Anomaly detection is critical given the raft of cyber attacks these days. It is thus essential to identify the network anomalies more accurately. In this paper, we propose a novel network anomaly detection system which combines random projections (sketches) and feature-based MSPCA to detect anomalous source IP addresses. By combining PCA and wavelet analysis, MSPCA can separate anomalous data efficiently. Incorporating with Sketch data structure enables our system to identify anomalous source IP addresses. In our proposed system, we extract several network flow-based features which are helpful in exposing the different kinds of attacks. We conduct two comparisons using real network traces from MAWI dataset. The results show that MSPCA-based method has better performance than PCA-based one. In addition, feature-based anomaly detection system is superior in detecting more subtle attacks than one based on packet counting.