Skip to content

Which data and timeseries should we monitor to identify anomalies on the network

We should identify which timeseries or data in general we would like to consider to identify anomalies on the network.

There are some intuitive and general ideas, for example performances metrics are affected in the event of a ddos attack.

We might also want to consider looking at the downloads and update pings from tor browser to understand if there are spikes or drops. These could for example indicate censorship events.

Something else that we want to consider is looking at anomalies in bandwidth measurements. This can be interesting for a variety of reasons:

  • Understanding attacks from bad actors wanting to deploy relays on the network
  • Understanding issues with network load balancing
  • Address issues with geolocation biases when measuring relays and as a result address issues with network diversity.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information