Traffic anomalies can create network congestion, so its prompt and accurate detection would allow network operators to make decisions to guarantee the network performance avoiding services to experience any perturbation. In this paper, we focus on origin–destination (OD) traffic anomalies; to efficiently detect those, we study two different anomaly detection methods based on data analytics and combine them with three monitoring strategies. In view of the short monitoring period needed to reduce anomaly detection, which entails large amount of monitoring data to be collected and analyzed in a centralized repository, we propose bringing data analytics to the network nodes to efficiently detect traffic anomalies, while keeping traffic estimation centralized. Once an OD traffic anomaly is detected, a network reconfiguration can be triggered to adapt the network to the new traffic conditions. However, an external event might cause multiple related traffic anomalies. In the case of triggering a network reconfiguration just after one traffic anomaly is detected, some Key Performance Indicators (KPI) such as the number of network reconfigurations and the total reconfiguration time would be unnecessarily high. In light of that, we propose the Anomaly and Network Reconfiguration (ALCOR) method to anticipate whether other ODs are anomalous after detecting one anomalous OD pair. Exhaustive simulation results on a realistic network scenario show that the monitoring period should be as low as possible (e.g., 1 min) to keep anomaly detection times low, which clearly motivates to place traffic anomaly detection function in the network nodes. In the case of multiple anomalies, results show that ALCOR can significantly improve KPIs such as the number of network reconfigurations, total reconfiguration time, as well as traffic losses.
