t
t
h
e
y
c
an
n
o
t
d
etec
t
u
n
k
n
o
w
n
T
r
o
j
an
s
.
Dee
p
p
ac
k
et
i
n
s
p
ec
tio
n
u
s
e
s
r
eg
u
lar
e
x
p
r
ess
io
n
(
R
E
)
m
atch
in
g
[
3
]
.
I
t
ex
a
m
i
n
es
p
ac
k
et
p
a
y
lo
ad
w
h
et
h
er
it
is
m
atc
h
ed
w
it
h
a
n
y
p
r
ed
ef
i
n
ed
r
eg
u
lar
ex
p
r
es
s
io
n
s
.
T
h
e
attac
k
p
atter
n
s
o
r
s
i
g
n
a
tu
r
es
o
f
an
t
iv
ir
u
s
s
ca
n
n
er
a
n
d
in
tr
u
s
io
n
d
etec
tio
n
s
y
s
te
m
s
ar
e
d
ef
i
n
ed
f
r
o
m
k
n
o
w
n
m
al
w
ar
e.
A
s
ig
n
at
u
r
e
is
a
s
eq
u
en
ce
o
f
b
y
te
s
o
r
s
eq
u
en
ce
o
f
ev
en
t
s
o
r
s
eq
u
en
ce
o
f
s
y
s
te
m
ca
lls
,
etc
[
4
]
,
[
5
]
.
I
f
th
e
attac
k
s
i
g
n
at
u
r
e
i
s
s
lig
h
tl
y
ch
a
n
g
ed
b
y
h
ac
k
er
s
u
s
in
g
s
i
m
p
le
o
b
f
u
s
ca
tio
n
tec
h
n
iq
u
e
s
u
ch
as
i
n
s
er
tin
g
n
o
-
Evaluation Warning : The document was created with Spire.PDF for Python.
I
SS
N
:
2
0
8
8
-
8708
I
n
t J
E
lec
&
C
o
m
p
E
n
g
,
Vo
l.
9
,
No
.
3
,
J
u
n
e
201
9
:
2
1
7
7
-
2
1
8
4
2178
o
p
s
an
d
co
d
e
r
e
-
o
r
d
er
in
g
o
r
a
n
o
v
el
attac
k
ap
p
ea
r
s
,
th
e
u
n
s
e
en
attac
k
w
ill
b
e
co
n
s
id
er
ed
as
ac
ce
p
tab
le
p
atter
n
an
d
th
i
s
attac
k
w
ill
b
e
m
is
s
ed
.
Mo
r
eo
v
er
,
m
ai
n
te
n
an
ce
o
f
t
h
e
s
i
g
n
atu
r
e
d
atab
ase
is
a
n
e
x
tr
e
m
el
y
ted
io
u
s
a
n
d
ti
m
e
-
co
n
s
u
m
i
n
g
.
A
lt
h
o
u
g
h
v
ar
io
u
s
tech
n
iq
u
e
s
h
av
e
b
ee
n
i
n
tr
o
d
u
ce
d
to
d
etec
t
r
e
m
o
te
A
cc
es
s
T
r
o
j
an
s
,
th
e
r
e
r
em
a
in
s
t
w
o
ch
al
len
g
es
:
(
1
)
th
er
e
is
w
ea
k
n
e
s
s
f
o
r
ex
tr
ac
tin
g
co
r
r
ec
t
in
f
o
r
m
atio
n
f
o
r
f
ea
t
u
r
es
in
t
h
e
ea
r
ly
s
ta
g
e
an
d
(
2
)
f
alse
n
e
g
ati
v
e
r
ate
t
h
at
s
h
o
u
l
d
b
e
tak
en
ca
r
e
o
f
,
(
3
)
o
v
er
h
ea
d
.
W
h
en
to
s
to
p
an
d
cu
t
th
e
tr
a
f
f
ic
is
v
er
y
i
m
p
o
r
tan
t
to
e
x
tr
ac
t
e
f
f
ec
t
iv
e
f
ea
t
u
r
es.
Si
n
ce
s
o
m
e
f
ea
tu
r
e
s
ar
e
ex
tr
ac
ted
f
r
o
m
a
s
es
s
io
n
t
h
at
s
tar
t
s
f
r
o
m
SY
N
p
ac
k
et
in
T
C
P
th
r
ee
-
w
a
y
h
an
d
s
h
ak
e
to
FIN
/
AC
K
p
ac
k
et
a
n
d
s
o
m
e
ar
e
o
b
tain
ed
f
r
o
m
a
s
ess
io
n
th
a
t
s
tar
ts
a
co
n
n
ec
tio
n
to
t
h
e
e
n
d
o
f
t
h
e
tr
af
f
ic,
ti
m
e
ta
k
es
lo
n
g
a
n
d
co
n
f
id
e
n
tial
in
f
o
r
m
at
io
n
w
i
l
l
b
e
leak
ed
b
ef
o
r
e
d
et
ec
tio
n
.
Net
w
o
r
k
b
eh
a
v
io
r
al
an
al
y
s
i
s
h
a
s
b
ee
n
u
s
ed
to
cl
ass
i
f
y
n
et
w
o
r
k
tr
af
f
ic
ap
p
lica
tio
n
s
a
n
d
to
d
etec
t
m
al
w
ar
e
[
6
]
,
[
7
]
.
A
s
f
ea
t
u
r
es
ar
e
ex
tr
ac
ted
f
r
o
m
th
e
ea
r
l
y
s
t
ag
e
th
at
d
ep
en
d
s
o
n
p
ac
k
et
i
n
ter
v
al
ti
m
e
,
co
r
r
ec
t
in
f
o
r
m
atio
n
f
o
r
f
ea
tu
r
es
ca
n
n
o
t
b
e
o
b
tai
n
ed
w
h
en
er
r
o
r
-
r
ec
o
v
er
y
f
ea
t
u
r
e
lik
e
T
C
P
r
etr
e
m
is
s
io
n
o
cc
u
r
s
.
An
ti
v
ir
u
s
s
ca
n
n
er
s
n
ee
d
s
to
b
e
in
s
talled
o
n
ea
c
h
h
o
s
t
a
n
d
it
n
ee
d
s
to
b
e
u
p
d
ated
d
aily
.
Mo
r
eo
v
er
,
j
u
s
t
a
s
i
m
p
le
r
atio
o
f
m
alic
io
u
s
a
n
d
n
o
r
m
al
ap
p
licatio
n
s
is
ap
p
lied
f
o
r
b
u
ild
in
g
a
m
o
d
el.
As
t
y
p
ical
n
et
w
o
r
k
co
n
tain
s
ap
p
r
o
x
i
m
ate
l
y
9
9
.
9
9
%
o
f
n
o
r
m
al
in
s
tan
ce
s
a
n
d
s
m
all
n
u
m
b
er
o
f
m
a
licio
u
s
i
n
s
tan
ce
s
,
j
u
s
t
a
s
i
m
p
le
r
atio
o
f
n
o
r
m
al
a
n
d
m
al
icio
u
s
tr
a
f
f
ic
in
s
ta
n
ce
s
i
s
n
o
t
e
n
o
u
g
h
to
ap
p
r
o
ac
h
a
b
est
d
etec
tio
n
m
o
d
el
w
i
t
h
ef
f
ec
tiv
e
f
ea
t
u
r
es a
n
d
n
o
o
v
er
h
ea
d
.
I
n
th
i
s
p
ap
er
f
ea
tu
r
e
s
ar
e
ex
tr
a
cted
w
it
h
i
n
t
h
e
f
ir
s
t
t
w
e
n
t
y
p
a
ck
ets
t
h
at
s
tar
ts
S
YN
o
f
T
C
P
th
r
ee
-
w
a
y
h
an
d
s
h
a
k
e
to
t
w
en
tiet
h
p
ac
k
ets
w
it
h
o
u
t
d
ep
en
d
i
n
g
o
n
h
o
w
lo
n
g
p
ac
k
e
t
in
ter
v
al
ti
m
e
tak
es.
Fir
s
t
t
w
e
n
t
y
p
ac
k
ets
ar
e
en
o
u
g
h
to
d
etec
t
m
alicio
u
s
tr
a
f
f
ic
o
f
r
e
m
o
te
ac
ce
s
s
tr
o
j
an
s
i
n
th
e
ea
r
l
y
s
tag
e
,
an
d
it
ca
n
a
v
o
id
er
r
o
r
-
r
ec
o
v
er
y
f
ea
tu
r
e
s
to
o
.
I
n
ad
d
itio
n
,
R
A
T
s
ar
e
r
u
n
m
a
n
y
ti
m
es
a
n
d
th
eir
d
if
f
er
en
t
b
eh
a
v
io
r
s
ar
e
ca
p
tu
r
ed
.
Dif
f
er
en
t
r
atio
s
o
f
n
o
r
m
al
a
n
d
m
alicio
u
s
i
n
s
ta
n
ce
s
ar
e
ap
p
lied
f
o
r
an
al
y
zin
g
d
etec
tio
n
m
o
d
el.
O
u
r
ap
p
r
o
ac
h
r
ed
u
ce
s
FN
R
to
0
%
w
h
ile
m
ai
n
tai
n
in
g
ea
r
l
y
s
ta
g
e
d
etec
tio
n
.
Mo
r
eo
v
er
,
it
is
ea
s
y
to
m
a
n
a
g
e
th
r
o
u
g
h
n
e
t
w
o
r
k
an
d
w
e
d
o
n
o
t
n
ee
d
to
i
n
s
ta
ll
an
d
u
p
d
ate
ap
p
licatio
n
to
ea
ch
ter
m
in
a
l
a
s
it
i
s
n
e
t
w
o
r
k
-
b
a
s
ed
ap
p
r
o
ac
h
.
As
a
b
eh
av
io
r
-
b
ased
d
etec
tio
n
,
b
o
th
u
n
k
n
o
w
n
R
A
T
s
an
d
v
ar
ian
t
s
o
f
k
n
o
w
n
R
A
T
s
ca
n
b
e
d
etec
ted
w
i
th
o
u
t
ti
m
e
co
n
s
u
m
i
n
g
.
T
h
e
p
ap
er
is
o
r
g
an
ized
a
s
f
o
llo
w
s
:
liter
at
u
r
e
r
ev
ie
w
is
s
u
m
m
ar
ized
in
Sectio
n
2
,
r
esear
c
h
m
et
h
o
d
is
p
r
ese
n
ted
i
n
Sec
tio
n
3
,
Sect
io
n
4
d
escr
ib
es
r
esu
l
ts
a
n
d
d
is
c
u
s
s
io
n
,
a
n
d
t
h
e
p
a
p
er
is
co
n
cl
u
d
ed
in
Sectio
n
5
.
2.
L
I
T
RE
AT
U
RE
R
E
VI
E
W
Sev
er
al
tech
n
iq
u
es
h
a
v
e
b
ee
n
u
s
ed
to
d
etec
t
v
ar
ian
ts
o
f
m
al
w
ar
e.
Feat
u
r
es
ar
e
ca
teg
o
r
i
ze
d
o
n
th
e
b
asis
o
f
s
tat
ic
an
d
d
y
n
a
m
ic
an
al
y
s
is
o
f
p
r
o
g
r
a
m
f
iles
[
8
]
.
I
n
s
tatic
an
al
y
s
is
,
th
e
b
e
h
a
v
io
r
o
f
p
r
o
g
r
a
m
is
o
b
s
er
v
ed
b
y
a
n
al
y
zi
n
g
its
b
i
n
ar
y
co
d
e
o
r
in
ter
n
al
s
tr
u
ct
u
r
e
o
f
f
iles
w
i
th
o
u
t
ac
t
u
all
y
e
x
ec
u
ti
n
g
it
[
9
]
.
I
t
is
v
u
l
n
er
ab
le
to
co
d
e
o
b
f
u
s
ca
tio
n
tech
n
iq
u
es.
D
y
n
a
m
ic
a
n
al
y
s
is
is
p
er
f
o
r
m
ed
b
y
r
u
n
n
i
n
g
a
p
r
o
g
r
a
m
.
I
n
d
y
n
a
m
ic
an
al
y
s
is
b
e
h
av
io
r
o
f
m
al
w
ar
e
is
m
o
n
ito
r
ed
in
e
m
u
lated
en
v
ir
o
n
m
e
n
t.
I
t
ca
n
d
ea
l
w
it
h
co
d
e
ev
asio
n
tech
n
iq
u
es [
1
0
]
.
Net
w
o
r
k
b
eh
a
v
io
r
al
an
a
l
y
s
is
h
as
b
ee
n
d
o
n
e
i
n
r
ec
e
n
t
y
ea
r
s
f
o
r
d
etec
ti
n
g
m
al
w
ar
e.
B
u
t
b
eh
av
io
r
al
f
ea
t
u
r
es
ar
e
d
if
f
er
en
t
d
ep
en
d
i
n
g
o
n
w
h
en
t
h
e
tr
af
f
ic
is
cu
t
o
r
s
to
p
p
ed
to
ex
tr
ac
t
f
ea
tu
r
es.
[
1
1
]
u
s
es
f
lo
w
le
v
el
-
b
ased
f
ea
tu
r
e
s
an
d
I
P
lev
e
l
-
b
ased
f
ea
t
u
r
es
i
n
o
r
d
er
to
d
escr
ib
e
T
r
o
j
an
n
et
w
o
r
k
b
e
h
av
io
r
ac
cu
r
atel
y
.
A
t
t
h
e
f
lo
w
le
v
el,
t
w
o
f
ea
t
u
r
es
–
(
1
)
d
u
r
atio
n
,
an
d
(
2
)
p
ac
k
et
ti
m
e
in
ter
v
a
l
ar
e
ex
tr
ac
ted
.
A
t
t
h
e
I
P
-
lev
el,
4
f
ea
t
u
r
es
-
(
1
)
n
u
m
b
er
o
f
in
b
o
u
n
d
/o
u
tb
o
u
n
d
p
ac
k
et
s
,
(
2
)
v
o
lu
m
e
o
f
i
n
b
o
u
n
d
/o
u
tb
o
u
n
d
tr
a
f
f
ic,
(
3
)
d
u
r
atio
n
o
f
t
h
e
co
m
m
u
n
icatio
n
s
e
s
s
io
n
,
a
n
d
(
4
)
n
u
m
b
er
o
f
tr
a
n
s
p
o
r
t
la
y
er
c
o
n
n
ec
tio
n
s
.
T
h
ese
f
ea
t
u
r
es
ar
e
ex
tr
ac
ted
f
r
o
m
t
h
e
s
ess
io
n
f
r
o
m
a
SY
N
p
ac
k
et
in
th
e
T
C
P
th
r
ee
-
w
a
y
h
an
d
s
h
a
k
e
an
d
e
n
d
s
w
i
th
a
FIN
/
R
ST
p
ac
k
et.
So
,
it
ta
k
e
s
ti
m
e,
an
d
co
n
f
id
e
n
tial
i
n
f
o
r
m
a
tio
n
m
a
y
b
e
leak
ed
b
ef
o
r
e
d
etec
tio
n
.
T
h
e
ac
cu
r
ac
y
is
o
v
er
9
1
%
an
d
FP
R
is
les
s
th
an
3
.
2
%.
Fiv
e
t
y
p
ical
c
h
ar
ac
ter
is
tics
ar
e
u
s
ed
to
d
escr
ib
e
m
alicio
u
s
b
eh
av
io
r
o
f
R
A
T
s
in
[
1
2
]
.
T
h
e
y
ar
e
(
1
)
r
atio
o
f
s
e
n
d
an
d
r
ec
ei
v
ed
tr
af
f
ic
s
ize,
(
2
)
n
u
m
b
er
o
f
co
n
n
ec
t
io
n
s
,
(
3
)
p
r
o
p
o
r
tio
n
o
f
u
p
lo
ad
co
n
n
ec
tio
n
,
(
4
)
p
r
o
p
o
r
tio
n
o
f
co
n
cu
r
r
e
n
t
co
n
n
ec
tio
n
,
(
5
)
n
u
m
b
er
o
f
d
is
tin
c
t
I
P
s
.
I
ts
’
ac
c
u
r
ate
d
etec
tio
n
is
9
7
.
0
5
%
an
d
FP
R
is
2
.
9
4
%.
A
s
its
f
ea
t
u
r
es
ar
e
ex
tr
ac
ted
f
r
o
m
t
h
e
s
tar
t
o
f
an
ap
p
licatio
n
’
s
co
n
n
ec
t
io
n
to
th
e
en
d
,
it
m
a
y
b
e
i
m
p
o
s
s
ib
le
to
d
etec
t
R
A
T
as
f
ast
a
s
p
o
s
s
ib
le.
T
h
e
ex
ac
t
n
u
m
b
er
o
f
n
o
r
m
al
an
d
m
alicio
u
s
i
n
s
ta
n
ce
s
i
s
n
o
t
m
en
tio
n
ed
in
t
h
ese
w
o
r
k
s
.
T
h
e
m
alicio
u
s
tr
a
f
f
ic
o
f
R
AT
s
ca
n
b
e
d
etec
ted
in
th
e
ea
r
l
y
s
tag
e
o
f
T
C
P
co
m
m
u
n
icatio
n
[
1
3
]
.
T
h
e
ea
r
l
y
s
ta
g
e
o
f
a
s
e
s
s
io
n
i
s
a
p
ac
k
et
lis
t
th
at
s
tar
ts
f
r
o
m
t
h
e
S
YN
p
ac
k
et
o
f
T
C
P
th
r
ee
-
w
a
y
h
a
n
d
s
h
ak
e
a
n
d
en
d
s
u
n
til
ea
ch
p
ac
k
et
in
ter
v
al
ti
m
e
is
les
s
th
a
n
th
e
th
r
e
s
h
o
ld
t
s
ec
o
n
d
s
.
I
t
d
o
es
n
o
t
tak
e
i
n
to
co
n
s
id
er
atio
n
o
f
T
C
P
’
s
er
r
o
r
r
ec
o
v
er
y
f
ea
t
u
r
es
li
k
e
T
C
P
R
etr
an
s
m
is
s
io
n
th
at
o
cc
u
r
s
i
n
t
h
e
s
tag
e
o
f
T
C
P
h
an
d
s
h
ak
in
g
.
T
o
tal
1
7
5
s
ess
io
n
s
ar
e
u
s
ed
f
o
r
class
i
f
y
i
n
g
.
1
6
5
ar
e
n
o
r
m
al
s
ess
io
n
s
a
n
d
1
0
s
ess
io
n
s
ar
e
R
A
T
s
’
.
T
h
e
d
etec
tio
n
ac
cu
r
ac
y
is
o
v
er
9
6
% a
n
d
FN
R
is
1
0
% b
y
R
a
n
d
o
m
Fo
r
est al
g
o
r
ith
m
.
T
h
e
b
eh
av
io
r
f
ea
tu
r
es
ar
e
m
a
in
l
y
d
is
tr
ib
u
ted
i
n
t
h
e
n
et
w
o
r
k
la
y
er
,
tr
an
s
p
o
r
t
la
y
er
a
n
d
a
p
p
licatio
n
la
y
er
[
1
4
]
.
A
clo
s
ed
-
lo
o
p
f
ee
d
b
ac
k
m
o
d
el
is
d
esi
g
n
ed
to
r
em
o
v
e
s
o
m
e
f
alse
alar
m
s
f
r
o
m
th
e
d
etec
ted
r
e
s
u
l
ts
.
Evaluation Warning : The document was created with Spire.PDF for Python.
I
n
t J
E
lec
&
C
o
m
p
E
n
g
I
SS
N:
2088
-
8708
O
p
tima
l remo
te
a
cc
ess
T
r
o
ja
n
s
d
etec
tio
n
b
a
s
ed
o
n
n
etw
o
r
k
b
eh
a
vio
r
(
K
h
in
S
w
e
Yin
)
2179
T
h
e
f
alse
p
o
s
iti
v
e
r
esu
l
ts
ar
e
f
ed
b
ac
k
as
i
n
p
u
t
s
f
o
r
th
e
tr
ai
n
in
g
s
e
ts
o
f
m
ac
h
in
e
lear
n
i
n
g
m
o
d
el.
So
,
it
tak
e
s
ti
m
e
a
n
d
m
u
c
h
o
v
er
h
ea
d
.
2
2
4
d
ata
f
lo
w
o
f
T
r
o
j
an
tr
af
f
ic
an
d
2
7
6
d
ata
f
lo
w
o
f
n
o
r
m
a
l
ap
p
licatio
n
s
ar
e
u
s
ed
in
[
1
4
]
.
I
ts
d
etec
tio
n
r
ate
is
9
7
.
7
%.
T
h
e
u
n
b
alan
ce
d
r
atio
o
f
n
o
r
m
al
a
n
d
m
a
licio
u
s
s
e
s
s
io
n
s
is
u
s
ed
in
[
1
3
]
-
[
1
5
]
.
R
A
T
s
ar
e
r
u
n
o
n
ce
an
d
ca
p
tu
r
ed
th
e
tr
af
f
ic
to
ex
tr
ac
t f
ea
t
u
r
es.
A
h
y
b
r
id
ap
p
r
o
ac
h
th
at
co
m
b
in
es
a
n
o
m
al
y
,
b
eh
a
v
io
r
an
d
s
ig
n
at
u
r
e
-
b
ased
d
etec
tio
n
te
ch
n
iq
u
es
i
s
d
esig
n
ed
to
d
etec
t
ze
r
o
-
d
ay
attac
k
s
i
n
cl
u
d
in
g
w
o
r
m
,
v
i
r
u
s
,
an
d
s
o
o
n
[
1
6
]
.
So
,
it
is
co
m
p
u
tatio
n
all
y
ex
p
en
s
iv
e.
S
in
ce
it
u
s
es
f
ea
tu
r
es
lik
e
s
a
m
e_
s
r
v
_
r
ate
th
at
i
s
p
er
ce
n
tag
e
o
f
co
n
n
ec
tio
n
s
to
t
h
e
s
a
m
e
s
er
v
ice
i
n
co
u
n
t
f
ea
t
u
r
e,
P
k
t_
co
u
n
t_
leg
it
i
m
ate_
p
o
r
ts
t
h
at
i
s
a
m
o
n
g
t
h
e
p
ast
1
0
0
co
n
n
ec
t
io
n
s
w
h
o
s
e
d
esti
n
atio
n
p
o
r
t
is
s
a
m
e
to
th
e
p
o
r
t
in
t
h
e
leg
it
i
m
ate
p
o
r
ts
lis
t,
i
t
n
ee
d
s
ti
m
e
a
n
d
it
is
n
o
t
p
o
s
s
ib
le
to
d
etec
t
t
h
e
attac
k
s
as
ea
r
l
y
a
s
p
o
s
s
ib
le.
T
h
e
f
ir
s
t
f
e
w
p
ac
k
et
s
ar
e
u
s
ed
f
o
r
ea
r
l
y
tr
af
f
ic
cl
ass
i
f
icatio
n
,
b
u
t
it
n
ee
d
s
to
u
s
e
n
e
w
ap
p
r
o
p
r
iate
f
ea
t
u
r
es [
1
7
]
.
T
h
e
s
u
m
m
ar
y
o
f
r
ela
ted
w
o
r
k
s
i
s
s
h
o
w
n
i
n
T
ab
le
1
.
T
ab
le
1
.
Su
m
m
ar
y
o
f
R
elate
d
W
o
r
k
s
R
e
l
a
t
e
d
W
o
r
k
s
A
p
p
r
o
a
c
h
L
i
mi
t
a
t
i
o
n
[
8
]
-
[
1
0
]
R
e
v
i
e
w
e
d
mal
w
a
r
e
d
e
t
e
c
t
i
o
n
S
i
g
n
a
t
u
r
e
b
a
se
d
a
n
d
b
e
h
a
v
i
o
r
b
a
se
d
d
e
t
e
c
t
i
o
n
S
t
a
t
i
c
a
n
d
d
y
n
a
m
i
c
a
n
a
l
y
si
s
S
i
g
n
a
t
u
r
e
b
a
se
d
a
p
p
r
o
a
c
h
c
a
n
n
o
t
d
e
t
e
c
t
u
n
k
n
o
w
n
mal
w
a
r
e
M
u
c
h
f
a
l
se
p
o
si
t
i
v
e
r
a
t
e
i
n
b
e
h
a
v
i
o
r
b
a
se
d
d
e
t
e
c
t
i
o
n
[
1
1
]
N
e
t
w
o
r
k
b
e
h
a
v
i
o
r
b
a
se
d
t
e
c
h
n
i
q
u
e
.
I
t
u
se
s fl
o
w
-
l
e
v
e
l
a
n
d
I
P
-
l
e
v
e
l
f
e
a
t
u
r
e
s,
e
.
g
.
d
u
r
a
t
i
o
n
,
t
r
a
n
sp
o
r
t
l
a
y
e
r
c
o
n
n
e
c
t
i
o
n
I
t
t
a
k
e
s
5
m
i
n
u
t
e
s
t
o
t
e
r
mi
n
a
t
e
se
ssi
o
n
s
i
n
t
h
i
s w
o
r
k
R
A
T
s
w
i
l
l
b
e
d
e
t
e
c
t
e
d
a
f
t
e
r
t
h
e
y
st
a
y
l
o
n
g
i
n
t
h
e
v
i
c
t
i
m m
a
c
h
i
n
e
[
1
2
]
A
p
p
l
i
c
a
t
i
o
n
n
e
t
w
o
r
k
b
e
h
a
v
i
o
r
b
a
se
d
a
p
p
r
o
a
c
h
Ex
a
mp
l
e
s o
f
f
e
a
t
u
r
e
s
-
n
u
mb
e
r
o
f
c
o
n
n
e
c
t
i
o
n
,
p
r
o
p
o
r
t
i
o
n
u
p
l
o
a
d
o
f
c
o
n
n
e
c
t
i
o
n
,
C
o
mp
l
e
x
t
o
o
b
t
a
i
n
f
e
a
t
u
r
e
s a
n
d
t
o
man
a
g
e
I
t
may
d
e
t
e
c
t
R
A
T
s a
f
t
e
r
t
h
e
i
r
l
o
n
g
st
a
y
i
n
t
h
e
v
i
c
t
i
m
h
o
st
[
1
3
]
I
t
d
e
t
e
c
t
s R
A
T
s i
n
t
h
e
e
a
r
l
y
st
a
g
e
o
f
n
e
t
w
o
r
k
t
r
a
f
f
i
c
Ea
r
l
y
st
a
g
e
i
s d
e
f
i
n
e
d
d
e
p
e
n
d
i
n
g
o
n
p
a
c
k
e
t
i
n
t
e
r
v
a
l
t
i
me
A
si
mp
l
e
r
a
t
i
o
o
f
R
A
T
s a
n
d
n
o
r
mal
a
p
p
l
i
c
a
t
i
o
n
s
i
s
u
se
d
(
1
0
i
n
s
t
a
n
c
e
s o
f
R
A
T
s a
n
d
1
7
5
i
n
st
a
n
c
e
s o
f
n
o
r
mal
a
p
p
l
i
c
a
t
i
o
n
s)
I
t
d
o
e
s n
o
t
c
o
n
si
d
e
r
e
r
r
o
r
r
e
c
o
v
e
r
y
f
e
a
t
u
r
e
s
-
T
C
P
r
e
t
r
a
n
smis
si
o
n
-
a
n
d
R
A
T
s
w
i
l
l
b
e
mi
sse
d
Ju
st
a
s
i
m
p
l
e
r
a
t
i
o
o
f
i
n
st
a
n
c
e
s i
s
n
o
t
e
n
o
u
g
h
t
o
o
b
t
a
i
n
b
e
st
d
e
t
e
c
t
i
o
n
mo
d
e
l
[
1
4
]
F
e
a
t
u
r
e
s a
r
e
d
i
st
r
i
b
u
t
e
d
i
n
t
h
r
e
e
l
a
y
e
r
s
:
n
e
t
w
o
r
k
l
a
y
e
r
,
t
r
a
n
s
p
o
r
t
l
a
y
e
r
a
n
d
a
p
p
l
i
c
a
t
i
o
n
l
a
y
e
r
e
.
g
.
man
y
su
b
-
c
o
n
n
e
c
t
i
o
n
s
d
u
r
i
n
g
p
r
i
mary
c
o
n
n
e
c
t
i
o
n
,
c
o
mm
u
n
i
c
a
t
i
o
n
s
t
i
me
F
a
l
s
e
P
o
si
t
i
v
e
R
a
t
e
i
s fe
d
b
a
c
k
a
s
i
n
p
u
t
t
o
a
d
j
u
s
t
t
h
e
t
r
a
i
n
i
n
g
mo
d
e
l
2
2
4
i
n
st
a
n
c
e
s o
f
T
r
o
j
a
n
s
a
n
d
2
7
6
i
n
s
t
a
n
c
e
s o
f
n
o
r
mal
a
p
p
l
i
c
a
t
i
o
n
s
a
r
e
a
p
p
l
i
e
d
C
o
mp
l
e
x
t
o
e
x
t
r
a
c
t
a
n
d
o
b
t
a
i
n
f
e
a
t
u
r
e
s
O
v
e
r
h
e
a
d
Ju
st
a
s
i
m
p
l
e
r
a
t
i
o
o
f
i
n
st
a
n
c
e
s i
s
u
se
d
f
o
r
d
e
t
e
c
t
i
o
n
mo
d
e
l
[
1
6
]
A
h
y
b
r
i
d
a
p
p
r
o
a
c
h
f
o
r
z
e
r
o
d
a
y
s a
t
t
a
c
k
s
I
t
may
n
o
t
b
e
e
a
r
l
y
st
a
g
e
d
e
t
e
c
t
i
o
n
[
1
7
]
Ea
r
l
y
t
r
a
f
f
i
c
c
l
c
a
ss
i
f
i
c
a
t
i
o
n
I
t
n
e
e
d
s e
f
f
e
c
t
i
v
e
f
e
a
t
u
r
e
s
T
h
e
ab
ilit
y
o
f
a
h
o
s
t
to
r
etr
an
s
m
it
p
ac
k
et
s
is
o
n
e
o
f
T
C
P
’
s
m
o
s
t
f
u
n
d
a
m
e
n
tal
er
r
o
r
-
r
ec
o
v
er
y
f
ea
t
u
r
es
in
W
ir
esh
ar
k
.
W
h
e
n
a
p
ac
k
et
is
s
en
t,
b
u
t
t
h
e
r
ec
ip
ien
t
h
as
n
o
t
s
en
t
a
T
C
P
A
C
K
p
ac
k
et
b
ac
k
,
th
e
tr
an
s
m
i
tti
n
g
h
o
s
t
ass
u
m
es
t
h
at
th
e
o
r
ig
i
n
a
l
p
ac
k
et
w
as
lo
s
t
a
n
d
r
etr
an
s
m
it
s
th
e
o
r
ig
i
n
al
p
ac
k
et
[
1
8
]
.
I
t
is
ca
lled
T
C
P
R
etr
an
s
m
is
s
io
n
.
I
f
T
C
P
r
etr
an
s
m
i
s
s
io
n
o
cc
u
r
s
,
p
ac
k
et
i
n
te
r
v
al
ti
m
e
ta
k
e
s
m
o
r
e
ti
m
e
t
h
a
n
u
s
u
al.
Mo
r
eo
v
er
,
th
is
k
i
n
d
o
f
s
it
u
atio
n
o
f
te
n
o
cc
u
r
s
i
n
th
e
s
tep
s
o
f
T
C
P
th
r
ee
-
w
a
y
h
a
n
d
s
h
ak
e
b
e
f
o
r
e
estab
lis
h
in
g
co
n
n
ec
tio
n
f
o
r
tr
an
s
f
er
r
in
g
d
ata.
I
t
is
o
f
te
n
f
o
u
n
d
in
th
e
tr
af
f
ic
o
f
r
e
m
o
t
e
ac
ce
s
s
T
r
o
j
an
s
,
an
d
if
t
h
e
s
to
p
p
in
g
w
a
y
f
o
r
ex
tr
ac
ti
n
g
f
ea
t
u
r
es
i
s
p
ac
k
et
i
n
ter
v
al
ti
m
e,
co
r
r
ec
t
in
f
o
r
m
at
io
n
f
o
r
f
ea
tu
r
e
s
ca
n
n
o
t
b
e
o
b
tain
ed
in
th
i
s
s
tate.
T
h
e
p
r
ev
io
u
s
w
o
r
k
s
d
o
n
o
t
tak
e
in
to
co
n
s
id
er
atio
n
th
i
s
s
i
tu
atio
n
a
n
d
s
o
m
e
u
s
e
p
ac
k
et
in
ter
v
al
ti
m
e
f
o
r
d
ef
in
i
n
g
t
h
e
ea
r
l
y
s
ta
g
e
a
n
d
ex
tr
ac
ti
n
g
f
ea
tu
r
es.
I
n
th
is
p
a
p
er
,
ea
ch
R
A
T
i
s
r
u
n
m
a
n
y
t
i
m
es
a
n
d
d
if
f
er
en
t
b
eh
av
io
r
o
f
R
A
T
s
d
u
r
i
n
g
t
h
e
f
ir
s
t
t
w
e
n
t
y
p
ac
k
et
s
ar
e
ca
p
tu
r
ed
an
d
,
b
o
th
b
alan
ce
d
a
n
d
u
n
b
alan
ce
d
s
ess
io
n
s
ar
e
u
s
ed
f
o
r
b
u
ild
i
n
g
a
d
etec
tio
n
m
o
d
el
i
n
o
r
d
er
to
d
etec
t
R
A
T
s
i
n
t
h
e
ea
r
l
y
s
tag
e
an
d
to
av
o
id
t
h
e
b
ia
s
p
r
o
b
lem
o
f
u
n
b
ala
n
ce
d
d
ataset
.
3.
RE
S
E
ARCH
M
E
T
H
O
D
Ou
r
m
et
h
o
d
co
n
s
is
ts
o
f
t
h
r
ee
m
ain
p
h
a
s
es:
Fea
tu
r
e
E
x
tr
ac
tio
n
,
T
r
ain
in
g
a
n
d
Dete
cti
o
n
.
Af
ter
co
llectin
g
n
et
w
o
r
k
tr
a
f
f
ic
,
f
ea
tu
r
es
ar
e
ex
tr
ac
ted
f
o
r
ea
ch
s
ess
io
n
a
n
d
lab
elled
,
an
d
th
en
th
e
se
se
s
s
io
n
s
ar
e
tr
ain
ed
w
it
h
t
h
r
ee
s
u
p
er
v
i
s
ed
m
ac
h
in
e
lear
n
in
g
alg
o
r
it
h
m
s
.
T
h
en
,
th
e
d
etec
tio
n
m
o
d
el
is
o
b
tain
ed
an
d
u
s
ed
to
test
w
i
t
h
a
r
ea
l ses
s
io
n
.
Ou
r
wo
r
k
m
ai
n
l
y
f
o
cu
s
es o
n
Featu
r
e
E
x
tr
ac
tio
n
.
Evaluation Warning : The document was created with Spire.PDF for Python.
I
SS
N
:
2
0
8
8
-
8708
I
n
t J
E
lec
&
C
o
m
p
E
n
g
,
Vo
l.
9
,
No
.
3
,
J
u
n
e
201
9
:
2
1
7
7
-
2
1
8
4
2180
3
.
1
.
P
re
p
ro
ce
s
s
ing
W
ir
esh
ar
k
i
s
u
s
ed
to
ca
p
tu
r
e
n
et
w
o
r
k
tr
af
f
ic
tr
ac
es.
T
h
e
n
et
w
o
r
k
tr
ac
e
s
ar
e
f
i
lter
ed
b
y
T
C
P
p
r
o
to
co
l.
T
w
o
d
i
f
f
er
e
n
t
I
P
ad
d
r
ess
es
th
at
th
er
e
is
in
ter
ac
tio
n
b
et
w
ee
n
t
h
e
m
ar
e
c
h
o
s
e
n
a
n
d
t
h
e
tr
ac
es
ar
e
c
u
t
f
o
r
th
e
f
ir
s
t
t
w
e
n
t
y
p
ac
k
et
s
th
a
t
s
tar
t
s
f
r
o
m
SYN
o
f
T
C
P
th
r
ee
-
wa
y
h
a
n
d
s
h
ak
e
to
t
h
e
t
w
e
n
tiet
h
p
ac
k
et.
T
h
en
t
h
e
tr
ac
es a
r
e
d
iv
id
ed
in
to
s
ess
io
n
s
,
an
d
th
e
n
s
es
s
io
n
s
ar
e
lab
elled
.
3
.
2
.
F
e
a
t
ure
e
x
t
ra
ct
io
n
Ho
w
to
ex
tr
ac
t
f
ea
t
u
r
es
f
o
r
th
e
f
ir
s
t
t
w
e
n
t
y
p
ac
k
e
ts
is
s
h
o
wn
in
Fi
g
u
r
e
1
.
First
ly
,
b
asic
1
0
f
ea
tu
r
es
ar
e
in
it
ial
ize
d
,
an
d
th
en
th
e
v
alu
es
o
f
b
asi
c
f
e
atu
r
es
a
r
e
c
o
l
lect
e
d
u
n
til
th
e
n
u
m
b
er
o
f
p
a
c
k
ets
is
eq
u
al
to
2
0
.
Nex
t,
4
f
ea
tu
r
es
a
r
e
c
al
cu
lat
ed
d
e
p
en
d
in
g
o
n
th
e
v
alu
e
o
f
th
e
b
as
ic
f
ea
tu
r
es
.
Fin
al
ly
,
7
f
ea
tu
r
es
a
r
e
ch
o
s
en
t
o
g
en
er
a
te
a
f
e
atu
r
e
v
ec
t
o
r
f
o
r
a
s
ess
io
n
.
T
h
e
s
elec
ted
7
f
ea
tu
r
es
ar
e
d
escr
ib
ed
in
d
etail
in
T
a
b
le
2
.
C
o
m
p
ar
is
o
n
o
f
f
ea
t
u
r
es is
s
h
o
w
n
i
n
T
ab
le
3
.
Fig
u
r
e
1
.
P
r
o
ce
s
s
o
f
f
ea
tu
r
e
ex
tr
ac
tio
n
T
ab
le
2
.
Selecte
d
F
ea
tu
r
es
No
F
e
a
t
u
r
e
D
e
scri
p
t
i
o
n
1
O
u
t
b
y
t
e
O
u
t
b
o
u
n
d
d
a
t
a
b
y
t
e
2
I
n
b
y
t
e
I
n
b
o
u
n
d
d
a
t
a
b
y
t
e
3
I
n
B
y
t
e
B
y
I
n
P
a
c
r
a
t
e
o
f
I
n
b
o
u
n
d
d
a
t
a
B
y
t
e
/
I
n
b
o
u
n
d
n
u
mb
e
r
o
f
p
a
c
k
e
t
s
4
O
u
t
B
y
t
e
B
y
O
u
t
P
a
c
r
a
t
e
o
f
O
u
t
b
o
u
n
d
d
a
t
a
b
y
t
e
/
O
u
t
b
o
u
n
d
n
u
m
b
e
r
o
f
p
a
c
k
e
t
s
5
D
u
r
a
t
i
o
n
d
u
r
a
t
i
o
n
f
r
o
m t
h
e
f
i
r
st
p
a
c
k
e
t
t
o
t
w
e
n
t
i
e
t
h
p
a
c
k
e
t
s
6
O
u
t
B
y
t
e
B
y
I
n
B
y
t
e
r
a
t
i
o
o
f
O
u
t
b
o
u
n
d
d
a
t
a
b
y
t
e
/
I
n
b
o
u
n
d
d
a
t
a
b
y
t
e
7
O
u
t
P
a
c
B
y
I
n
P
a
c
r
a
t
i
o
o
f
o
u
t
b
o
u
n
d
n
u
m
b
e
r
o
f
p
a
c
k
e
t
s/
i
n
b
o
u
n
d
n
u
m
b
e
r
o
f
p
a
c
k
e
t
s
Y
e
s
I
n
i
t
i
a
l
i
z
a
t
i
o
n
o
f
f
e
a
t
u
r
e
s
(
P
a
c
N
u
m
=
O
u
t
B
y
t
e
=
O
u
t
P
a
c
=
I
n
B
y
t
e
=
I
n
Pa
c
=
Du
r
=
0
)
,
(
O
u
t
P
a
c
B
y
I
n
P
a
c
=
O
u
t
B
y
t
e
B
y
O
u
t
P
a
c
=
I
n
B
y
t
e
B
y
I
n
P
a
c
=
O
u
t
B
y
t
e
B
y
I
n
B
y
t
e
=
N
U
L
L
)
(
(
P
a
c
N
u
m
≤
2
0
)
R
e
a
d
a
t
r
a
f
f
i
c
p
a
c
k
e
t
No
(
1
)
I
n
c
r
e
a
se
p
a
c
k
e
t
n
u
mb
e
r
(
P
a
c
N
u
m)
(
2
)
I
n
c
r
e
a
se
o
u
t
b
o
u
n
d
d
a
t
a
b
y
t
e
(
O
u
t
B
y
t
e
)
(
3
)
I
n
cr
e
ase
o
u
t
b
o
u
n
d
p
a
ck
e
t
n
u
m
b
e
r
(
O
u
t
P
a
c)
(
4
)
I
n
c
r
e
a
se
i
n
b
o
u
n
d
d
a
t
a
b
y
t
e
(
I
n
B
y
t
e
)
(
5
)
I
n
c
r
e
a
se
i
n
b
o
u
n
d
p
a
c
k
e
t
n
u
m
b
e
r
(
I
n
P
a
c
)
(
6
)
I
n
c
r
e
a
se
t
i
me
(
D
u
r
)
(
1
)
C
a
l
c
u
l
a
t
e
I
n
b
o
u
n
d
d
a
t
a
/
i
n
b
o
u
n
d
n
u
mb
e
r
o
f
p
a
c
k
e
t
s (I
n
B
y
t
e
B
y
I
n
Pa
c
)
(
2
)
C
a
l
c
u
l
a
t
e
o
u
t
b
o
u
n
d
d
a
t
a
/
o
u
t
b
o
u
n
d
n
u
mb
e
r
o
f
p
a
c
k
e
t
s
(
Ou
t
B
y
t
e
B
y
Ou
t
Pa
c
)
(
3
)
C
a
l
c
u
l
a
t
e
o
u
t
b
o
u
n
d
d
a
t
a
/
i
n
b
o
u
n
d
d
a
t
a
(
O
u
t
B
y
t
e
B
y
I
n
B
y
t
e
)
(
4
)
C
a
l
c
u
l
a
t
e
o
u
t
b
o
u
n
d
n
u
m
b
e
r
o
f
p
a
c
k
e
t
s/
i
n
b
o
u
n
d
n
u
mb
e
r
o
f
p
a
c
k
e
t
s
(
Ou
t
Pa
c
B
y
I
n
Pa
c
)
S
e
l
e
c
t
e
d
f
e
a
t
u
r
e
s (O
u
t
B
y
t
e
,
I
n
B
y
t
e
,
D
u
r
,
I
n
B
y
t
e
B
y
I
n
P
a
c
,
O
u
t
B
y
t
e
B
y
O
u
t
P
a
c
,
O
u
t
B
y
t
e
B
y
I
n
B
y
t
e
,
O
u
t
P
a
c
B
y
I
n
P
a
c
,
)
Evaluation Warning : The document was created with Spire.PDF for Python.
I
n
t J
E
lec
&
C
o
m
p
E
n
g
I
SS
N:
2088
-
8708
O
p
tima
l remo
te
a
cc
ess
T
r
o
ja
n
s
d
etec
tio
n
b
a
s
ed
o
n
n
etw
o
r
k
b
eh
a
vio
r
(
K
h
in
S
w
e
Yin
)
2181
T
ab
le
3
.
C
o
m
p
ar
is
o
n
o
f
th
e
Se
lecte
d
Featu
r
es
in
E
ar
l
y
2
0
P
a
ck
ets
F
e
a
t
u
r
e
s
T
y
p
e
T
r
e
n
d
O
u
t
B
y
t
e
N
9
1
.
3
3
%
a
r
e
mo
r
e
t
h
a
n
5
0
0
b
y
t
e
s
R
6
7
%
a
r
e
mo
r
e
t
h
a
n
5
0
0
b
y
t
e
s
I
n
B
y
t
e
N
9
9
.
6
6
7
%
a
r
e
mo
r
e
t
h
a
n
2
0
0
b
y
t
e
s
R
1
1
%
a
r
e
mo
r
e
t
h
a
n
2
0
0
b
y
t
e
s
I
n
B
y
t
e
B
y
I
n
P
a
c
N
9
9
.
6
6
7
%
a
r
e
mo
r
e
t
h
a
n
2
0
b
y
t
e
s
R
1
0
.
3
3
3
%
a
r
e
mo
r
e
t
h
a
n
2
0
b
y
t
e
s
O
u
t
B
y
t
e
B
y
O
u
t
P
a
c
N
8
7
.
3
3
3
%
a
r
e
mo
r
e
t
h
a
n
5
0
b
y
t
e
s
R
6
7
.
3
3
3
%
a
r
e
mo
r
e
t
h
a
n
5
0
b
y
t
e
s
D
u
r
a
t
i
o
n
N
3
3
.
3
3
%
t
a
k
e
mo
r
e
t
h
a
n
1
0
se
c
o
n
d
s
R
7
3
.
6
6
7
%
t
a
k
e
mo
r
e
t
h
a
n
1
0
se
c
o
n
d
s
O
u
t
B
y
t
e
B
y
I
n
B
y
t
e
N
2
8
%
a
r
e
mo
r
e
t
h
a
n
1
R
1
0
0
%
a
r
e
mo
r
e
t
h
a
n
1
O
u
t
P
a
c
B
y
I
n
P
a
c
N
3
3
.
3
3
3
%
a
r
e
mo
r
e
t
h
a
n
1
R
2
8
.
6
6
7
%
a
r
e
mo
r
e
t
h
a
n
1
N
:
N
o
r
mal
A
p
p
l
i
c
a
t
i
o
n
,
R
:
R
A
T
3
.
3
.
L
ea
rning
w
it
h
m
a
chine
lea
rning
a
lg
o
rit
h
m
s
W
ek
a,
d
ata
m
i
n
i
n
g
to
o
l
i
s
u
s
e
d
to
lo
ad
d
atasets
a
n
d
t
h
r
ee
m
ac
h
in
e
lear
n
i
n
g
al
g
o
r
ith
m
s
ar
e
u
s
ed
f
o
r
b
u
ild
in
g
d
etec
tio
n
m
o
d
el.
T
h
r
ee
m
ac
h
i
n
e
lear
n
i
n
g
alg
o
r
it
h
m
s
u
s
ed
in
t
h
e
ex
p
er
i
m
en
t
ar
e
Dec
is
io
n
T
r
ee
s
(
DT
)
,
R
an
d
o
m
Fo
r
ests
(
R
F)
an
d
Naïv
e
B
a
y
e
s
(
NB
)
.
3
.
3
.
1
.
Dec
is
io
n t
rees
I
n
d
ec
is
io
n
tr
ee
s
,
t
h
e
p
r
o
ce
s
s
is
b
r
o
k
en
d
o
w
n
i
n
to
i
n
d
iv
id
u
a
l
test
s
w
h
ic
h
b
eg
i
n
at
th
e
r
o
o
t
n
o
d
e
an
d
tr
av
er
s
e
t
h
e
tr
ee
,
d
ep
en
d
in
g
o
n
t
h
e
r
es
u
lt
o
f
t
h
e
test
in
th
a
t
p
ar
ti
cu
lar
n
o
d
e.
T
h
e
tr
ee
b
eg
i
n
s
at
th
e
r
o
o
t
n
o
d
e.
Fro
m
th
e
r
o
o
t
n
o
d
e
th
e
tr
ee
b
r
an
ch
e
s
o
r
f
o
r
k
s
o
u
t
to
i
n
ter
n
al
n
o
d
es.
T
h
e
d
ec
is
io
n
to
s
p
lit
is
m
ad
e
b
y
i
m
p
u
r
it
y
m
ea
s
u
r
es [
1
9
]
.
3
.
3
.
2
.
Ra
nd
o
m
f
o
re
s
t
R
an
d
o
m
f
o
r
est
is
a
n
en
s
e
m
b
l
e
class
i
f
ier
th
at
co
n
s
is
ts
o
f
m
an
y
d
ec
is
io
n
tr
ee
s
an
d
o
u
tp
u
t
s
th
e
clas
s
th
at
is
th
e
m
o
d
e
o
f
th
e
cla
s
s
's
o
u
tp
u
t
b
y
i
n
d
iv
id
u
al
tr
ee
s
.
T
h
e
m
et
h
o
d
co
m
b
i
n
es
B
r
ei
m
a
n
'
s
"
b
ag
g
in
g
"
id
ea
an
d
th
e
r
an
d
o
m
s
e
lectio
n
o
f
f
ea
t
u
r
es a
n
d
it i
m
p
r
o
v
e
s
p
r
ed
ictio
n
ac
cu
r
ac
y
[
2
0
]
.
3
.
3
.
3
.
Na
ïv
e
b
a
y
es
Naiv
e
B
a
y
es
is
a
w
id
el
y
u
s
ed
class
i
f
icatio
n
m
et
h
o
d
b
a
s
ed
o
n
B
ay
es
t
h
eo
r
y
.
B
ased
o
n
class
co
n
d
itio
n
al
d
e
n
s
it
y
e
s
ti
m
atio
n
an
d
cla
s
s
p
r
io
r
p
r
o
b
ab
ilit
y
,
t
h
e
p
o
s
ter
io
r
clas
s
p
r
o
b
ab
ilit
y
o
f
a
te
s
t
d
ata
p
o
in
t
ca
n
b
e
d
er
iv
ed
an
d
t
h
e
test
d
ata
w
ill
b
e
as
s
ig
n
ed
to
th
e
c
l
ass
w
it
h
t
h
e
m
a
x
i
m
u
m
p
o
s
ter
io
r
class
p
r
o
b
ab
ilit
y
[
2
1
]
.
C
alcu
latin
g
th
e
co
n
d
itio
n
al
p
r
o
b
a
b
ilit
y
as
f
o
llo
w
s
:
(
ℎ
⁄
)
=
(
ℎ
⁄
)
(
ℎ
)
(
)
(
1
)
3
.
4
.
E
v
a
lua
t
i
o
n
k
-
f
o
ld
C
r
o
s
s
Valid
atio
n
i
s
u
s
e
d
to
v
alid
ate
t
h
e
r
es
u
lt
o
f
cla
s
s
if
ica
tio
n
in
th
e
e
x
p
er
i
m
e
n
t.
A
cc
u
r
ac
y
,
Fals
e
Neg
at
iv
e
R
ate
(
FN
R
)
an
d
Fal
s
e
P
o
s
iti
v
e
R
ate
(
FP
R
)
ar
e
u
s
ed
f
o
r
e
v
alu
at
io
n
.
A
cc
u
r
ac
y
g
iv
e
s
t
h
e
co
r
r
ec
tly
clas
s
i
f
ied
n
u
m
b
er
o
f
b
o
th
n
o
r
m
al
an
d
m
al
icio
u
s
i
n
s
tan
ce
s
o
n
to
tal
in
s
tan
ce
s
.
FP
R
ex
p
r
ess
e
s
th
at
t
h
e
in
co
r
r
ec
tl
y
clas
s
i
f
ied
n
u
m
b
er
o
f
n
o
r
m
al
i
n
s
ta
n
ce
s
o
n
th
e
to
tal
n
o
r
m
al
i
n
s
ta
n
ce
s
.
FN
R
s
h
o
w
s
th
a
t
th
e
in
co
r
r
ec
tl
y
cla
s
s
i
f
ied
n
u
m
b
er
o
f
m
a
licio
u
s
R
A
T
i
n
s
ta
n
ce
s
o
n
th
e
to
tal
R
A
T
i
n
s
ta
n
ce
s
.
T
h
e
les
s
F
NR
w
h
i
le
m
ai
n
tai
n
in
g
h
ig
h
ac
cu
r
ac
y
,
t
h
e
b
etter
th
e
d
etec
tio
n
s
y
s
te
m
is
f
o
r
n
o
t
m
is
s
in
g
m
alicio
u
s
s
e
s
s
io
n
s
.
Ho
w
to
ca
lcu
late
A
cc
u
r
ac
y
,
FP
R
a
n
d
FNR
i
s
s
h
o
w
n
b
elo
w
:
=
(
2
)
=
(
3
)
=
(
4
)
Evaluation Warning : The document was created with Spire.PDF for Python.
I
SS
N
:
2
0
8
8
-
8708
I
n
t J
E
lec
&
C
o
m
p
E
n
g
,
Vo
l.
9
,
No
.
3
,
J
u
n
e
201
9
:
2
1
7
7
-
2
1
8
4
2182
4.
RE
SU
L
T
S
A
ND
D
I
SCU
SS
I
O
N
A
v
ir
t
u
al
en
v
ir
o
n
m
e
n
t
t
h
at
a
tt
ac
k
er
s
a
n
d
v
icti
m
s
ar
e
r
u
n
n
in
g
i
s
s
e
t
u
p
.
T
h
e
attac
k
er
is
a
p
lace
w
h
er
e
R
A
T
is
ex
ec
u
ted
,
an
d
t
h
e
v
ict
i
m
i
s
a
p
lace
w
h
er
e
t
h
e
attac
k
er
’
s
s
er
v
er
.
ex
e
i
s
ex
ec
u
ted
.
1
0
ty
p
es
o
f
R
e
m
o
t
e
A
cc
e
s
s
T
r
o
j
an
s
an
d
1
0
n
o
r
m
al
ap
p
licatio
n
s
ar
e
u
s
ed
i
n
th
e
ex
p
er
i
m
en
t.
W
ir
esh
ar
k
i
s
r
u
n
o
n
th
e
v
icti
m
to
ca
p
tu
r
e
an
d
co
llect
n
et
w
o
r
k
tr
af
f
ic.
T
h
e
m
o
s
t
w
id
el
y
u
s
e
d
R
A
T
s
ar
e
ap
p
lied
in
th
e
e
x
p
er
i
m
e
n
t.
No
r
m
a
l
ap
p
licat
io
n
s
in
c
lu
d
e
clo
u
d
s
er
v
ices,
p
2
p
d
o
w
n
lo
ad
to
o
ls
,
b
r
o
w
s
er
s
a
n
d
s
o
cial
s
er
v
ices
th
a
t
m
o
s
t
o
f
p
eo
p
le
u
s
e
in
I
n
ter
n
et
to
d
a
y
.
R
A
T
s
an
d
n
o
r
m
al
ap
p
licatio
n
s
u
s
ed
in
t
h
e
ex
p
er
i
m
e
n
t a
r
e
s
h
o
w
n
i
n
T
ab
l
e
4
.
T
ab
le
4
.
R
A
T
s
an
d
No
r
m
a
l
Ap
p
licatio
n
s
u
s
ed
in
t
h
e
E
x
p
er
i
m
en
t
No
R
A
T
s
N
o
r
mal
a
p
p
l
i
c
a
t
i
o
n
s
1
I
mm
i
n
e
n
t
M
o
n
i
t
o
r
D
r
o
p
b
o
x
2
K
i
l
e
r
R
a
t
P
c
l
o
u
d
3
N
j
R
a
t
S
k
y
p
e
4
C
e
r
b
e
r
u
s
Y
a
h
o
o
M
e
sse
n
g
e
r
5
X
t
r
e
me
F
a
c
e
b
o
o
k
6
P
a
n
d
o
r
a
B
i
t
t
o
r
r
e
n
t
7
C
y
b
e
r
G
a
t
e
B
i
t
C
o
me
t
8
S
p
y
G
a
t
e
G
o
o
g
l
e
9
X
e
n
a
F
i
r
e
f
o
x
10
B
a
b
y
l
o
n
C
h
r
o
me
Net
w
o
r
k
b
eh
a
v
io
r
f
ea
t
u
r
es
f
o
r
a
s
ess
io
n
ar
e
ex
tr
ac
ted
f
r
o
m
t
h
e
tr
ac
e
t
h
at
s
tar
t
s
f
r
o
m
a
SY
N
p
ac
k
et
i
n
th
e
T
C
P
th
r
ee
-
w
a
y
h
an
d
s
h
a
k
e
an
d
en
d
s
a
t
t
w
e
n
tiet
h
p
ac
k
et
s
.
I
t
is
th
e
v
er
y
f
ir
s
t
ti
m
e
tr
a
f
f
i
c
th
at
co
llect
s
a
f
ter
th
e
v
icti
m
is
i
n
f
ec
ted
b
y
R
AT
.
I
f
th
is
R
A
T
is
n
o
t
d
etec
te
d
an
d
r
e
m
o
v
ed
f
r
o
m
v
icti
m
’
s
co
m
p
u
ter
,
i
t
al
w
a
y
s
co
n
n
ec
t
s
b
ac
k
to
th
e
attac
k
er
.
I
t
is
a
co
n
s
id
er
ab
le
s
itu
atio
n
b
ec
au
s
e
t
h
e
attac
k
er
m
a
y
s
ta
y
as
lo
n
g
as
p
o
s
s
ib
l
e
to
co
n
tr
o
l
t
h
e
v
icti
m
.
W
h
e
n
a
R
A
T
is
r
u
n
n
e
x
t
ti
m
e
a
f
ter
s
y
s
te
m
r
eb
o
o
ts
,
it
al
w
a
y
s
s
e
n
d
s
co
n
n
ec
tio
n
b
ac
k
to
th
e
attac
k
er
.
I
n
o
u
r
ex
p
er
i
m
e
n
t,
ea
ch
R
A
T
is
r
u
n
m
a
n
y
t
i
m
e
s
in
o
r
d
er
to
ca
p
tu
r
e
th
e
v
ar
ia
n
t
b
eh
a
v
io
r
o
f
R
A
T
.
I
n
th
i
s
w
a
y
t
h
e
n
u
m
b
er
o
f
m
alicio
u
s
s
ess
io
n
s
is
al
s
o
in
cr
ea
s
ed
w
it
h
o
u
t
u
s
in
g
s
a
m
p
li
n
g
m
et
h
o
d
an
d
t
h
e
b
alan
ce
d
n
o
r
m
al
a
n
d
m
alic
io
u
s
s
e
s
s
io
n
s
ar
e
o
b
tain
ed
f
o
r
b
u
ild
in
g
a
d
etec
tio
n
m
o
d
el.
Dif
f
er
en
t
r
atio
s
o
f
n
o
r
m
al
a
n
d
m
alicio
u
s
i
n
s
ta
n
ce
s
,
an
d
th
eir
r
es
u
lts
ar
e
s
h
o
w
n
i
n
T
ab
le
5
.
T
ab
le
5
.
R
esu
lts
o
f
Naïv
e
B
a
y
es (
NB
)
,
Dec
is
io
n
T
r
ee
s
(
D
T
)
,
R
an
d
o
m
Fo
r
est
s
(
R
F)
R
a
t
i
o
o
f
n
o
r
mal
a
n
d
mal
i
c
i
o
u
s
i
n
s
t
a
n
c
e
s
NB
DT
RF
A
c
c
F
N
R
F
P
R
A
c
c
F
N
R
F
P
R
A
c
c
F
N
R
F
P
R
N
1
5
0
-
R
A
T
1
0
0
.
9
6
3
0
.
6
0
0
.
9
8
1
0
.
2
0
.
0
0
7
0
.
9
8
8
0
.
1
0
.
0
0
7
N
3
0
0
-
R
A
T
1
0
0
.
9
7
1
0
.
7
0
.
0
0
7
0
.
9
9
0
.
2
0
.
0
0
3
0
.
9
9
0
.
2
0
.
0
0
3
N
3
0
0
-
R
A
T
3
0
0
0
.
8
7
8
0
.
2
1
7
0
.
0
2
7
0
.
9
9
2
0
.
0
0
3
0
.
0
1
3
0
.
9
9
3
0
.
0
0
3
0
.
0
1
A
c
c
:
A
c
c
u
r
a
c
y
,
F
N
R
:
F
a
l
s
e
N
e
g
a
t
i
v
e
R
a
t
e
,
F
P
R
:
F
a
l
se
P
o
si
t
i
v
e
R
a
t
e
T
h
e
class
if
icat
io
n
m
e
th
o
d
s
ar
e
Naïv
e
B
a
y
es,
Dec
is
io
n
T
r
ee
s
an
d
R
an
d
o
m
Fo
r
ests
.
1
5
s
ess
io
n
s
f
r
o
m
ea
ch
n
o
r
m
al
ap
p
licatio
n
an
d
1
s
ess
io
n
f
r
o
m
ea
ch
R
A
T
ar
e
co
llected
an
d
,
1
5
0
n
o
r
m
al
i
n
s
tan
ce
s
a
n
d
1
0
R
A
T
in
s
ta
n
ce
s
ar
e
u
s
ed
f
o
r
b
u
ild
in
g
a
m
o
d
el.
Nex
t,
3
0
0
n
o
r
m
al
s
ess
io
n
s
an
d
1
0
R
A
T
s
s
ess
i
o
n
s
ar
e
ap
p
lied
f
o
r
d
etec
tio
n
m
o
d
el.
T
h
e
n
,
3
0
0
n
o
r
m
al
s
e
s
s
io
n
s
f
r
o
m
1
0
n
o
r
m
al
ap
p
licatio
n
s
an
d
3
0
0
R
A
T
s
es
s
io
n
s
f
r
o
m
1
0
R
A
T
s
ar
e
ap
p
lied
t
o
b
u
ild
a
m
o
d
el.
I
n
Naï
v
e
B
a
y
es,
ac
c
u
r
ac
y
is
h
ig
h
b
u
t
FN
R
i
s
0
.
6
an
d
0
.
7
w
h
ile
u
s
in
g
u
n
b
ala
n
ce
d
r
atio
s
.
A
lt
h
o
u
g
h
it’
s
F
NR
r
ed
u
ce
s
to
0
.
2
1
7
w
it
h
b
alan
ce
d
in
s
ta
n
ce
s
,
it
s
ac
cu
r
ac
y
d
ec
r
ea
s
es
to
0
.
8
7
8
.
D
T
h
as
a
s
lig
h
t
d
if
f
er
en
ce
in
ac
cu
r
ac
y
alt
h
o
u
g
h
d
if
f
er
en
t
r
atio
s
o
f
in
s
tan
ce
s
ar
e
u
s
ed
f
o
r
class
if
icatio
n
.
DT
h
a
s
FNR
-
0
.
2
w
h
e
n
u
n
b
ala
n
ce
d
r
atio
s
o
f
i
n
s
tan
c
es
ar
e
u
s
ed
.
B
u
t
its
FN
R
is
r
ed
u
ce
d
to
0
.
0
0
3
w
h
en
b
alan
ce
d
i
n
s
ta
n
ce
s
ar
e
class
i
f
ied
.
T
h
e
ac
c
u
r
ac
y
o
f
R
F
d
o
es
n
o
t
ch
a
n
g
e
m
u
ch
w
it
h
b
o
th
b
alan
ce
d
a
n
d
u
n
b
ala
n
ce
d
in
s
ta
n
ce
s
.
T
h
e
Fals
e
Ne
g
ati
v
e
R
ate
o
f
R
F
is
f
l
u
ctu
ar
ed
.
I
t
is
0
.
1
w
h
en
1
5
0
n
o
r
m
al
an
d
1
0
R
A
T
in
s
ta
n
ce
s
ar
e
class
i
f
ied
.
I
t
in
cr
ea
s
es
to
0
.
2
w
it
h
3
0
0
n
o
r
m
al
an
d
1
0
m
alicio
u
s
i
n
s
tan
c
es.
B
u
t
it
d
ec
r
ea
s
es
to
0
.
0
0
3
w
h
e
n
th
e
b
ala
n
ce
d
in
s
ta
n
ce
s
ar
e
u
s
ed
.
Am
o
n
g
t
h
r
ee
alg
o
r
ith
m
s
-
Naï
v
e
b
a
y
es
,
Dec
i
s
io
n
T
r
ee
s
an
d
R
an
d
o
m
Fo
r
est
s
-
DT
an
d
R
F
m
ai
n
tai
n
h
ig
h
ac
c
u
r
ac
y
f
o
r
d
if
f
er
en
t
r
atio
s
o
f
i
n
s
ta
n
ce
s
.
F
NR
a
n
d
FP
R
o
f
DT
an
d
R
F
ar
e
th
e
least
a
m
o
n
g
th
e
s
e
alg
o
r
ith
m
s
.
R
F
i
s
s
li
g
h
tl
y
b
ett
er
th
a
n
DT
.
T
h
e
y
ar
e
s
u
itab
le
alg
o
r
ith
m
s
f
o
r
d
etec
tin
g
R
A
T
s
.
T
h
e
y
ca
n
r
ed
u
ce
FNR
to
0
.
0
0
3
w
h
ile
m
ai
n
tai
n
in
g
h
i
g
h
ac
c
u
r
ac
y
0
.
9
9
w
h
e
n
th
e
y
u
s
e
b
alan
ce
d
r
atio
o
f
n
o
r
m
al
in
s
tan
ce
s
an
d
m
alicio
u
s
in
s
ta
n
ce
s
.
So
o
p
ti
m
al
d
etec
tio
n
m
o
d
el
w
it
h
b
est
ac
cu
r
ac
y
,
least
FN
R
an
d
least
FP
R
is
o
b
tain
ed
b
y
R
an
d
o
m
Fo
r
est alg
o
r
it
h
m
.
Evaluation Warning : The document was created with Spire.PDF for Python.
I
n
t J
E
lec
&
C
o
m
p
E
n
g
I
SS
N:
2088
-
8708
O
p
tima
l remo
te
a
cc
ess
T
r
o
ja
n
s
d
etec
tio
n
b
a
s
ed
o
n
n
etw
o
r
k
b
eh
a
vio
r
(
K
h
in
S
w
e
Yin
)
2183
A
p
er
f
o
r
m
an
ce
co
m
p
ar
is
o
n
o
f
t
w
o
ap
p
r
o
ac
h
es
i
s
s
h
o
w
n
in
T
ab
le
6
.
T
h
e
f
ir
s
t
ap
p
r
o
ac
h
d
ep
en
d
s
o
n
p
ac
k
et
i
n
ter
v
al
ti
m
e
[
1
3
]
an
d
th
e
s
ec
o
n
d
o
n
e
i
s
f
ir
s
t
t
wen
t
y
p
ac
k
et
s
w
h
ic
h
is
o
u
r
p
r
o
p
o
s
ed
ap
p
r
o
ac
h
.
3
0
0
n
o
r
m
al
i
n
s
ta
n
ce
s
an
d
1
0
R
A
T
s
in
s
ta
n
ce
s
ar
e
c
lass
if
ied
b
y
r
an
d
o
m
f
o
r
e
s
t.
T
h
e
d
etec
ti
o
n
t
h
at
d
ep
en
d
s
o
n
p
ac
k
et
in
ter
v
a
l
ti
m
e
g
ets
9
7
%
ac
cu
r
ac
y
an
d
0
.
6
FNR
.
T
h
e
d
etec
tio
n
d
u
r
in
g
f
ir
s
t
t
w
e
n
t
y
p
a
ck
ets
o
b
tain
s
9
9
%
ac
cu
r
ac
y
a
n
d
0
.
2
FNR
.
T
ab
le
6
.
A
P
er
f
o
r
m
a
n
ce
C
o
m
p
ar
is
o
n
o
f
T
w
o
Dete
ctio
n
A
p
p
r
o
ac
h
es
D
e
t
e
c
t
i
o
n
A
p
p
r
o
a
c
h
e
s
R
a
n
d
o
m
F
o
r
e
st
A
c
c
u
r
c
y
F
N
R
F
P
R
Ea
r
l
y
st
a
g
e
d
e
t
e
c
t
i
o
n
t
h
a
t
d
e
p
e
n
d
s o
n
p
a
c
k
e
t
i
n
t
e
r
v
a
l
t
i
me
0
.
9
7
7
0
.
6
0
.
0
0
3
D
e
t
e
c
t
i
o
n
d
u
r
i
n
g
f
i
r
st
t
w
e
n
t
y
p
a
c
k
e
t
s
0
.
9
9
0
.
2
0
.
0
0
3
5.
CO
NCLU
SI
O
N
I
n
th
is
p
ap
er
,
th
e
id
ea
o
f
ex
t
r
ac
tin
g
n
et
w
o
r
k
b
eh
a
v
io
r
al
f
ea
tu
r
es
i
n
t
h
e
ea
r
l
y
t
w
e
n
t
y
p
ac
k
ets
f
o
r
d
etec
tin
g
R
e
m
o
te
A
cc
e
s
s
T
r
o
j
an
s
is
p
r
o
p
o
s
ed
an
d
im
p
le
m
e
n
ted
.
T
h
e
b
eh
av
io
r
o
f
R
e
m
o
te
A
cc
es
s
T
r
o
j
an
s
is
d
if
f
er
e
n
t
f
r
o
m
n
o
r
m
al
ap
p
lica
tio
n
s
i
n
th
e
ea
r
l
y
t
w
en
t
y
p
ac
k
ets
o
f
n
et
w
o
r
k
tr
af
f
ic.
Di
f
f
er
e
n
t
r
atio
s
o
f
n
o
r
m
al
an
d
m
a
licio
u
s
i
n
s
ta
n
ce
s
ar
e
u
s
ed
f
o
r
b
u
ild
i
n
g
d
etec
tio
n
m
o
d
el.
On
e
s
e
s
s
io
n
f
o
r
ea
ch
R
AT
is
n
o
t
en
o
u
g
h
to
b
u
ild
a
b
est
m
o
d
el,
an
d
r
u
n
n
i
n
g
R
A
T
m
a
n
y
ti
m
e
s
is
th
e
b
e
s
t
f
o
r
d
escr
ib
in
g
v
ar
ian
t
b
eh
a
v
io
r
s
o
f
R
A
T
s
an
d
in
cr
ea
s
i
n
g
m
a
licio
u
s
i
n
s
ta
n
ce
s
in
o
r
d
er
to
b
u
ild
o
p
ti
m
al
d
ete
ctio
n
m
o
d
el.
R
an
d
o
m
Fo
r
est a
lg
o
r
ith
m
i
s
t
h
e
b
es
t
d
etec
tio
n
m
o
d
el
s
i
n
ce
it
s
ac
c
u
r
ac
y
i
s
9
9
.
3
%,
its
FN
R
is
0
.
0
0
3
an
d
its
FP
R
is
0
.
0
1
.
T
h
u
s
,
it
h
elp
s
to
r
ed
u
ce
d
ata
leak
a
g
e
an
d
in
cr
ea
s
e
th
e
s
ec
u
r
it
y
o
f
co
n
f
id
e
n
tial
i
n
f
o
r
m
at
io
n
.
T
h
is
ap
p
r
o
ac
h
r
eli
es
o
n
t
h
e
n
et
w
o
r
k
b
eh
av
io
r
f
ea
t
u
r
es
th
a
t
u
s
e
s
T
C
P
p
r
o
to
c
o
l.
Fu
tu
r
e
w
o
r
k
w
i
l
l
b
e
to
in
cr
ea
s
e
th
e
n
u
m
b
er
o
f
R
A
T
s
a
m
p
les
a
n
d
n
o
r
m
al
ap
p
licatio
n
s
i
n
o
r
d
er
to
ac
h
ie
v
e
co
m
p
ar
ab
le
cla
s
s
if
icatio
n
ac
c
u
r
ac
y
,
FP
R
an
d
FNR
f
o
r
d
etec
tio
n
s
y
s
te
m
o
f
R
A
T
s
in
p
r
o
d
u
ctio
n
en
v
ir
o
n
m
e
n
ts
w
ith
e
f
f
ec
ti
v
e
f
ea
tu
r
e
s
et
an
d
n
o
o
v
er
h
ea
d
.
RE
F
E
R
E
NC
E
S
[1
]
B.
Co
g
sw
e
ll
a
n
d
M
.
R
u
ss
in
o
v
ich
,
“
Ro
o
tk
it
re
v
e
a
ler
,
”
Ro
o
tk
it
d
e
tec
t
io
n
to
o
l
b
y
M
icro
so
f
t,
v
o
1
.
7
1
,
2
0
0
6
.
[2
]
Y.
W
a
n
g
,
e
t
a
l
.
,
“
De
tec
ti
n
g
ste
a
lt
h
so
f
tw
a
r
e
w
it
h
strid
e
r
g
h
o
stb
u
ste
r,
”
De
p
e
n
d
a
b
le
S
y
ste
ms
a
n
d
Ne
two
rk
s,
DS
N
2
0
0
5
.
Pro
c
e
e
d
in
g
s.
I
n
ter
n
a
t
io
n
a
l
Co
n
fer
e
n
c
e
o
n
.
IEE
E
,
p
p
.
3
6
8
-
3
7
7
,
2
0
0
5
.
[3
]
S
.
P
rit
h
i1
,
e
t
a
l
.
,
“
A
S
u
rv
e
y
o
n
In
tru
si
o
n
De
tec
ti
o
n
S
y
ste
m
u
sin
g
De
e
p
P
a
c
k
e
t
In
sp
e
c
ti
o
n
f
o
r
Re
g
u
lar
Ex
p
re
ss
io
n
M
a
tch
in
g
,
”
In
ter
n
a
ti
o
n
a
l
J
o
u
rn
a
l
o
f
El
e
c
tro
n
ics
,
El
e
c
trica
l
a
n
d
C
o
mp
u
ta
ti
o
n
a
l
S
y
ste
m
,
v
ol
/i
ss
u
e
:
6
(
1
)
,
2
0
1
7
.
[4
]
T.
S
.
Ch
o
u
,
“
E
n
se
m
b
le F
u
z
z
y
Be
l
ief
In
tru
sio
n
De
tec
ti
o
n
De
sig
n
,
”
T
h
e
sis
,
F
lo
rid
a
I
n
tern
a
ti
o
n
a
l
U
n
iv
e
rsit
y
,
2
0
0
7
.
[5
]
R.
R.
P
a
tel
a
n
d
C.
S
.
T
h
a
k
e
r,
“
Zero
-
Da
y
a
tt
a
c
k
sig
n
a
tu
re
s
d
e
tec
ti
o
n
u
sin
g
h
o
n
e
y
p
o
t
,
”
IJ
CA
P
ro
c
e
e
d
in
g
s
o
n
In
ter
n
a
t
io
n
a
l
Co
n
fer
e
n
c
e
o
n
Co
mp
u
ter
Co
mm
u
n
ica
ti
o
n
a
n
d
Ne
t
wo
rk
s
CS
I
-
COM
NET
-
2
0
1
1
c
o
mn
e
t
(
1
)
,
p
p
.
66
-
7
1
,
2
0
1
1
.
[6
]
T
.
Ng
u
y
e
n
a
n
d
G
.
A
r
m
it
a
g
e
,
“
A
su
rv
e
y
o
f
te
c
h
n
iq
u
e
s
f
o
r
in
ter
n
e
t
traff
ic
c
la
ss
i
f
ica
ti
o
n
u
sin
g
m
a
c
h
in
e
lea
rn
i
n
g
,
”
Co
mm
u
n
ica
ti
o
n
s S
u
rv
e
y
s
&
T
u
to
ria
ls,
IE
EE
,
v
o
l
/i
ss
u
e
:
10
(
4
)
,
p
p
.
56
-
76
,
2
0
0
8
.
[7
]
T
.
Ye
n
a
n
d
M
.
Re
it
e
r,
“
T
ra
ff
ic
a
g
g
re
g
a
ti
o
n
f
o
r
m
a
l
wa
re
d
e
tec
ti
o
n
,
”
Pro
c
.
In
ter
n
a
ti
o
n
a
l
Co
n
fer
e
n
c
e
o
n
De
tec
ti
o
n
o
f
In
tru
sio
n
s
a
n
d
M
a
lwa
re
,
a
n
d
V
u
l
n
e
ra
b
il
i
ty A
ss
e
ss
me
n
t
,
p
p
.
2
0
7
-
2
2
7
,
2
0
0
8
.
[8
]
S
.
Ra
n
v
e
e
r
a
n
d
S
.
Hira
y
,
“
C
o
m
p
a
ra
ti
v
e
A
n
a
l
y
sis
o
f
F
e
a
tu
re
Ex
trac
ti
o
n
M
e
th
o
d
s
o
f
M
a
lwa
re
De
tec
ti
o
n
,
”
In
ter
n
a
t
io
n
a
l
J
o
u
rn
a
l
o
f
C
o
mp
u
ter
Ap
p
l
ica
ti
o
n
s (
0
9
7
5
8
8
8
7
)
,
v
ol
/i
s
su
e
:
1
2
0
(
5
)
,
2
0
1
5
.
[9
]
I.
A
.
S
a
e
e
d
,
e
t
a
l
.
,
“
A
S
u
rv
e
y
o
n
M
a
lw
a
re
a
n
d
M
a
l
w
a
re
De
tec
ti
o
n
S
y
ste
m
s,
”
In
ter
n
a
ti
o
n
a
l
J
o
u
r
n
a
l
o
f
Co
m
p
u
ter
Ap
p
li
c
a
ti
o
n
s
,
v
ol
/i
ss
u
e
:
67
(
16
)
,
2
0
1
3
.
[1
0
]
E
.
G
a
n
d
o
tra,
e
t
a
l
.
,
“
M
a
lw
a
re
A
n
a
l
y
si
s
a
n
d
Clas
sif
ica
ti
o
n
:
A
S
u
rv
e
y
,
De
p
a
rt
m
e
n
t
o
f
Co
m
p
u
ter
S
c
ien
c
e
a
n
d
En
g
in
e
e
rin
g
,
P
EC
Un
iv
e
rsity
o
f
T
e
c
h
n
o
lo
g
y
,
Ch
a
n
d
ig
a
rh
,
”
In
d
i
a
J
o
u
rn
a
l
o
f
In
f
o
rm
a
ti
o
n
S
e
c
u
rity
,
v
o
l.
5,
p
p
.
56
-
64
,
2
0
1
4
.
[1
1
]
S
.
L
i,
e
t
a
l
.
,
“
A
Ge
n
e
ra
l
F
ra
m
e
w
o
rk
o
f
T
ro
jan
Co
m
m
u
n
ica
ti
o
n
De
tec
ti
o
n
Ba
se
d
o
n
Ne
tw
o
rk
T
ra
c
e
s
,
”
IEE
E
S
e
v
e
n
th
In
ter
n
a
t
io
n
a
l
C
o
n
fer
e
n
c
e
o
n
Ne
t
wo
rk
in
g
,
Arc
h
it
e
c
tu
re
,
a
n
d
S
to
ra
g
e
,
p
p
.
4
9
-
5
8
,
2
0
1
2
.
[1
2
]
Y.
L
ian
g
,
e
t
a
l
.
,
“
A
n
Un
k
n
o
wn
T
ro
jan
De
tec
ti
o
n
M
e
th
o
d
Ba
se
d
o
n
S
o
f
tw
a
re
Ne
t
w
o
rk
B
e
h
a
v
io
r
,
”
W
u
h
a
n
Un
ive
rs
it
y
J
o
u
rn
a
l
o
f
Na
t
u
ra
l
S
c
i
e
n
c
e
s
,
v
ol
/i
ss
u
e
:
18
(
5
)
,
p
p
.
3
6
9
-
3
7
6
,
2
0
1
3
.
[1
3
]
D.
Jia
n
g
a
n
d
K.
O
m
o
te,
“
A
RA
T
D
e
tec
ti
o
n
M
e
th
o
d
Ba
se
d
o
n
Ne
tw
o
rk
Be
h
a
v
io
r
o
f
th
e
Co
m
m
u
n
ica
ti
o
n
’s
Early
S
tag
e
,
”
T
h
e
In
sti
tu
te
o
f
El
e
c
tro
n
ic,
In
f
o
rm
a
ti
o
n
a
n
d
Co
mm
u
n
i
c
a
ti
o
n
En
g
in
e
e
rs
(
IEI
CE)
T
ra
n
s.F
u
n
d
a
me
n
t
a
l
,
v
o
l
/i
ss
u
e
:
E9
9
-
A
(
1
)
,
2
0
1
6
.
[1
4
]
W
.
Jin
lo
n
g
,
e
t
a
l
.
,
“
Clo
se
d
-
l
o
o
p
F
e
e
d
b
a
c
k
T
ro
jan
De
tec
ti
o
n
T
e
c
h
n
i
q
u
e
Ba
se
d
o
n
Hie
ra
rc
h
ica
l
M
o
d
e
l
,
”
Pro
c
e
e
d
in
g
s
o
f
J
o
i
n
t
I
n
ter
n
a
ti
o
n
a
l
M
e
c
h
a
n
ica
l
,
El
e
c
tro
n
ic
a
n
d
I
n
fo
rm
a
ti
o
n
T
e
c
h
n
o
l
o
g
y
C
o
n
fer
e
n
c
e
,
Ch
o
n
g
q
i
n
g
,
Ch
in
a
,
2
0
1
5
.
[1
5
]
K.
S
.
Yin
a
n
d
M
.
A
.
Kh
in
e
,
“
N
e
tw
o
rk
Be
h
a
v
io
ra
l
F
e
a
tu
re
s
f
o
r
De
tec
ti
n
g
Re
m
o
te
A
c
c
e
ss
T
ro
jan
s
in
t
h
e
Earl
y
S
tag
e
,
”
Pro
c
e
e
d
in
g
s
o
f
t
h
e
2
0
1
7
VI
In
ter
n
a
ti
o
n
a
l
C
o
n
fer
e
n
c
e
o
n
Ne
tw
o
rk
,
Co
mm
u
n
ica
ti
o
n
a
n
d
C
o
mp
u
ti
n
g
,
p
p
.
9
2
-
9
6
,
2
0
1
7
.
[1
6
]
R.
Ka
u
r
a
n
d
M
.
S
i
n
g
h
,
“
A
H
y
b
rid
re
a
l
-
ti
m
e
z
e
ro
-
d
a
y
a
tt
a
c
k
d
e
tec
ti
o
n
a
n
d
a
n
a
ly
sis
s
y
ste
m
,
”
I.
J
.
Co
mp
u
ter
Ne
two
rk
a
n
d
In
f
o
rm
a
ti
o
n
S
e
c
u
rity
,
p
p
.
19
-
3
1
,
2
0
1
5
.
Evaluation Warning : The document was created with Spire.PDF for Python.
I
SS
N
:
2
0
8
8
-
8708
I
n
t J
E
lec
&
C
o
m
p
E
n
g
,
Vo
l.
9
,
No
.
3
,
J
u
n
e
201
9
:
2
1
7
7
-
2
1
8
4
2184
[1
7
]
B.
Qu
,
e
t
a
l
.
,
“
On
a
c
c
u
ra
c
y
o
f
e
a
rly
tra
ff
ic
c
las
sif
i
c
a
ti
o
n
,
”
IEE
E
S
e
v
e
n
th
In
ter
n
a
ti
o
n
a
l
C
o
n
fer
e
n
c
e
o
n
Ne
tw
o
rk
in
g
,
Arc
h
it
e
c
tu
re
,
a
n
d
S
t
o
ra
g
e
,
p
p
.
3
4
8
-
3
5
4
,
2
0
1
2
.
[1
8
]
C.
S
a
n
d
e
rs,
“
P
ra
c
ti
c
a
l
P
a
c
k
e
t
An
a
ly
sis
u
sin
g
W
ires
h
a
rk
to
so
lv
e
re
a
l
-
w
o
rld
Ne
t
w
o
rk
P
ro
b
lem
s
,
”
2
n
d
Ed
it
i
o
n
,
pp.
1
6
5
-
1
6
8
,
2
0
1
1
.
[1
9
]
T
.
M
.
M
it
c
h
e
ll
,
“
M
a
c
h
in
e
L
e
a
rn
i
n
g
,
De
c
isio
n
T
re
e
s L
e
a
rn
in
g
,”
p
p
.
52
-
76
,
1
9
9
7
.
[2
0
]
L
.
E.
O.
Bre
im
a
n
,
“
Ra
n
d
o
m
f
o
re
s
ts,”
M
a
c
h
in
e
L
e
a
rn
in
g
,
v
o
l
/i
ss
u
e
:
45
(
1
)
,
p
p
.
5
-
3
2
,
2
0
0
1
.
[2
1
]
T
.
M
.
M
it
c
h
e
ll
,
“
M
a
c
h
in
e
L
e
a
rn
i
n
g
,
Ba
y
e
sia
n
L
e
a
rn
in
g
,”
p
p
.
1
5
4
-
178
,
1
9
9
7
.
B
I
O
G
RAP
H
I
E
S O
F
AUTH
O
RS
K
h
in
S
w
e
Yin
re
c
e
iv
e
d
M
.
C.
S
c
in
Co
m
p
u
ter
S
c
ien
c
e
f
ro
m
U
n
iv
e
rsity
o
f
Co
m
p
u
ter
S
tu
d
ies
,
M
a
n
d
a
lay
(UCSM
)
in
2
0
0
9
.
S
h
e
is
a
P
h
D
c
a
n
d
id
a
te
in
Un
i
v
e
rsit
y
o
f
Co
m
p
u
ter,
S
tu
d
ies
,
Ya
n
g
o
n
(UCSY).
He
r
re
se
a
rc
h
in
t
e
re
st i
n
c
lu
d
e
s
N
e
tw
o
rk
S
e
c
u
rit
y
a
n
d
M
a
c
h
in
e
L
e
a
rn
in
g
.
M
a
y
Ay
e
K
h
in
e
re
c
e
iv
e
d
M
.
I.
S
c
a
n
d
P
h
.
D.
d
e
g
re
e
s in
in
f
o
rm
a
ti
o
n
tec
h
n
o
l
o
g
y
f
ro
m
th
e
Un
iv
e
r
sit
y
o
f
Co
m
p
u
ter
S
tu
d
ies
,
Ya
n
g
o
n
,
M
y
a
n
m
a
r
in
1
9
9
9
a
n
d
2
0
0
4
,
re
s
p
e
c
ti
v
e
l
y
.
S
h
e
is
c
u
rre
n
tl
y
a
f
u
ll
p
ro
f
e
ss
o
r
f
ro
m
f
a
c
u
lt
y
o
f
c
o
m
p
u
ti
n
g
in
th
e
Un
iv
e
rsit
y
o
f
Co
m
p
u
ter
S
tu
d
ies
,
Ya
n
g
o
n
,
M
y
a
n
m
a
r.
He
r
m
a
in
re
se
a
rc
h
in
tere
sts
in
c
l
u
d
e
Big
Da
ta
A
n
a
ly
ti
c
s,
M
a
th
e
m
a
ti
c
a
l
M
o
d
e
li
n
g
e
sp
e
c
ially
in
Co
m
p
u
tatio
n
a
l
M
e
th
o
d
s a
n
d
Da
ta
S
c
ien
c
e
.
Evaluation Warning : The document was created with Spire.PDF for Python.