We consider the problem of traffic anomaly detection in IP networks. Traffic anomalies arise when there is overload due to failures in a network. We present general formulae for the variance of the cumulative traffic over a fixed time interval and show how the derived analytical expression simplifies for the case of voice over IP traffic, the focus of this paper. To detect load anomalies, we show it is sufficient to consider cumulative traffic over relatively long intervals such as 5 minutes. This approach substantially extends the current practice in IP network management where only the first order statistics and fixed thresholds are used to identify abnormal behavior.
|Title of host publication||Proceedings of the 2001 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems|
|Place of Publication||New York|
|Publisher||Association for Computing Machinery (ACM)|
|Number of pages||2|
|Publication status||Published - 2001|
- VoIP traffic anomaly detection
- variance estimation
- SNMP-based load characterization
Mandjes, M., Saniee, I., & Stolyar, A. (2001). Load characterization, overload prediction, and anomaly detection for voice over IP traffic. In P. Heidelberger (Ed.), Proceedings of the 2001 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems (pp. 326-327). New York: Association for Computing Machinery (ACM).