O.2. Develop and implement algorithms for anomaly detection

We want to be able to identify and address unusual usage patterns, deviations from expected behavior, and signals of potential threats.

We need to evaluate and implement algorithms to identify network anomalies.

When defining anomalies, these can be events like DDoS attacks on the network, censorship against the Tor network by an authoritarian government, or a spike in users from a specific country.

Desired Outputs:

• New strategies for identifying anomalies implemented in the Tor Metrics infrastructure.
• Internal research reports on potential uses of algorithms that exist in current literature.

Desired Outcomes:

• Unusual usage patterns, deviations from expect behavior, and signals of potential threats on the Tor network can be identified with the use of appropriate algorithms.
• We are prepared for Objective 3, in which we use these algorithms to analyze historical Tor data.