A telephony network typically handles a wide variety of traffic. A common problem in network management and security protection is detecting changes in network behavior from longer term trends. Complicating this problem is that the expected traffic patterns may vary widely by source, destination, subscriber, trunk groups, and various other possible classification groups. Modeling the entire network and checking traffic against a global model is problematic since it requires either numerous small changes or a very large change to affect the overall network traffic. On the other hand, building separate models for each instance of interesting groupings results in an explosion of model instances, often resulting in overfitting due to insufficient data. Another problem/complication with traffic anomaly detection is that the legitimate traffic continuously evolves. Consequently, static models which are not updated online often become obsolete over time and lose precision and/or recall.
From the foregoing it is apparent that there is a need for a technological solution to how to effectively, efficiently and in a cost-efficient manner monitor, detect and/or mitigate traffic anomalies in networks that solves one, some, or all of the aforementioned problems.