A sketch-based change detection technique is introduced for anomaly detection. The technique is capable of detecting significant changes in massive data streams with a large number of network time series. As part of the technique, we designed a variant of the sketch data structure, called k-ary sketch, uses a constant, small amount of memory, and has constant per-record update and reconstruction cost. A variety of time series forecast models are implemented on top of such summaries and detect significant changes by looking for flows with large forecast errors. Heuristics for automatically configuring the forecast model parameters are presented. Real Internet traffic data is used to demonstrate and validate the effectiveness of sketch-based change detection method for utilization as a building block for network anomaly detection and traffic measurement in large computer networks.