Load characterization and anomaly detection for voice over IP traffic

M. Mandjes, I. Saniee, A. Stolyar

Research output: Contribution to journalConference articlepeer-review


We consider the problem of traffic anomaly detection in IP networks. Traffic anomalies arise when there is overload due to failures in a network. We present general formulae for the variance of the cumulative traffic over a fixed time interval and show how the derived analytical expression simplifies for the case of voice over IP traffic, the focus of this paper. To detect load anomalies, we show it is sufficient to consider cumulative traffic over relatively long intervals such as 5 minutes. This approach substantially extends the current practice in IP network management where only the first order statistics and fixed thresholds are used to identify abnormal behavior.

Original languageEnglish (US)
Pages (from-to)326-327
Number of pages2
JournalPerformance Evaluation Review
Issue number1
StatePublished - 2001
Externally publishedYes
EventJoint International Conference on Measurement and Modeling of Computer Systems - Cambridge, MA, United States
Duration: Jun 16 2001Jun 20 2001


  • SNMP-based load characterization
  • Variance estimation
  • VoIP traffic anomaly detection

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications


Dive into the research topics of 'Load characterization and anomaly detection for voice over IP traffic'. Together they form a unique fingerprint.

Cite this