This paper presents a method for diagnosing network-wide traffic anomalies using link-based statistics. The method is based on separating the high-dimensional space of network traffic measurements into disjoint subspaces corresponding to normal and anomalous network conditions. This separation is achieved using Principal Component Analysis (PCA). The method is evaluated on real traffic data from two backbone networks, Sprint-Europe and Abilene. The results show that the method can accurately detect, identify, and quantify volume anomalies in network traffic. The method is effective at detecting anomalies with high detection rates and low false alarm rates. It can accurately identify the underlying origin-destination (OD) flow responsible for the anomaly and estimate the amount of traffic involved in the anomalous OD flow. The method is validated using both real and synthetically injected volume anomalies. The results show that the method is effective at diagnosing volume anomalies in network traffic. The method is based on separating the space of traffic measurements into normal and anomalous subspaces. The method is evaluated using traffic collected from two large backbone networks. The method is applied to both real and synthetically generated anomalies. The results show that the method is effective at detection, identification, and quantification of volume anomalies. The method is validated using real data collected on two different backbone networks. The method is based on a separation of the space of traffic measurements into normal and anomalous subspaces. The method is evaluated using traffic collected from two large backbone networks. The method is applied to both real and synthetically generated anomalies. The results show that the method is effective at detection, identification, and quantification of volume anomalies. The method is validated using real data collected on two different backbone networks. The method is based on a separation of the space of traffic measurements into normal and anomalous subspaces. The method is evaluated using traffic collected from two large backbone networks. The method is applied to both real and synthetically generated anomalies. The results show that the method is effective at detection, identification, and quantification of volume anomalies. The method is validated using real data collected on two different backbone networks. The method is based on a separation of the space of traffic measurements into normal and anomalous subspaces. The method is evaluated using traffic collected from two large backbone networks. The method is applied to both real and synthetically generated anomalies. The results show that the method is effective at detection, identification, and quantification of volume anomalies. The method is validated using real data collected on two different backbone networks. The method is based on a separation of the space of traffic measurements into normal and anomalous subspaces. The method is evaluated using traffic collected from two large backbone networks. The method is applied to both real and synthetically generated anomalies. The results show that the method is effective at detection, identification, and quantification of volume anomalies. The method is validated using real data collected on two different backbone networks. The method is based on a separation of the space of traffic measurements into normal and anomalousThis paper presents a method for diagnosing network-wide traffic anomalies using link-based statistics. The method is based on separating the high-dimensional space of network traffic measurements into disjoint subspaces corresponding to normal and anomalous network conditions. This separation is achieved using Principal Component Analysis (PCA). The method is evaluated on real traffic data from two backbone networks, Sprint-Europe and Abilene. The results show that the method can accurately detect, identify, and quantify volume anomalies in network traffic. The method is effective at detecting anomalies with high detection rates and low false alarm rates. It can accurately identify the underlying origin-destination (OD) flow responsible for the anomaly and estimate the amount of traffic involved in the anomalous OD flow. The method is validated using both real and synthetically injected volume anomalies. The results show that the method is effective at diagnosing volume anomalies in network traffic. The method is based on separating the space of traffic measurements into normal and anomalous subspaces. The method is evaluated using traffic collected from two large backbone networks. The method is applied to both real and synthetically generated anomalies. The results show that the method is effective at detection, identification, and quantification of volume anomalies. The method is validated using real data collected on two different backbone networks. The method is based on a separation of the space of traffic measurements into normal and anomalous subspaces. The method is evaluated using traffic collected from two large backbone networks. The method is applied to both real and synthetically generated anomalies. The results show that the method is effective at detection, identification, and quantification of volume anomalies. The method is validated using real data collected on two different backbone networks. The method is based on a separation of the space of traffic measurements into normal and anomalous subspaces. The method is evaluated using traffic collected from two large backbone networks. The method is applied to both real and synthetically generated anomalies. The results show that the method is effective at detection, identification, and quantification of volume anomalies. The method is validated using real data collected on two different backbone networks. The method is based on a separation of the space of traffic measurements into normal and anomalous subspaces. The method is evaluated using traffic collected from two large backbone networks. The method is applied to both real and synthetically generated anomalies. The results show that the method is effective at detection, identification, and quantification of volume anomalies. The method is validated using real data collected on two different backbone networks. The method is based on a separation of the space of traffic measurements into normal and anomalous subspaces. The method is evaluated using traffic collected from two large backbone networks. The method is applied to both real and synthetically generated anomalies. The results show that the method is effective at detection, identification, and quantification of volume anomalies. The method is validated using real data collected on two different backbone networks. The method is based on a separation of the space of traffic measurements into normal and anomalous