1. The document describes a system for detecting denial of service (DoS) attacks based on multivariate correlation analysis. It uses triangle area maps to obtain correlation information between IP addresses in network traffic.
2. The system first extracts features from network traffic samples, then performs multivariate correlation analysis to characterize legitimate traffic patterns. It generates normal profiles based on these patterns to identify anomalies indicative of attacks.
3. The system was tested on the KDD Cup 99 dataset and was able to detect DoS attacks with 94.2% accuracy, outperforming other state-of-the-art techniques. It can identify both known and unknown attack patterns.