Skip to Main Content
An important problem in current operational environments is the large quantity of monitoring data that has to be processed online. This paper introduces a new metric that leverages spatially and temporally aggregated IP-flow related information. The metric is based on a new kernel function that captures both IP address space distribution as well as volume related traffic information. We assess several attacks and counter attack methods with respect to a sound game-theoretical model in order to identify the best Nash Equilibrium driven defensive and offensive strategies.