Load characterization, overload prediction, and anomaly detection for voice over IP traffic

Michel Mandjes, Iraj Saniee, Alexander Stolyar

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

17 Downloads (Pure)


We consider the problem of traffic anomaly detection in IP networks. Traffic anomalies arise when there is overload due to failures in a network. We present general formulae for the variance of the cumulative traffic over a fixed time interval and show how the derived analytical expression simplifies for the case of voice over IP traffic, the focus of this paper. To detect load anomalies, we show it is sufficient to consider cumulative traffic over relatively long intervals such as 5 minutes. This approach substantially extends the current practice in IP network management where only the first order statistics and fixed thresholds are used to identify abnormal behavior.
Original languageUndefined
Title of host publicationProceedings of the 2001 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems
EditorsP. Heidelberger
Place of PublicationNew York
PublisherAssociation for Computing Machinery (ACM)
Number of pages2
ISBN (Print)1-58113-334-0
Publication statusPublished - 2001

Publication series



  • VoIP traffic anomaly detection
  • METIS-201312
  • EWI-18029
  • variance estimation
  • SNMP-based load characterization
  • IR-72118

Cite this