- Rewrite DDoS tests to use ensemble detector (remove KNN model setup)
- Update scanner tests for ensemble-based detection
- Remove legacy model construction helpers from benchmarks
- Add copyright headers to test files
Signed-off-by: Sienna Meridian Satterwhite <sienna@sunbeam.pt>
Expand DDoS feature vector to 14 dimensions (cookie_ratio, referer_ratio,
accept_language_ratio, suspicious_path_ratio). Add heuristic auto-labeling
to DDoS trainer. Update benchmarks and tests to match new feature vectors.
Signed-off-by: Sienna Meridian Satterwhite <sienna@sunbeam.pt>
14-feature vector extraction, KNN classifier using fnntw, per-IP
sliding window aggregation, and heuristic auto-labeling for training.
Includes replay subcommand for offline evaluation and integration tests.
Signed-off-by: Sienna Meridian Satterwhite <sienna@sunbeam.pt>
