commenting

code_boost/src/cxx/statistics.cpp

@@ -55,12 +55,12 @@ std::vector<float> statistics::calculateLastIntervalIPsEntropy(std::chrono::micr
         int pktsSent = 0, pktsReceived = 0;
 
         for (auto i = ip_statistics.begin(); i != ip_statistics.end(); i++) {
-            int indexStartSent = getClosestIndex(i->second.pktsSentTimestamp, intervalStartTimestamp);
-            int IPsSrcPktsCount = i->second.pktsSentTimestamp.size() - indexStartSent;
+            int indexStartSent = getClosestIndex(i->second.pkts_sent_timestamp, intervalStartTimestamp);
+            int IPsSrcPktsCount = i->second.pkts_sent_timestamp.size() - indexStartSent;
             IPsSrcPktsCounts.push_back(IPsSrcPktsCount);
             pktsSent += IPsSrcPktsCount;
-            int indexStartReceived = getClosestIndex(i->second.pktsReceivedTimestamp, intervalStartTimestamp);
-            int IPsDstPktsCount = i->second.pktsReceivedTimestamp.size() - indexStartReceived;
+            int indexStartReceived = getClosestIndex(i->second.pkts_received_timestamp, intervalStartTimestamp);
+            int IPsDstPktsCount = i->second.pkts_received_timestamp.size() - indexStartReceived;
             IPsDstPktsCounts.push_back(IPsDstPktsCount);
             pktsReceived += IPsDstPktsCount;
         }
@@ -138,14 +138,14 @@ std::vector<float> statistics::calculateIPsCumEntropy(){
  */
 void statistics::calculateIPIntervalPacketRate(std::chrono::duration<int, std::micro> interval, std::chrono::microseconds intervalStartTimestamp){        
         for (auto i = ip_statistics.begin(); i != ip_statistics.end(); i++) {
-                int indexStartSent = getClosestIndex(i->second.pktsSentTimestamp, intervalStartTimestamp);     
-                int IPsSrcPktsCount = i->second.pktsSentTimestamp.size() - indexStartSent;
+                int indexStartSent = getClosestIndex(i->second.pkts_sent_timestamp, intervalStartTimestamp);
+                int IPsSrcPktsCount = i->second.pkts_sent_timestamp.size() - indexStartSent;
                 float interval_pkt_rate = (float) IPsSrcPktsCount * 1000000 / interval.count(); // used 10^6 because interval in microseconds
                 i->second.interval_pkt_rate.push_back(interval_pkt_rate);
-                if(interval_pkt_rate > i->second.max_pkt_rate || i->second.max_pkt_rate == 0)
-                    i->second.max_pkt_rate = interval_pkt_rate;
-                if(interval_pkt_rate < i->second.min_pkt_rate || i->second.min_pkt_rate == 0)
-                    i->second.min_pkt_rate = interval_pkt_rate;                    
+                if(interval_pkt_rate > i->second.max_interval_pkt_rate || i->second.max_interval_pkt_rate == 0)
+                    i->second.max_interval_pkt_rate = interval_pkt_rate;
+                if(interval_pkt_rate < i->second.min_interval_pkt_rate || i->second.min_interval_pkt_rate == 0)
+                    i->second.min_interval_pkt_rate = interval_pkt_rate;
         }
 }
 
@@ -169,13 +169,13 @@ void statistics::addIntervalStat(std::chrono::duration<int, std::micro> interval
     interval_statistics[lastPktTimestamp_s].kbytes = (float(sumPacketSize - intervalCumSumPktSize) / 1024);
 
     interval_statistics[lastPktTimestamp_s].payload_count = payloadCount - intervalPayloadCount;
-    interval_statistics[lastPktTimestamp_s].incorrect_checksum_count = incorrectTCPChecksumCount - intervalIncorrectTCPChecksumCount;
-    interval_statistics[lastPktTimestamp_s].correct_checksum_count = correctTCPChecksumCount - intervalCorrectTCPChecksumCount;
-    interval_statistics[lastPktTimestamp_s].new_ip_count = ip_statistics.size() - intervalCumNewIPCount;
-    interval_statistics[lastPktTimestamp_s].new_ttl_count = ttl_values.size() - intervalCumNewTTLCount;
-    interval_statistics[lastPktTimestamp_s].new_win_size_count = win_values.size() - intervalCumNewWinSizeCount;
-    interval_statistics[lastPktTimestamp_s].new_tos_count = tos_values.size() - intervalCumNewToSCount;
-    interval_statistics[lastPktTimestamp_s].new_mss_count = mss_values.size() - intervalCumNewMSSCount;
+    interval_statistics[lastPktTimestamp_s].incorrect_tcp_checksum_count = incorrectTCPChecksumCount - intervalIncorrectTCPChecksumCount;
+    interval_statistics[lastPktTimestamp_s].correct_tcp_checksum_count = correctTCPChecksumCount - intervalCorrectTCPChecksumCount;
+    interval_statistics[lastPktTimestamp_s].novel_ip_count = ip_statistics.size() - intervalCumNewIPCount;
+    interval_statistics[lastPktTimestamp_s].novel_ttl_count = ttl_values.size() - intervalCumNewTTLCount;
+    interval_statistics[lastPktTimestamp_s].novel_win_size_count = win_values.size() - intervalCumNewWinSizeCount;
+    interval_statistics[lastPktTimestamp_s].novel_tos_count = tos_values.size() - intervalCumNewToSCount;
+    interval_statistics[lastPktTimestamp_s].novel_mss_count = mss_values.size() - intervalCumNewMSSCount;
 
     intervalPayloadCount = payloadCount;
     intervalIncorrectTCPChecksumCount = incorrectTCPChecksumCount;
@@ -217,14 +217,14 @@ void statistics::addConvStat(std::string ipAddressSender,int sport,std::string i
     if (conv_statistics.count(f1)>0){
         conv_statistics[f1].pkts_count++;
         if(conv_statistics[f1].pkts_count<=3)
-            conv_statistics[f1].pkts_delay.push_back(std::chrono::duration_cast<std::chrono::microseconds> (timestamp - conv_statistics[f1].pkts_timestamp.back()));
+            conv_statistics[f1].interarrival_time.push_back(std::chrono::duration_cast<std::chrono::microseconds> (timestamp - conv_statistics[f1].pkts_timestamp.back()));
         conv_statistics[f1].pkts_timestamp.push_back(timestamp);
     }
     // Add new conversation A(ipAddressSender, sport), B(ipAddressReceiver, dport)
     else{
         conv_statistics[f2].pkts_count++;
         if(conv_statistics[f2].pkts_timestamp.size()>0 && conv_statistics[f2].pkts_count<=3 )
-            conv_statistics[f2].pkts_delay.push_back(std::chrono::duration_cast<std::chrono::microseconds> (timestamp - conv_statistics[f2].pkts_timestamp.back()));
+            conv_statistics[f2].interarrival_time.push_back(std::chrono::duration_cast<std::chrono::microseconds> (timestamp - conv_statistics[f2].pkts_timestamp.back()));
         conv_statistics[f2].pkts_timestamp.push_back(timestamp);
     }
 }
@@ -343,13 +343,13 @@ void statistics::addIpStat_packetSent(std::string filePath, std::string ipAddres
     ip_statistics[ipAddressSender].kbytes_sent += (float(bytesSent) / 1024);
     ip_statistics[ipAddressSender].pkts_sent++;
     // Aidmar
-    ip_statistics[ipAddressSender].pktsSentTimestamp.push_back(timestamp);
+    ip_statistics[ipAddressSender].pkts_sent_timestamp.push_back(timestamp);
                 
     // Update stats for packet receiver
     ip_statistics[ipAddressReceiver].kbytes_received += (float(bytesSent) / 1024);
     ip_statistics[ipAddressReceiver].pkts_received++;  
      // Aidmar
-    ip_statistics[ipAddressReceiver].pktsReceivedTimestamp.push_back(timestamp);
+    ip_statistics[ipAddressReceiver].pkts_received_timestamp.push_back(timestamp);
 }
 
 /**

code_boost/src/cxx/statistics.h

@@ -4,9 +4,7 @@
 #ifndef CPP_PCAPREADER_STATISTICS_H
 #define CPP_PCAPREADER_STATISTICS_H
 
-// Aidmar
 #include <vector>
-
 #include <unordered_map>
 #include <list>
 #include <tuple>
@@ -39,13 +37,10 @@ struct ip_stats {
     float packetPerSecondOut;
     float AvgPacketSizeSent;
     float AvgPacketSizeRecv;
-    long AvgMaxSegmentSizeTCP;
 };
 
-
-// Aidmar
 /*
- * Struct used to represent a conv by:
+ * Struct used to represent a conversation by:
  * - IP address A
  * - Port A
  * - IP address B
@@ -63,10 +58,8 @@ struct conv{
                &&ipAddressB == other.ipAddressB
                && portB == other.portB;
     }    
-}; 
-
+};
 
-// Aidmar
 /*
  * Struct used to represent:
  * - IP address (IPv4 or IPv6)
@@ -82,7 +75,6 @@ struct ipAddress_mss {
     }
 };
 
-// Aidmar
 /*
  * Struct used to represent:
  * - IP address (IPv4 or IPv6)
@@ -98,7 +90,6 @@ struct ipAddress_tos {
     }
 };
 
-// Aidmar
 /*
  * Struct used to represent:
  * - IP address (IPv4 or IPv6)
@@ -114,7 +105,6 @@ struct ipAddress_win {
     }
 };
 
-
 /*
  * Struct used to represent:
  * - IP address (IPv4 or IPv6)
@@ -130,7 +120,6 @@ struct ipAddress_ttl {
     }
 };
 
-
 /*
  * Struct used to represent:
  * - IP address (IPv4 or IPv6)
@@ -158,47 +147,44 @@ struct entry_ipStat {
     long pkts_sent;
     float kbytes_received;
     float kbytes_sent;
-    // Aidmar
     std::string ip_class;
+    // Collects statstics over time interval
     std::vector<float> interval_pkt_rate;
-    float max_pkt_rate;
-    float min_pkt_rate;
-    // Aidmar - to calculate Mahoney anomaly score
-    long firstAppearAsSenderPktCount;
-    long firstAppearAsReceiverPktCount;
-    float sourceAnomalyScore;
-    float destinationAnomalyScore;
-    // Aidmar- To collect statstics over time interval
-    std::vector<std::chrono::microseconds> pktsSentTimestamp;
-    std::vector<std::chrono::microseconds> pktsReceivedTimestamp;
+    float max_interval_pkt_rate;
+    float min_interval_pkt_rate;
+    std::vector<std::chrono::microseconds> pkts_sent_timestamp;
+    std::vector<std::chrono::microseconds> pkts_received_timestamp;
 
     bool operator==(const entry_ipStat &other) const {
         return pkts_received == other.pkts_received
                && pkts_sent == other.pkts_sent
                && kbytes_sent == other.kbytes_sent
                && kbytes_received == other.kbytes_received
-                // Aidmar
                && interval_pkt_rate == other.interval_pkt_rate
-               && max_pkt_rate == other.max_pkt_rate
-               && min_pkt_rate == other.min_pkt_rate
+               && max_interval_pkt_rate == other.max_interval_pkt_rate
+               && min_interval_pkt_rate == other.min_interval_pkt_rate
                && ip_class == other.ip_class
-               && firstAppearAsSenderPktCount == other.firstAppearAsSenderPktCount
-               && firstAppearAsReceiverPktCount == other.firstAppearAsReceiverPktCount
-               && sourceAnomalyScore == other.sourceAnomalyScore
-               && destinationAnomalyScore == other.destinationAnomalyScore
-               && pktsSentTimestamp == other.pktsSentTimestamp
-               && pktsReceivedTimestamp == other.pktsReceivedTimestamp;
+               && pkts_sent_timestamp == other.pkts_sent_timestamp
+               && pkts_received_timestamp == other.pkts_received_timestamp;
     }
 };
 
-// Aidmar
 /*
  * Struct used to represent interval statistics:
- * - Number of packets
+ * - # packets
+ * - # bytes
  * - IP source entropy
  * - IP destination entropy
  * - IP source cumulative entropy
  * - IP destination cumulative entropy
+ * - # packets that have payload
+ * - # incorrect TCP checksum
+ * - # correct TCP checksum
+ * - # novel IPs
+ * - # novel TTL
+ * - # novel Window Size
+ * - # novel ToS
+ * - # novel MSS
  */
 struct entry_intervalStat {
     int pkts_count;
@@ -208,15 +194,13 @@ struct entry_intervalStat {
     float ip_src_cum_entropy; 
     float ip_dst_cum_entropy;
     int payload_count;
-    int incorrect_checksum_count;
-    int correct_checksum_count;
-    int invalid_tos_count;
-    int valid_tos_count;
-    int new_ip_count;
-    int new_ttl_count;
-    int new_win_size_count;
-    int new_tos_count;
-    int new_mss_count;
+    int incorrect_tcp_checksum_count;
+    int correct_tcp_checksum_count;
+    int novel_ip_count;
+    int novel_ttl_count;
+    int novel_win_size_count;
+    int novel_tos_count;
+    int novel_mss_count;
 
     bool operator==(const entry_intervalStat &other) const {
         return pkts_count == other.pkts_count
@@ -226,38 +210,36 @@ struct entry_intervalStat {
                && ip_src_cum_entropy == other.ip_src_cum_entropy
                && ip_dst_cum_entropy == other.ip_dst_cum_entropy
                && payload_count == other.payload_count
-               && incorrect_checksum_count == other.incorrect_checksum_count
-               && invalid_tos_count == other.invalid_tos_count
-               && valid_tos_count == other.valid_tos_count
-               && new_ip_count == other.new_ip_count
-               && new_ttl_count == other.new_ttl_count
-               && new_win_size_count == other.new_win_size_count
-               && new_tos_count == other.new_tos_count
-               && new_mss_count == other.new_mss_count;
+               && incorrect_tcp_checksum_count == other.incorrect_tcp_checksum_count
+               && novel_ip_count == other.novel_ip_count
+               && novel_ttl_count == other.novel_ttl_count
+               && novel_win_size_count == other.novel_win_size_count
+               && novel_tos_count == other.novel_tos_count
+               && novel_mss_count == other.novel_mss_count;
     }
 };
 
-// Aidmar
 /*
- * Struct used to represent:
- * - Number of packets from A to B
- * - Number of packets from B to A
+ * Struct used to represent converstaion statistics:
+ * - # packets
+ * - Average packet rate
+ * - Timestamps of packets
+ * - Inter-arrival time
+ * - Average inter-arrival time
  */
 struct entry_convStat {
     long pkts_count;
     float avg_pkt_rate;
     std::vector<std::chrono::microseconds> pkts_timestamp;
-    std::vector<std::chrono::microseconds> pkts_delay;
-    std::chrono::microseconds avg_delay;
-    std::chrono::microseconds standardDeviation_delay;
-    
+    std::vector<std::chrono::microseconds> interarrival_time;
+    std::chrono::microseconds avg_interarrival_time;
+
     bool operator==(const entry_convStat &other) const {
         return pkts_count == other.pkts_count
                && avg_pkt_rate == avg_pkt_rate
                && pkts_timestamp == other.pkts_timestamp
-               && pkts_delay == other.pkts_delay
-               && avg_delay == other.avg_delay
-               && standardDeviation_delay == other.standardDeviation_delay;
+               && interarrival_time == other.interarrival_time
+               && avg_interarrival_time == other.avg_interarrival_time
     }
 };
 
@@ -277,7 +259,6 @@ struct ipAddress_inOut_port {
                && trafficDirection == other.trafficDirection
                && portNumber == other.portNumber;
     }
-
 };
 
 /*
@@ -295,7 +276,6 @@ namespace std {
         }
     };
 
-    // Aidmar
       template<>
     struct hash<ipAddress_mss> {
         std::size_t operator()(const ipAddress_mss &k) const {
@@ -307,7 +287,6 @@ namespace std {
         }
     };
 
-    // Aidmar
     template<>
     struct hash<ipAddress_tos> {
         std::size_t operator()(const ipAddress_tos &k) const {
@@ -319,7 +298,6 @@ namespace std {
         }
     };
 
-    // Aidmar
       template<>
     struct hash<ipAddress_win> {
         std::size_t operator()(const ipAddress_win &k) const {
@@ -331,7 +309,6 @@ namespace std {
         }
     };
     
-    // Aidmar: TO-DO:??
     template<>
     struct hash<conv> {
         std::size_t operator()(const conv &k) const {
@@ -386,17 +363,26 @@ public:
     */
     void incrementPacketCount();
 
-    // Adimar
     void calculateIPIntervalPacketRate(std::chrono::duration<int, std::micro> interval, std::chrono::microseconds intervalStartTimestamp);
+
     void incrementMSScount(std::string ipAddress, int mssValue);
-    void incrementWinCount(std::string ipAddress, int winSize);   
+
+    void incrementWinCount(std::string ipAddress, int winSize);
+
     void addConvStat(std::string ipAddressSender,int sport,std::string ipAddressReceiver,int dport, std::chrono::microseconds timestamp);
+
     std::vector<float> calculateIPsCumEntropy();
-    std::vector<float> calculateLastIntervalIPsEntropy(std::chrono::microseconds intervalStartTimestamp);        
+
+    std::vector<float> calculateLastIntervalIPsEntropy(std::chrono::microseconds intervalStartTimestamp);
+
     void addIntervalStat(std::chrono::duration<int, std::micro> interval, std::chrono::microseconds intervalStartTimestamp, std::chrono::microseconds lastPktTimestamp);
+
     void checkPayload(const PDU *pdu_l4);
+
     void checkTCPChecksum(std::string ipAddressSender, std::string ipAddressReceiver, TCP tcpPkt);
+
     void checkToS(uint8_t ToS);
+
     void incrementToScount(std::string ipAddress, int tosValue);
 
     void incrementTTLcount(std::string ipAddress, int ttlValue);
@@ -412,15 +398,15 @@ public:
 
     void setTimestampLastPacket(Tins::Timestamp ts);
     
-    // Aidmar
     Tins::Timestamp getTimestampFirstPacket();
     Tins::Timestamp getTimestampLastPacket();
 
     void assignMacAddress(std::string ipAddress, std::string macAddress);
     
-    // Aidmar
     void addIpStat_packetSent(std::string filePath, std::string ipAddressSender, std::string ipAddressReceiver, long bytesSent, std::chrono::microseconds timestamp);
+
     int getPacketCount();
+
     int getSumPacketSize();
 
     void addMSS(std::string ipAddress, int MSSvalue);
@@ -437,15 +423,15 @@ public:
 
     void printStats(std::string ipAddress);
 
+    bool getDoExtraTests();
+
+    void setDoExtraTests(bool var);
+
     /*
      * IP Address-specific statistics
      */
     ip_stats getStatsForIP(std::string ipAddress);
 
-    // Aidmar
-    bool getDoExtraTests();
-    void setDoExtraTests(bool var);
-
 private:
     /*
      * Data fields
@@ -467,7 +453,7 @@ private:
     int incorrectTCPChecksumCount = 0;
     int correctTCPChecksumCount = 0;
 
-    // Variables that are used for interval-wise tests
+    // Variables that are used for interval-wise statistics
     int intervalPayloadCount = 0;
     int intervalIncorrectTCPChecksumCount = 0;
     int intervalCorrectTCPChecksumCount = 0;
@@ -494,13 +480,15 @@ private:
     // {IP Address, ToS value, count}
     std::unordered_map<ipAddress_tos, int> tos_distribution;
 
-    // {IP Address A, Port A, IP Address B, Port B,   #packets_A_B, #packets_B_A}
+    // {IP Address A, Port A, IP Address B, Port B,   #packets, packets timestamps, inter-arrival times,
+    // average of inter-arrival times}
     std::unordered_map<conv, entry_convStat> conv_statistics;
 
+    // {Last timestamp in the interval, #packets, #bytes, source IP entropy, destination IP entropy,
+    // source IP cumulative entropy, destination IP cumulative entropy, #payload, #incorrect TCP checksum,
+    // #correct TCP checksum, #novel IP, #novel TTL, #novel Window Size, #novel ToS,#novel MSS}
     std::unordered_map<std::string, entry_intervalStat> interval_statistics;
 
-
-
     // {TTL value, count}
     std::unordered_map<int, int> ttl_values;
 
@@ -524,10 +512,6 @@ private:
 
     // {IP Address, MAC Address}
     std::unordered_map<std::string, std::string> ip_mac_mapping;
-
-    // Aidmar
-    // {DSCP value, count}
-    std::unordered_map<int, int> dscp_distribution;
 };
 
 

code_boost/src/cxx/statistics_db.cpp

@@ -45,8 +45,8 @@ void statistics_db::writeStatisticsIP(std::unordered_map<std::string, entry_ipSt
             query.bind(4, e.kbytes_received);
             query.bind(5, e.kbytes_sent);
             // Aidmar
-            query.bind(6, e.max_pkt_rate);
-            query.bind(7, e.min_pkt_rate);
+            query.bind(6, e.max_interval_pkt_rate);
+            query.bind(7, e.min_interval_pkt_rate);
             query.bind(8, e.ip_class);
             query.exec();
             query.reset();
@@ -334,12 +334,11 @@ void statistics_db::writeStatisticsConv(std::unordered_map<conv, entry_convStat>
                 "pktsCount INTEGER,"
                 "avgPktRate REAL,"
                 "avgDelay INTEGER,"
-                "standardDeviationDelay INTEGER,"
                 "minDelay INTEGER,"
                 "maxDelay INTEGER,"
                 "PRIMARY KEY(ipAddressA,portA,ipAddressB,portB));";
         db->exec(createTable);
-        SQLite::Statement query(*db, "INSERT INTO conv_statistics VALUES (?, ?, ?, ?, ?,  ?, ?, ?, ?, ?)");
+        SQLite::Statement query(*db, "INSERT INTO conv_statistics VALUES (?, ?, ?, ?, ?,  ?, ?, ?, ?)");
 
         for (auto it = convStatistics.begin(); it != convStatistics.end(); ++it) {
             conv f = it->first;
@@ -348,26 +347,25 @@ void statistics_db::writeStatisticsConv(std::unordered_map<conv, entry_convStat>
                 int sumDelay = 0;
                 int minDelay = -1;
                 int maxDelay = -1;
-                for (int i = 0; (unsigned) i < e.pkts_delay.size(); i++) {
-                    sumDelay += e.pkts_delay[i].count();
-                    if (maxDelay < e.pkts_delay[i].count())
-                        maxDelay = e.pkts_delay[i].count();
-                    if (minDelay > e.pkts_delay[i].count() || minDelay == -1)
-                        minDelay = e.pkts_delay[i].count();
+                for (int i = 0; (unsigned) i < e.interarrival_time.size(); i++) {
+                    sumDelay += e.interarrival_time[i].count();
+                    if (maxDelay < e.interarrival_time[i].count())
+                        maxDelay = e.interarrival_time[i].count();
+                    if (minDelay > e.interarrival_time[i].count() || minDelay == -1)
+                        minDelay = e.interarrival_time[i].count();
                 }
-                if (e.pkts_delay.size() > 0)
-                    e.avg_delay = (std::chrono::microseconds) sumDelay / e.pkts_delay.size(); // average
-                else e.avg_delay = (std::chrono::microseconds) 0;
+                if (e.interarrival_time.size() > 0)
+                    e.avg_interarrival_time = (std::chrono::microseconds) sumDelay / e.interarrival_time.size(); // average
+                else e.avg_interarrival_time = (std::chrono::microseconds) 0;
 
                 // Calculate the variance
                 long temp = 0;
-                for (int i = 0; (unsigned) i < e.pkts_delay.size(); i++) {
-                    long del = e.pkts_delay[i].count();
-                    long avg = e.avg_delay.count();
+                for (int i = 0; (unsigned) i < e.interarrival_time.size(); i++) {
+                    long del = e.interarrival_time[i].count();
+                    long avg = e.avg_interarrival_time.count();
                     temp += (del - avg) * (del - avg);
                 }
-                long standardDeviation = sqrt(temp / e.pkts_delay.size());
-                e.standardDeviation_delay = (std::chrono::microseconds) standardDeviation;
+                long standardDeviation = sqrt(temp / e.interarrival_time.size());
 
                 std::chrono::microseconds start_timesttamp = e.pkts_timestamp[0];
                 std::chrono::microseconds end_timesttamp = e.pkts_timestamp.back();
@@ -380,10 +378,9 @@ void statistics_db::writeStatisticsConv(std::unordered_map<conv, entry_convStat>
                 query.bind(4, f.portB);
                 query.bind(5, (int) e.pkts_count);
                 query.bind(6, (float) e.avg_pkt_rate);
-                query.bind(7, (int) e.avg_delay.count());
-                query.bind(8, (int) e.standardDeviation_delay.count());
-                query.bind(9, minDelay);
-                query.bind(10, maxDelay);
+                query.bind(7, (int) e.avg_interarrival_time.count());
+                query.bind(8, minDelay);
+                query.bind(9, maxDelay);
                 query.exec();
                 query.reset();
             }
@@ -435,13 +432,13 @@ void statistics_db::writeStatisticsInterval(std::unordered_map<std::string, entr
             query.bind(6, e.ip_src_cum_entropy);
             query.bind(7, e.ip_dst_cum_entropy);
             query.bind(8, e.payload_count);
-            query.bind(9, e.incorrect_checksum_count);
-            query.bind(10, e.correct_checksum_count);
-            query.bind(11, e.new_ip_count);
-            query.bind(12, e.new_ttl_count);
-            query.bind(13, e.new_win_size_count);
-            query.bind(14, e.new_tos_count);
-            query.bind(15, e.new_mss_count);
+            query.bind(9, e.incorrect_tcp_checksum_count);
+            query.bind(10, e.correct_tcp_checksum_count);
+            query.bind(11, e.novel_ip_count);
+            query.bind(12, e.novel_ttl_count);
+            query.bind(13, e.novel_win_size_count);
+            query.bind(14, e.novel_tos_count);
+            query.bind(15, e.novel_mss_count);
             query.exec();
             query.reset();
         }