Explanation: Packet Count vs Byte Count

To verify that the correlation is not caused by packet counts, we use byte counts on the GA Tech data set and re-compute the entropy.

The correlations are just as strong.

	&  saddr   &  dport   &  sport   \\
\hline
 daddr&     0.997&     0.999&     0.994\\
 saddr&         -&     0.995&     0.997\\
 dport&         -&         -&     0.994\\

CMU1 with byte count:

        &  saddr   &  dport   &  sport   &    fsd   \\
\hline
 daddr&     0.971&     0.874&     0.820&     0.304\\
 saddr&         -&     0.856&     0.854&     0.272\\
 dport&         -&         -&     0.829&     0.072\\
 sport&         -&         -&         -&     0.045\\