Load characterization and anomaly detection for voice over IP traffic

Michel Mandjes, Iraj Saniee, Alexander L. Stolyar

Research output: Contribution to journalArticlepeer-review


We consider the problem of traffic anomaly detection in IP networks. Traffic anomalies typically arise when there is focused overload or when a network element fails and it is desired to infer these purely from the measured traffic. We derive new general formulae for the variance of the cumulative traffic over a fixed time interval and show how the derived analytical expression simplifies for the case of voice over IP traffic, the focus of this paper. To detect load anomalies, we show it is sufficient to consider cumulative traffic over relatively long intervals such as 5 min. We also propose simple anomaly detection tests including detection of over/underload. This approach substantially extends the current practice in IP network management where only the first-order statistics and fixed thresholds are used to identify abnormal behavior. We conclude with the application of the scheme to field data from an operational network.

Original languageEnglish (US)
Pages (from-to)1019-1026
Number of pages8
JournalIEEE Transactions on Neural Networks
Issue number5
StatePublished - Sep 2005
Externally publishedYes


  • Anomaly detection
  • Heavy-tailed holding times
  • Load characterization
  • Network management
  • Second-order statistic
  • Traffic measurements
  • Voice-over IP

ASJC Scopus subject areas

  • Software
  • Computer Science Applications
  • Computer Networks and Communications
  • Artificial Intelligence


Dive into the research topics of 'Load characterization and anomaly detection for voice over IP traffic'. Together they form a unique fingerprint.

Cite this