We consider the problem of traffic anomaly detection in IP networks. Traffic anomalies arise when there is overload due to failures in a network. We present general formulae for the variance of the cumulative traffic over a fixed time interval and show how the derived analytical expression simplifies for the case of voice over IP traffic, the focus of this paper. To detect load anomalies, we show it is sufficient to consider cumulative traffic over relatively long intervals such as 5 minutes. This approach substantially extends the current practice in IP network management where only the first order statistics and fixed thresholds are used to identify abnormal behavior.
|Conference||2001 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems|
|Period||16/06/01 → 20/06/01|
|Other||16-20 June 2001|
- VoIP traffic anomaly detection
- variance estimation
- SNMP-based load characterization