We propose an anomaly detection method that trains a baseline model describing the normal behavior of network traffic without using manually labeled traffic data. The trained baseline model is used as the basis for comparison with the audit network traffic. The proposed method can be carried out in an unsupervised manner through the use of time-periodical packet sampling for a different purpose from which it was intended. That is, we take advantage of the lossy nature of packet sampling for the purpose of extracting normal packets from the unlabeled original traffic data. By using real traffic traces, we show that the proposed method is comparable in terms of false positive and false negative rates on detecting anomalies regarding TCP SYN packets to the conventional method that requires manually labeled traffic data to train the baseline model. In addition, in order to mitigate the possible performance variation due to probabilistic nature of sampled traffic data, we devise an ensemble anomaly detection method that exploits multiple baseline models in parallel. Experimental results show that the proposed ensemble anomaly detection performs well and is not affected by the variability of time-periodical packet sampling.