Skip to Main Content
Computer network traffic is analyzed via state space models and statistical techniques such as linear and nonlinear canonical correlation analyses and mutual information. As an application, the models and the statistical techniques are utilized to detect UDP flooding attacks. This work indicates that mutual information is a powerful tool for the detection of such attacks. Our approach is topology independent and our findings are tested on the so-called dumbbell and parking-lot topologies.