diff --git a/tools/usc-isi/netflow-ddos/maptags.txt b/tools/usc-isi/netflow-ddos/maptags.txt
new file mode 100644
index 0000000..eba145f
--- /dev/null
+++ b/tools/usc-isi/netflow-ddos/maptags.txt
@@ -0,0 +1,19 @@
+#Type code-1 code-2 proto-num src-port dst-port flags
+DNSAmplification 1 6 17 53 * *
+ICMP 2 2 1 * * *
+TotalTraffic 4 0 * * * *
+IPFragmentation 8 7 * 0 0 *
+CLDAPAmplification 16 8 17 389 * *
+TCPSYN/ACKAmplification 32 9 6 * * 18
+TCPRST 64 10 6 * * 4
+UDP 128 1 17 * * *
+NTPAmplification 256 5 17 123 * * 
+mDNSAmplification 2048 11 17 5353 * *
+UserDefined 4096 17 * * * *
+TCPSYN 8192 3 6 * * 2
+chargenAmplification 16384 12 17 19 * * 
+L2TPAmplification 32768 13 17 1701 * *
+memcachedAmplification 65536 14 17 11211 * *
+DNS 131072 15 17 * 53 *
+rpcbindAmplification 262144 16 17 111 * *
+TCPACK 524288 4 6 16 * *