Ask Your Question

How to differentiate between DDoS communications and benign communications?

asked 2022-08-09 14:34:44 +0000

I'm using the DDoS data available

The first 115,116 are categorized as DoS attacks because the three-way handshake is not satisfied; this is intuitive. However, row number 115124 does not satisfy the condition and is categorized as benign. There are several rows similar to this case. Can anyone elaborate on this?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2022-08-10 12:14:25 +0000

tmp gravatar image

Because frame number 115125 resets the TCP connection, (TCP flags in column 21 show 0x00000004).

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2022-08-09 14:34:44 +0000

Seen: 57 times

Last updated: Aug 10