Merge pull request #2 from lani009/rnf

add Rnf branch experimental results

experiment/decision tree classifier/output/decision tree

+digraph Tree {
+node [shape=box, style="filled, rounded", color="black", fontname=helvetica] ;
+edge [fontname=helvetica] ;
+0 [label=<src_bytes &le; 28.5<br/>entropy = 0.997<br/>samples = 17634<br/>value = [9396, 8238]<br/>class = Normal>, fillcolor="#fcefe7"] ;
+1 [label=<count &le; 8.5<br/>entropy = 0.393<br/>samples = 8156<br/>value = [632, 7524]<br/>class = Abnormal>, fillcolor="#4aa5e7"] ;
+0 -> 1 [labeldistance=2.5, labelangle=45, headlabel="True"] ;
+2 [label=<service &le; 16.5<br/>entropy = 0.928<br/>samples = 1775<br/>value = [610, 1165]<br/>class = Abnormal>, fillcolor="#a1d0f3"] ;
+1 -> 2 ;
+3 [label=<service &le; 1.5<br/>entropy = 0.377<br/>samples = 1028<br/>value = [75, 953]<br/>class = Abnormal>, fillcolor="#49a5e7"] ;
+2 -> 3 ;
+4 [label=<src_bytes &le; 4.5<br/>entropy = 0.781<br/>samples = 95<br/>value = [73, 22]<br/>class = Normal>, fillcolor="#eda775"] ;
+3 -> 4 ;
+5 [label=<flag &le; 5.5<br/>entropy = 0.797<br/>samples = 29<br/>value = [7, 22]<br/>class = Abnormal>, fillcolor="#78bced"] ;
+4 -> 5 ;
+6 [label=<entropy = 0.0<br/>samples = 15<br/>value = [0, 15]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+5 -> 6 ;
+7 [label=<dst_host_count &le; 19.0<br/>entropy = 1.0<br/>samples = 14<br/>value = [7, 7]<br/>class = Normal>, fillcolor="#ffffff"] ;
+5 -> 7 ;
+8 [label=<entropy = 0.0<br/>samples = 7<br/>value = [0, 7]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+7 -> 8 ;
+9 [label=<entropy = 0.0<br/>samples = 7<br/>value = [7, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+7 -> 9 ;
+10 [label=<entropy = 0.0<br/>samples = 66<br/>value = [66, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+4 -> 10 ;
+11 [label=<serror_rate &le; 0.835<br/>entropy = 0.022<br/>samples = 933<br/>value = [2, 931]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+3 -> 11 ;
+12 [label=<entropy = 0.0<br/>samples = 891<br/>value = [0, 891]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+11 -> 12 ;
+13 [label=<dst_host_same_srv_rate &le; 0.44<br/>entropy = 0.276<br/>samples = 42<br/>value = [2, 40]<br/>class = Abnormal>, fillcolor="#43a2e6"] ;
+11 -> 13 ;
+14 [label=<entropy = 0.0<br/>samples = 40<br/>value = [0, 40]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+13 -> 14 ;
+15 [label=<entropy = 0.0<br/>samples = 2<br/>value = [2, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+13 -> 15 ;
+16 [label=<dst_host_same_srv_rate &le; 0.535<br/>entropy = 0.861<br/>samples = 747<br/>value = [535, 212]<br/>class = Normal>, fillcolor="#efb387"] ;
+2 -> 16 ;
+17 [label=<src_bytes &le; 5.5<br/>entropy = 0.963<br/>samples = 326<br/>value = [126, 200]<br/>class = Abnormal>, fillcolor="#b6dbf5"] ;
+16 -> 17 ;
+18 [label=<dst_host_same_src_port_rate &le; 0.135<br/>entropy = 0.598<br/>samples = 227<br/>value = [33, 194]<br/>class = Abnormal>, fillcolor="#5baee9"] ;
+17 -> 18 ;
+19 [label=<dst_host_serror_rate &le; 0.955<br/>entropy = 0.878<br/>samples = 111<br/>value = [33, 78]<br/>class = Abnormal>, fillcolor="#8dc6f0"] ;
+18 -> 19 ;
+20 [label=<dst_host_rerror_rate &le; 0.605<br/>entropy = 0.947<br/>samples = 52<br/>value = [33, 19]<br/>class = Normal>, fillcolor="#f4caab"] ;
+19 -> 20 ;
+21 [label=<srv_diff_host_rate &le; 0.15<br/>entropy = 0.782<br/>samples = 43<br/>value = [33, 10]<br/>class = Normal>, fillcolor="#eda775"] ;
+20 -> 21 ;
+22 [label=<dst_host_srv_count &le; 1.5<br/>entropy = 0.619<br/>samples = 39<br/>value = [33, 6]<br/>class = Normal>, fillcolor="#ea985d"] ;
+21 -> 22 ;
+23 [label=<dst_host_count &le; 131.5<br/>entropy = 0.991<br/>samples = 9<br/>value = [4, 5]<br/>class = Abnormal>, fillcolor="#d7ebfa"] ;
+22 -> 23 ;
+24 [label=<entropy = 0.0<br/>samples = 4<br/>value = [4, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+23 -> 24 ;
+25 [label=<entropy = 0.0<br/>samples = 5<br/>value = [0, 5]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+23 -> 25 ;
+26 [label=<protocol_type &le; 0.5<br/>entropy = 0.211<br/>samples = 30<br/>value = [29, 1]<br/>class = Normal>, fillcolor="#e68540"] ;
+22 -> 26 ;
+27 [label=<entropy = 0.0<br/>samples = 29<br/>value = [29, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+26 -> 27 ;
+28 [label=<entropy = 0.0<br/>samples = 1<br/>value = [0, 1]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+26 -> 28 ;
+29 [label=<entropy = 0.0<br/>samples = 4<br/>value = [0, 4]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+21 -> 29 ;
+30 [label=<entropy = 0.0<br/>samples = 9<br/>value = [0, 9]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+20 -> 30 ;
+31 [label=<entropy = 0.0<br/>samples = 59<br/>value = [0, 59]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+19 -> 31 ;
+32 [label=<entropy = 0.0<br/>samples = 116<br/>value = [0, 116]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+18 -> 32 ;
+33 [label=<dst_host_srv_count &le; 1.5<br/>entropy = 0.33<br/>samples = 99<br/>value = [93, 6]<br/>class = Normal>, fillcolor="#e78946"] ;
+17 -> 33 ;
+34 [label=<dst_host_diff_srv_rate &le; 0.65<br/>entropy = 0.65<br/>samples = 6<br/>value = [1, 5]<br/>class = Abnormal>, fillcolor="#61b1ea"] ;
+33 -> 34 ;
+35 [label=<entropy = 0.0<br/>samples = 5<br/>value = [0, 5]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+34 -> 35 ;
+36 [label=<entropy = 0.0<br/>samples = 1<br/>value = [1, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+34 -> 36 ;
+37 [label=<count &le; 7.0<br/>entropy = 0.086<br/>samples = 93<br/>value = [92, 1]<br/>class = Normal>, fillcolor="#e5823b"] ;
+33 -> 37 ;
+38 [label=<entropy = 0.0<br/>samples = 92<br/>value = [92, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+37 -> 38 ;
+39 [label=<entropy = 0.0<br/>samples = 1<br/>value = [0, 1]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+37 -> 39 ;
+40 [label=<dst_host_srv_count &le; 11.0<br/>entropy = 0.187<br/>samples = 421<br/>value = [409, 12]<br/>class = Normal>, fillcolor="#e6853f"] ;
+16 -> 40 ;
+41 [label=<dst_bytes &le; 2.0<br/>entropy = 0.994<br/>samples = 22<br/>value = [10, 12]<br/>class = Abnormal>, fillcolor="#deeffb"] ;
+40 -> 41 ;
+42 [label=<dst_host_rerror_rate &le; 0.355<br/>entropy = 0.811<br/>samples = 16<br/>value = [4, 12]<br/>class = Abnormal>, fillcolor="#7bbeee"] ;
+41 -> 42 ;
+43 [label=<dst_host_same_src_port_rate &le; 0.265<br/>entropy = 0.592<br/>samples = 14<br/>value = [2, 12]<br/>class = Abnormal>, fillcolor="#5aade9"] ;
+42 -> 43 ;
+44 [label=<entropy = 0.0<br/>samples = 1<br/>value = [1, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+43 -> 44 ;
+45 [label=<src_bytes &le; 19.0<br/>entropy = 0.391<br/>samples = 13<br/>value = [1, 12]<br/>class = Abnormal>, fillcolor="#49a5e7"] ;
+43 -> 45 ;
+46 [label=<entropy = 0.0<br/>samples = 11<br/>value = [0, 11]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+45 -> 46 ;
+47 [label=<entropy = 1.0<br/>samples = 2<br/>value = [1, 1]<br/>class = Normal>, fillcolor="#ffffff"] ;
+45 -> 47 ;
+48 [label=<entropy = 0.0<br/>samples = 2<br/>value = [2, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+42 -> 48 ;
+49 [label=<entropy = 0.0<br/>samples = 6<br/>value = [6, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+41 -> 49 ;
+50 [label=<entropy = 0.0<br/>samples = 399<br/>value = [399, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+40 -> 50 ;
+51 [label=<dst_host_same_srv_rate &le; 0.835<br/>entropy = 0.033<br/>samples = 6381<br/>value = [22, 6359]<br/>class = Abnormal>, fillcolor="#3a9de5"] ;
+1 -> 51 ;
+52 [label=<srv_diff_host_rate &le; 0.46<br/>entropy = 0.002<br/>samples = 6350<br/>value = [1, 6349]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+51 -> 52 ;
+53 [label=<entropy = 0.0<br/>samples = 6348<br/>value = [0, 6348]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+52 -> 53 ;
+54 [label=<diff_srv_rate &le; 0.08<br/>entropy = 1.0<br/>samples = 2<br/>value = [1, 1]<br/>class = Normal>, fillcolor="#ffffff"] ;
+52 -> 54 ;
+55 [label=<entropy = 0.0<br/>samples = 1<br/>value = [1, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+54 -> 55 ;
+56 [label=<entropy = 0.0<br/>samples = 1<br/>value = [0, 1]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+54 -> 56 ;
+57 [label=<dst_host_srv_count &le; 66.5<br/>entropy = 0.907<br/>samples = 31<br/>value = [21, 10]<br/>class = Normal>, fillcolor="#f1bd97"] ;
+51 -> 57 ;
+58 [label=<entropy = 0.0<br/>samples = 8<br/>value = [0, 8]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+57 -> 58 ;
+59 [label=<dst_host_same_src_port_rate &le; 0.54<br/>entropy = 0.426<br/>samples = 23<br/>value = [21, 2]<br/>class = Normal>, fillcolor="#e78d4c"] ;
+57 -> 59 ;
+60 [label=<entropy = 0.0<br/>samples = 21<br/>value = [21, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+59 -> 60 ;
+61 [label=<entropy = 0.0<br/>samples = 2<br/>value = [0, 2]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+59 -> 61 ;
+62 [label=<protocol_type &le; 1.5<br/>entropy = 0.386<br/>samples = 9478<br/>value = [8764, 714]<br/>class = Normal>, fillcolor="#e78b49"] ;
+0 -> 62 [labeldistance=2.5, labelangle=-45, headlabel="False"] ;
+63 [label=<hot &le; 0.5<br/>entropy = 0.219<br/>samples = 8883<br/>value = [8572, 311]<br/>class = Normal>, fillcolor="#e68640"] ;
+62 -> 63 ;
+64 [label=<dst_bytes &le; 2.0<br/>entropy = 0.108<br/>samples = 8542<br/>value = [8420, 122]<br/>class = Normal>, fillcolor="#e5833c"] ;
+63 -> 64 ;
+65 [label=<dst_host_same_srv_rate &le; 0.825<br/>entropy = 0.541<br/>samples = 911<br/>value = [798, 113]<br/>class = Normal>, fillcolor="#e99355"] ;
+64 -> 65 ;
+66 [label=<service &le; 1.5<br/>entropy = 0.142<br/>samples = 746<br/>value = [731, 15]<br/>class = Normal>, fillcolor="#e6843d"] ;
+65 -> 66 ;
+67 [label=<duration &le; 8.0<br/>entropy = 0.06<br/>samples = 575<br/>value = [571, 4]<br/>class = Normal>, fillcolor="#e5823a"] ;
+66 -> 67 ;
+68 [label=<src_bytes &le; 353.5<br/>entropy = 0.047<br/>samples = 574<br/>value = [571, 3]<br/>class = Normal>, fillcolor="#e5823a"] ;
+67 -> 68 ;
+69 [label=<src_bytes &le; 326.5<br/>entropy = 0.161<br/>samples = 127<br/>value = [124, 3]<br/>class = Normal>, fillcolor="#e6843e"] ;
+68 -> 69 ;
+70 [label=<entropy = 0.0<br/>samples = 124<br/>value = [124, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+69 -> 70 ;
+71 [label=<entropy = 0.0<br/>samples = 3<br/>value = [0, 3]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+69 -> 71 ;
+72 [label=<entropy = 0.0<br/>samples = 447<br/>value = [447, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+68 -> 72 ;
+73 [label=<entropy = 0.0<br/>samples = 1<br/>value = [0, 1]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+67 -> 73 ;
+74 [label=<service &le; 9.5<br/>entropy = 0.344<br/>samples = 171<br/>value = [160, 11]<br/>class = Normal>, fillcolor="#e78a47"] ;
+66 -> 74 ;
+75 [label=<src_bytes &le; 102.5<br/>entropy = 0.998<br/>samples = 17<br/>value = [8, 9]<br/>class = Abnormal>, fillcolor="#e9f4fc"] ;
+74 -> 75 ;
+76 [label=<entropy = 0.0<br/>samples = 9<br/>value = [0, 9]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+75 -> 76 ;
+77 [label=<entropy = 0.0<br/>samples = 8<br/>value = [8, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+75 -> 77 ;
+78 [label=<dst_host_srv_rerror_rate &le; 0.25<br/>entropy = 0.1<br/>samples = 154<br/>value = [152, 2]<br/>class = Normal>, fillcolor="#e5833c"] ;
+74 -> 78 ;
+79 [label=<dst_host_count &le; 5.5<br/>entropy = 0.057<br/>samples = 153<br/>value = [152, 1]<br/>class = Normal>, fillcolor="#e5823a"] ;
+78 -> 79 ;
+80 [label=<src_bytes &le; 239.5<br/>entropy = 0.918<br/>samples = 3<br/>value = [2, 1]<br/>class = Normal>, fillcolor="#f2c09c"] ;
+79 -> 80 ;
+81 [label=<entropy = 0.0<br/>samples = 2<br/>value = [2, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+80 -> 81 ;
+82 [label=<entropy = 0.0<br/>samples = 1<br/>value = [0, 1]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+80 -> 82 ;
+83 [label=<entropy = 0.0<br/>samples = 150<br/>value = [150, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+79 -> 83 ;
+84 [label=<entropy = 0.0<br/>samples = 1<br/>value = [0, 1]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+78 -> 84 ;
+85 [label=<dst_host_srv_diff_host_rate &le; 0.06<br/>entropy = 0.974<br/>samples = 165<br/>value = [67, 98]<br/>class = Abnormal>, fillcolor="#c0e0f7"] ;
+65 -> 85 ;
+86 [label=<dst_host_srv_diff_host_rate &le; 0.005<br/>entropy = 0.918<br/>samples = 99<br/>value = [66, 33]<br/>class = Normal>, fillcolor="#f2c09c"] ;
+85 -> 86 ;
+87 [label=<src_bytes &le; 189.5<br/>entropy = 0.998<br/>samples = 61<br/>value = [29, 32]<br/>class = Abnormal>, fillcolor="#ecf6fd"] ;
+86 -> 87 ;
+88 [label=<entropy = 0.0<br/>samples = 14<br/>value = [14, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+87 -> 88 ;
+89 [label=<src_bytes &le; 358.5<br/>entropy = 0.903<br/>samples = 47<br/>value = [15, 32]<br/>class = Abnormal>, fillcolor="#96cbf1"] ;
+87 -> 89 ;
+90 [label=<num_root &le; 0.5<br/>entropy = 0.206<br/>samples = 31<br/>value = [1, 30]<br/>class = Abnormal>, fillcolor="#40a0e6"] ;
+89 -> 90 ;
+91 [label=<entropy = 0.0<br/>samples = 30<br/>value = [0, 30]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+90 -> 91 ;
+92 [label=<entropy = 0.0<br/>samples = 1<br/>value = [1, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+90 -> 92 ;
+93 [label=<src_bytes &le; 32877.5<br/>entropy = 0.544<br/>samples = 16<br/>value = [14, 2]<br/>class = Normal>, fillcolor="#e99355"] ;
+89 -> 93 ;
+94 [label=<entropy = 0.0<br/>samples = 14<br/>value = [14, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+93 -> 94 ;
+95 [label=<entropy = 0.0<br/>samples = 2<br/>value = [0, 2]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+93 -> 95 ;
+96 [label=<duration &le; 7.0<br/>entropy = 0.176<br/>samples = 38<br/>value = [37, 1]<br/>class = Normal>, fillcolor="#e6843e"] ;
+86 -> 96 ;
+97 [label=<entropy = 0.0<br/>samples = 37<br/>value = [37, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+96 -> 97 ;
+98 [label=<entropy = 0.0<br/>samples = 1<br/>value = [0, 1]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+96 -> 98 ;
+99 [label=<num_root &le; 2.5<br/>entropy = 0.113<br/>samples = 66<br/>value = [1, 65]<br/>class = Abnormal>, fillcolor="#3c9fe5"] ;
+85 -> 99 ;
+100 [label=<entropy = 0.0<br/>samples = 65<br/>value = [0, 65]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+99 -> 100 ;
+101 [label=<entropy = 0.0<br/>samples = 1<br/>value = [1, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+99 -> 101 ;
+102 [label=<dst_host_rerror_rate &le; 0.025<br/>entropy = 0.013<br/>samples = 7631<br/>value = [7622, 9]<br/>class = Normal>, fillcolor="#e58139"] ;
+64 -> 102 ;
+103 [label=<dst_host_srv_serror_rate &le; 0.3<br/>entropy = 0.005<br/>samples = 7367<br/>value = [7364, 3]<br/>class = Normal>, fillcolor="#e58139"] ;
+102 -> 103 ;
+104 [label=<entropy = 0.0<br/>samples = 7321<br/>value = [7321, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+103 -> 104 ;
+105 [label=<logged_in &le; 0.5<br/>entropy = 0.348<br/>samples = 46<br/>value = [43, 3]<br/>class = Normal>, fillcolor="#e78a47"] ;
+103 -> 105 ;
+106 [label=<dst_host_serror_rate &le; 0.675<br/>entropy = 0.811<br/>samples = 4<br/>value = [1, 3]<br/>class = Abnormal>, fillcolor="#7bbeee"] ;
+105 -> 106 ;
+107 [label=<entropy = 0.0<br/>samples = 3<br/>value = [0, 3]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+106 -> 107 ;
+108 [label=<entropy = 0.0<br/>samples = 1<br/>value = [1, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+106 -> 108 ;
+109 [label=<entropy = 0.0<br/>samples = 42<br/>value = [42, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+105 -> 109 ;
+110 [label=<dst_host_srv_count &le; 1.5<br/>entropy = 0.156<br/>samples = 264<br/>value = [258, 6]<br/>class = Normal>, fillcolor="#e6843e"] ;
+102 -> 110 ;
+111 [label=<srv_count &le; 1.5<br/>entropy = 0.918<br/>samples = 3<br/>value = [1, 2]<br/>class = Abnormal>, fillcolor="#9ccef2"] ;
+110 -> 111 ;
+112 [label=<entropy = 0.0<br/>samples = 2<br/>value = [0, 2]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+111 -> 112 ;
+113 [label=<entropy = 0.0<br/>samples = 1<br/>value = [1, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+111 -> 113 ;
+114 [label=<src_bytes &le; 1695.0<br/>entropy = 0.114<br/>samples = 261<br/>value = [257, 4]<br/>class = Normal>, fillcolor="#e5833c"] ;
+110 -> 114 ;
+115 [label=<entropy = 0.0<br/>samples = 230<br/>value = [230, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+114 -> 115 ;
+116 [label=<dst_host_srv_count &le; 123.5<br/>entropy = 0.555<br/>samples = 31<br/>value = [27, 4]<br/>class = Normal>, fillcolor="#e99456"] ;
+114 -> 116 ;
+117 [label=<entropy = 0.0<br/>samples = 25<br/>value = [25, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+116 -> 117 ;
+118 [label=<dst_host_count &le; 145.0<br/>entropy = 0.918<br/>samples = 6<br/>value = [2, 4]<br/>class = Abnormal>, fillcolor="#9ccef2"] ;
+116 -> 118 ;
+119 [label=<entropy = 0.0<br/>samples = 2<br/>value = [2, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+118 -> 119 ;
+120 [label=<entropy = 0.0<br/>samples = 4<br/>value = [0, 4]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+118 -> 120 ;
+121 [label=<src_bytes &le; 6052.0<br/>entropy = 0.991<br/>samples = 341<br/>value = [152, 189]<br/>class = Abnormal>, fillcolor="#d8ecfa"] ;
+63 -> 121 ;
+122 [label=<duration &le; 4.5<br/>entropy = 0.813<br/>samples = 203<br/>value = [152, 51]<br/>class = Normal>, fillcolor="#eeab7b"] ;
+121 -> 122 ;
+123 [label=<dst_host_srv_count &le; 152.0<br/>entropy = 0.993<br/>samples = 80<br/>value = [36, 44]<br/>class = Abnormal>, fillcolor="#dbedfa"] ;
+122 -> 123 ;
+124 [label=<dst_bytes &le; 2522.0<br/>entropy = 0.262<br/>samples = 45<br/>value = [2, 43]<br/>class = Abnormal>, fillcolor="#42a2e6"] ;
+123 -> 124 ;
+125 [label=<entropy = 0.0<br/>samples = 43<br/>value = [0, 43]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+124 -> 125 ;
+126 [label=<entropy = 0.0<br/>samples = 2<br/>value = [2, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+124 -> 126 ;
+127 [label=<num_access_files &le; 0.5<br/>entropy = 0.187<br/>samples = 35<br/>value = [34, 1]<br/>class = Normal>, fillcolor="#e6853f"] ;
+123 -> 127 ;
+128 [label=<entropy = 0.0<br/>samples = 34<br/>value = [34, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+127 -> 128 ;
+129 [label=<entropy = 0.0<br/>samples = 1<br/>value = [0, 1]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+127 -> 129 ;
+130 [label=<duration &le; 97.5<br/>entropy = 0.315<br/>samples = 123<br/>value = [116, 7]<br/>class = Normal>, fillcolor="#e78945"] ;
+122 -> 130 ;
+131 [label=<entropy = 0.0<br/>samples = 106<br/>value = [106, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+130 -> 131 ;
+132 [label=<dst_host_diff_srv_rate &le; 0.035<br/>entropy = 0.977<br/>samples = 17<br/>value = [10, 7]<br/>class = Normal>, fillcolor="#f7d9c4"] ;
+130 -> 132 ;
+133 [label=<dst_bytes &le; 25291.5<br/>entropy = 0.544<br/>samples = 8<br/>value = [1, 7]<br/>class = Abnormal>, fillcolor="#55abe9"] ;
+132 -> 133 ;
+134 [label=<entropy = 0.0<br/>samples = 7<br/>value = [0, 7]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+133 -> 134 ;
+135 [label=<entropy = 0.0<br/>samples = 1<br/>value = [1, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+133 -> 135 ;
+136 [label=<entropy = 0.0<br/>samples = 9<br/>value = [9, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+132 -> 136 ;
+137 [label=<entropy = 0.0<br/>samples = 138<br/>value = [0, 138]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+121 -> 137 ;
+138 [label=<src_bytes &le; 351.5<br/>entropy = 0.907<br/>samples = 595<br/>value = [192, 403]<br/>class = Abnormal>, fillcolor="#97ccf1"] ;
+62 -> 138 ;
+139 [label=<dst_host_diff_srv_rate &le; 0.33<br/>entropy = 0.047<br/>samples = 193<br/>value = [192, 1]<br/>class = Normal>, fillcolor="#e5823a"] ;
+138 -> 139 ;
+140 [label=<entropy = 0.0<br/>samples = 190<br/>value = [190, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+139 -> 140 ;
+141 [label=<dst_host_diff_srv_rate &le; 0.72<br/>entropy = 0.918<br/>samples = 3<br/>value = [2, 1]<br/>class = Normal>, fillcolor="#f2c09c"] ;
+139 -> 141 ;
+142 [label=<entropy = 0.0<br/>samples = 1<br/>value = [0, 1]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+141 -> 142 ;
+143 [label=<entropy = 0.0<br/>samples = 2<br/>value = [2, 0]<br/>class = Normal>, fillcolor="#e58139"] ;
+141 -> 143 ;
+144 [label=<entropy = 0.0<br/>samples = 402<br/>value = [0, 402]<br/>class = Abnormal>, fillcolor="#399de5"] ;
+138 -> 144 ;
+}