[siddharthbhatia]

Thank you :) 1. We use a temporal decay (alpha). 2. Good question! We consider similar edges as those having at least one of source and destination node as the same. 3. Very interesting direction for future work! We can try using a variable decay instead of a fixed one to tackle the adversary.

[shivin9]

Thanks. It would be nice to have similarity methods that are not dependent on spatial locality to detect DDoS like attacks.

[siddharthbhatia]

We handle spatial locality in terms of not just the source but also the destination, therefore we should be able to handle DDoS like attacks when simultaneous edges come from several sources trying to deny one particular destination.

[shivin9]

Ah alright, that makes sense. But it works only when the destination is the same. In a setting where there are multiple web-hosting servers, you would need to treat a group of source and destination points as micro-clusters themselves.

Can you extend MIDAS to adapt to that scenario?

[siddharthbhatia]

In Figure 7 of the paper, we show an example of detection when neither edge/source/destination is individually anomalous but as a whole, it is a microcluster anomaly. It can similarly be detected when there are multiple web-hosting servers.