The paper "Mining Anomalies Using Traffic Feature Distributions" by Anukool Lakhina, Mark Crovella, and Christophe Diot explores the use of packet feature distributions (IP addresses and ports) to detect and classify a wide range of network anomalies. The authors argue that analyzing the distributions of these features can reveal both the presence and structure of anomalies, and propose using entropy as a summarization tool. They demonstrate that this approach enables highly sensitive detection of anomalies and automatic classification via unsupervised learning. The method is validated on data from two backbone networks, Abilene and Geant, showing promise as a general network anomaly diagnosis framework. The paper also discusses related work, introduces the multiway subspace method for detecting anomalies across multiple traffic features and flows, and presents experimental results demonstrating the effectiveness of the proposed method in detecting and classifying anomalies.The paper "Mining Anomalies Using Traffic Feature Distributions" by Anukool Lakhina, Mark Crovella, and Christophe Diot explores the use of packet feature distributions (IP addresses and ports) to detect and classify a wide range of network anomalies. The authors argue that analyzing the distributions of these features can reveal both the presence and structure of anomalies, and propose using entropy as a summarization tool. They demonstrate that this approach enables highly sensitive detection of anomalies and automatic classification via unsupervised learning. The method is validated on data from two backbone networks, Abilene and Geant, showing promise as a general network anomaly diagnosis framework. The paper also discusses related work, introduces the multiway subspace method for detecting anomalies across multiple traffic features and flows, and presents experimental results demonstrating the effectiveness of the proposed method in detecting and classifying anomalies.