the ensemble detection system involves time-consuming computation and cannot work real-time. Yu et al. [21] suggested a two-tier hierarchical detection system using SVM. The hierarchical structure and one-class SVM (i.e., Support Vector Data Description) equip it with the advantage in classifying various attacks into their appropriate classes. This detection system achieved its best attack detection rate of 99.40% using 3 selected Management Information Based (MIB) features. Statistical analysis techniques have been employed to conduct investigation into attributes of network traffic packets and to determine a rationale threshold for discriminating attacks from the legitimate traffic. Wang et al. [22] proposed a sequential Change-Point Monitoring (CPM) approach for the detection of DoS attacks. A non-parametric Cumulative Sum (CUSUM) algorithm was used in the CPM to evaluate the significance of the changes of traffic patterns and to determine the appearance of DoS attacks. The CPM is more suitable for analysing a complex network environment. Whereas in [22], CPM was only tested using SYN flooding attacks. Moreover, its performance is possibly affected by network indiscipline. Kim and Reddy [23] suggested a statistical-based approach to detect anomalies at an egress router. Discrete wavelet transform was used to transform address correlation data (i.e., the correlation of destination IP addresses, port numbers and the number of flows). This statistical-based detection technique provides a solution to detect outgoing anomalous traffic at source networks. Thatte et al. [24] developed a bivariate Parametric Detection Mechanism (bPDM) operating on aggregate traffic. The bPDM applies the Sequential Probability Ratio Test (SPRT) on two aggregate traffic statistics (i.e., packet rate and packet size), and it alleges an anomaly only when a rise in the traffic volume is associated with a change in the distribution of packet-size. Despite the afore-discussed systems or approaches show innovation and promise in different aspects of attack detection, they still suffer from relatively high false positive rates. This is partly because they either neglect the dependency and correlation between features/attributes or do not manage to fully exploit the correlation [25]. Some recent studies attempt to cope with this problem by taking full advantage of the correlation in their designs. Thottan and Ji [10] developed an abrupt change detection approach which employs statistical signal processing technique based on the Auto-Regression (AR) process. An operation matrix (A), which retained "the ensemble average of the two point spatial cross-correlation of the abnormality vectors estimated over a time interval T " [10], participated in the computation of the value of abnormality indicator. Although this detection approach has shown to be effective in detecting several network anomalies, it is still an open topic for now how to manage features with various time granularities. Jin et al. [11] proposed a statistical detection approach using...