DDoS Protection

How to form a feature vector for a neural network based on the entry (structure) of a pcap file?

Good afternoon!
I am developing a program for analyzing network traffic in order to detect DDoS attacks using a neural network. It will be a kind of IDS, for which I plan to use tcpdump, tshark or windump as sensors. The traffic circulating in the network is removed from them, which will be saved to the pcap file. To work with a neural network, I need to convert the packages collected, for example, by the windump program, into a feature vector. So, it is not clear how this vector should be formed based on the structure of the pcap file. Suppose, to detect a DDoS attack, I need: IP address of the sender / recipient, type of request (GET / POST / PUT / DELETE), flags (SYN / ACK, etc.), amount of data transmitted in bytes. Those. should I convert all this information into a binary data set, and what should the vector itself look like in this case? As I understand,
For example:
{src IP, dst IP, HTTP request type, Flag, bytes sent}
convert to:
{10101010101010101010101010101010, 10101010101010101010101010101010, 1101, 100, 1111000101, 100, 11110001011110
} data from the pcap file, and so that based on this data it is possible to train and test the neural network. If anyone has faced a similar problem, please explain.