Ask Your Question

Revision history [back]

How to differentiate between DDoS communications and benign communications?

I'm using the DDoS data available

The first 115,116 are categorized as DoS attacks because the three-way handshake is not satisfied; this is intuitive. However, row number 115124 does not satisfy the condition and is categorized as benign. There are several rows similar to this case. Can anyone elaborate on this?