Communication networks are composed of a number of devices for routing traffic commonly known as routers. Various types of routers offer a multitude of capabilities and services to route traffic within the network. Often, a network operator will need to monitor traffic loads within the network. Router manufacturers offer service packages to monitor and analyze the traffic within the network, but a full implementation on each and every router within the network can be costly in both financial and network resources.
Operating a large IP network without a detailed, network-wide knowledge of the traffic demands is challenging. An accurate view of the traffic demands is crucial for a number of important tasks, such as failure diagnosis, capacity planning and forecasting, routing and load-balancing policy optimization, attack identification, etc. In the past network operators responded to this problem practically by increasing link and router capacity and theoretically by investing time and resources to research new techniques to obtain accurate estimation of traffic demands. A lot of work has been done on traffic matrix estimation using traffic models combined with statistical inference techniques. All of these methods are prone to moderately large errors (errors in the range of 10-25% are typical). Moreover, none of these techniques is able to predict sudden changes in traffic demands due to unusual user behaviors or attacks conducted against the network.