Comparing metrics from different data flows to detect flaws in network data collection for anomaly detection

What is claimed is: 1. A computer-implemented method for comparing different metrics from different data flows to detect a network operational fault in a network, comprising: collecting a first metric from a first data flow, wherein the first metric describes a first network characteristic of a first network interface, and wherein the first metric is collected using a first network data collection technique that collects Netflow information; collecting a second metric from a second data flow, wherein the second metric describes a second network characteristic of a second network interface, and wherein the second metric is collected using a second network data collection technique different from the first network data collection technique and includes a Simple Network Management Protocol command; comparing the collected first metric to the collected second metric; in response to the comparing, determining the first metric and the second metric are incongruous metrics indicating the first network interface associated with the first metric is different from the second network interface associated with the second metric; determining that a network operational fault exists in the network due to the determining that the first and second metrics being incongruous metrics; and in response to determining that the network operational fault exists in the network, providing the first metric to an anomaly detection system to use to determine whether the network is being attacked. 2. The method of claim 1 , wherein the first network interface is a port on an edge network element and the first network characteristic of the first network interface is utilization of a circuit connected to the port during a period of time. 3. The method of claim 2 , wherein the collecting using the first network data collection technique includes collecting a first plurality of first metrics, each first metric of the first plurality of first metrics describing the utilization of the circuit at a different time period, wherein the collecting using the second network data collection technique includes collecting a second plurality of second metrics, each second metric of the second plurality of second metrics describing the utilization of the circuit at a respective different time periods, wherein the comparing of the first metric with the second metric includes comparing the first plurality of first metrics and second plurality of second metrics at the respective different time periods. 4. The method of claim 3 , wherein the comparing of the first metric with the second metric includes: determining a correlation coefficient between the first plurality of first metrics and the second plurality of second metrics; determining whether the correlation coefficient is within a predetermined range; and determining that the first plurality of first metrics and second plurality of second metrics are incongruous metrics based at least in part on whether the correlation coefficient is determined not to be within the predetermined range. 5. The method of claim 3 , wherein the first network data collection technique is a technique that samples data quantities from packets on the circuit during the period of time. 6. The method of claim 3 , wherein the comparing of the first metric with the second metric includes: determining a plurality of ratios between each of the first metric of the first plurality of first metrics and the second metric of the second plurality of second metrics for respective time periods; aggregating the plurality of ratios determined for a plurality of time periods to generate an aggregated ratio; determining whether the aggregated ratio determined is within a predetermined range; and determining that the first plurality of first metrics and second plurality of second metrics are incongruous metrics based at least in part on whether the aggregated ratio is determined not to be within the predetermined range. 7. The method of claim 6 , wherein the comparing of the first metric with the second metric includes: determining a variance of the aggregated ratio determined, wherein determining that the first plurality of first metrics and second plurality of second metrics are incongruous metrics based at least in part on the determined variance. 8. The method of claim 1 , wherein the providing occurs when the first metric is determined to be congruous with the second metric. 9. The method of claim 1 , wherein the determining the first metric and the second metric are incongruous metrics comprises performing a comparison technique between the first metric and the second metric, wherein the comparison technique comprises a scaling distribution evaluation between the first metric and the second metric. 10. A non-transitory program storage device storing a program of instruction that when executed by a computer to perform operations for comparing different metrics from different data flows to detect a network operational fault in a network, the operations comprising: collecting a first metric from a first data flow, wherein the first metric describes a first network characteristic of a first network interface, and wherein the first metric is collected using a first network data collection technique that collects Netflow information; collecting a second metric from a second data flow, wherein the second metric describes a second network characteristic of a second network interface, and wherein the second metric is collected using a second network data collection technique different from the first network data collection technique and includes a Simple Network Management Protocol command; comparing the collected first metric to the collected second metric; in response to the comparing, determining the first metric and second metric are incongruous metrics indicating the first network interface associated with the first metric is different from the second network interface associated with second metric; determining that a network operational fault exists in the network due to the determining that the first and second metrics being incongruous metrics; and in response to determining that the network operational fault exists in the network, providing the first metric to an anomaly detection system to use to determine whether the network is being attacked. 11. The program storage device of claim 10 , wherein the first network interface is a port on an edge network element and the first network characteristic of the first network interface is utilization of a circuit connected to the port during a period of time. 12. The program storage device of claim 11 , wherein the collecting using the first network data collection technique includes collecting a first plurality of first metrics, each first metric of the first plurality of first metrics describing the utilization of the circuit at a different time period, wherein the collecting using the second network data collection technique includes collection a second plurality of second metrics, each second metric of the second plurality of second metrics describing the utilization of the circuit at a respective different time periods, wherein the comparing of the first metric with the second metric includes comparing the first plurality of first metrics and second plurality of second metrics at the respective different time periods. 13. The program storage device of claim 12 , wherein the comparing of the first metric with the second metric includes: determining a correlation coefficient between the first plurality of first metrics and the second plurality of second metrics; determining whether the correlation coefficient is with