Submit a ticket My Tickets
Welcome
Login  Sign up

Real-Time Traffic Anomaly Detection

TABLE OF CONTENTS


Overview

Constellix's Real-Time Traffic Anomaly Detection (RTTAD) is a machine-learning tool that serves as an alert system in the event of inconsistent domain traffic patterns. RTTAD is a proactive monitoring service that utilizes a domain's historical data to learn traffic patterns. When there is an unexpected spike or surge in traffic, the tool sends an automatic alert. The collected data can be repurposed to best suit the organization's needs. 

RTTAD can assist in detecting:

  • Distributed-denial-of-service (DDoS) attacks
  • System configuration trouble
  • System outages
  • Firewall configuration issues
  • Marketing mistakes

See DNS Analytics to learn more about the platform.

This guide will assist in enabling, managing, and disabling RTTAD for domain(s). 


Enable Real-Time Traffic Anomaly Detection

To enable RTTAD in an environment, there are two ways to log in and navigate to the Anomaly Detection page. 

  1. Log into the Constellix DNS dashboard.
    1. From the Recently Updated Domains section in the table on the right, select the domain(s) in which RTTAD will be enabled.
    2. The status of RTTAD will be indicated at the top of the screen, below the domain name. Click on the Activate Anomaly Detection button to enable the tool.
  2. Log into the Constellix Analytics dashboard.
    1. From this dashboard screen, click on the plus icon next to the domain.

Both of these navigation paths will lead to the Anomaly Detection page. Once here, follow the proceeding steps to enable this tool.

  1. On the Anomaly Detection Page, proceed with the following steps:
    1. In the Manage Scheduled Anomaly Detections section, select the domains which will have RTTAD enabled.
    2. In the description section, select the aggregation preference using the dropdown box. 
      1. Aggregated to world - this selection bases the anomalies on the sum of the domain's traffic from around the world. This option is recommended for domains that receive five billion or below queries per month.
      2. Aggregated to region - this selection bases the anomalies on the sum of the domain's traffic for a specific region. This option is recommended for domains that receive above five billion 
      3. Aggregated to city - this selection bases the anomalies on the sum of the domain's traffic for a specific city, which gathers information from each point of presence (PoP) from around the world.
        NOTE: Billing is dependent on the type of monitoring aggregation selected. 
    3. Click on Save.
    4. Optionally, you can click on the Save All button to save changes to any or all selected domains.
  2. Verify Anomaly Detection is now enabled from the Domain page of the dashboard with the following two changes indicated:
    1. Anomaly Detection On will appear in green.
    2. The Activate Anomaly Detection button will change to a Manage Anomaly Detection button. 

Real-Time Traffic Anomaly Detection Demo Video

This setup demonstration video will facilitate enabling and managing RTTAD.


Manage Real-Time Traffic Anomaly Detection 

To configure RTTAD with environmental specifics, log into the Constellix dashboard. The proceeding steps will facilitate set up from the DNS tab of the menu bar. Navigate to the domain's page via the DNS or Analytics tab. 

Ensure Anomaly Detection is On and click on the Manage Anomaly Detection button.

NOTE: If anomaly Detection is Off, follow the steps to enable the RTTAD  before proceeding with management steps. 

On the Anomaly Detection screen, the following management actions can be taken:

Once these are set, the contacts will be notified if the traffic has gone above or below the expected traffic patterns for the domain. 


Anomaly Detection Notification

Once notification groups are established, an email will be sent to the contacts that were added for the domain if an anomaly is detected. with related information. 

A graph, along with relative information, will be included to indicate when traffic went above or below the expected traffic patterns that the tool predetermined through its machine-learning capabilities to be considered normal for the domain. 

This information is mostly utilized to investigate where traffic is coming from (region, record name, etc.) via the Data Explorer. 


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.