This Paper proposes a network based intrusion detection approach using anomaly detection in the presence of Denial of Service attacks (DoS). Flood based attacks are a common class of DoS attacks. DoS detection mechanisms that aim at detecting floods mainly look for sudden changes in the traffic and mark them anomalous. In this approach, network traffic is decomposed into control and data planes to study the relationship between them. As the data traffic generation is based on control traffic, the behavior of the two planes is expected to be similar during normal behavior. Therefore, detecting dissimilarity between the traffic of the two planes can indicate an abnormal behavior. Toward that objective, an Auto Regressive (AR) model has been used. Simulation results show that both the accuracy of the detection and less false positives.