We handle spatial locality in terms of not just the source but also the destination, therefore we should be able to handle DDoS like attacks when simultaneous edges come from several sources trying to deny one particular destination.
Ah alright, that makes sense. But it works only when the destination is the same. In a setting where there are multiple web-hosting servers, you would need to treat a group of source and destination points as micro-clusters themselves.
In Figure 7 of the paper, we show an example of detection when neither edge/source/destination is individually anomalous but as a whole, it is a microcluster anomaly. It can similarly be detected when there are multiple web-hosting servers.