Traffic monitoring is an essential tool to ensure network availability and its correct operation. To accomplish this task automatically, we present the DSNSF (Digital Signature of Network Segment using Flow analysis), which characterizes the normal behavior of network traffic. For the DSNSF creation a modification of Ant Colony Optimization metaheuristic is used, which improves the extraction of information, defining a normal profile. Furthermore, we propose a model based on DTW (Dynamic Time Warping) pattern matching technique for anomaly detecting, allowing the recognition of deviant behavior moving in time and those who are punctual. The anomaly notifications are multilevel, in order not to overload the network administrator with false reports. To evaluate the proposed system, IP flows from a real data set were used.