The first flow to contain any XSS attack, by inspection of pcap files occurs at 13:16:16.603214 (UTC), port 52298, and the last flow to contain any XSS attack occurs at 13:34:28 (UTC). I think that 7 flows are incorrectly labeled, according to the following label logic for this attack.
t_start = datetime.strptime('06/07/2017 10:13:00 AM', DATE_FORMAT_INTERNAL)
t_end = datetime.strptime('06/07/2017 10:37:00 AM', DATE_FORMAT_INTERNAL)
With that said, in between the attack time period, two additional flows (port 52300, and 52318) also contain no XSS content in any part of the client requests.
I think a total of 9 flows have been mislabeled, which is basically 1/3 of the total flows for this attack
The first flow to contain any XSS attack, by inspection of pcap files occurs at 13:16:16.603214 (UTC), port 52298, and the last flow to contain any XSS attack occurs at 13:34:28 (UTC). I think that 7 flows are incorrectly labeled, according to the following label logic for this attack.
t_start = datetime.strptime('06/07/2017 10:13:00 AM', DATE_FORMAT_INTERNAL)
t_end = datetime.strptime('06/07/2017 10:37:00 AM', DATE_FORMAT_INTERNAL)
With that said, in between the attack time period, two additional flows (port 52300, and 52318) also contain no XSS content in any part of the client requests.
I think a total of 9 flows have been mislabeled, which is basically 1/3 of the total flows for this attack