This paper concentrates on the issue of detecting persistent elements of anomalous flows in a distributed monitoring system, which has many applications in detecting cyber-attacks, forecasting influenza, analyzing search keywords, and etc. However, only a few studies consider the anomalous flow detection problem in distributed systems. Meanwhile, most of the existing studies on persistent element detection problem in distributed systems assume that there is only one flow in the data stream, which is not always true in practice. In this paper, we combine the problems of anomalous flow detection and persistent elements finding, and propose an efficient mechanism to find the t-persistent elements of p-anomalous flows from element sets of numerous flows in the monitors of a distributed system, where t and p are system parameters that can be defined based on the application requirement. We adopt tight data structures such as bitmap and bloom filter to record the elements of different flows and filter out the elements that not in the t-persistent element set, which can help us reduce the communication overhead between monitors and the controller. We also give an analysis of how to get the optimal settings of these tight data structures that can minimize the total communication overhead. The experiment results based on real network traces show that the proposed mechanism achieves 76.1% and 69.2% reduction in communication overhead in comparison with a straightforward solution and a state-of-the-art solution based on coding cuckoo filter, respectively.