Integrating Traffics with Network Device Logs for Anomaly Detection

<table class="fixed-width table-group" id="tab1"><tr><td><table class="table"><colgroup><col style="width:5.16em"/><col style="width:23.57em"/></colgroup><tr><td class="thead-hr" colspan="2"><hr/></td></tr><tr><td class="align_left" rowspan="5">TCP flags</td><td class="align_left">TCP handshake situation</td></tr><tr><td class="align_left">ACK, URG, FIN, RST values</td></tr><tr><td class="align_left">The destination IP repeatedly responds with ACK = 1</td></tr><tr><td class="align_left">The destination IP only has ACK = 1, SYN = 1 and FIN=1</td></tr><tr><td class="align_left">The source IP only has SYN = 1</td></tr><tr class="table-tr"><td colspan="2"><hr class="tbody-hr"/></td></tr></table></td></tr></table>

Security and Communication Networks

tab1

Table 1

Table 1: Integrating Traffics with Network Device Logs for Anomaly Detection 