The document proposes novel features for malware traffic data mining including packet length step counts, toggles, and unique lengths. Clustering algorithms like K-means and DBSCAN performed better at distinguishing malware and benign traffic when using these new features compared to existing minimum, maximum, mean, and standard deviation features. Open questions remain around optimal techniques for determining cluster numbers, data standardization methods, and whether supervised learning could provide better results.