ES EN
Under attack?
I'm interested
I'm interested
Under attack?


Español English
Home Blog

12 Apr 24

Controlling chaos: Automating reactions to web traffic anomalies

Living on the edge

Today we’ll delve into the exciting world of turning chaos into order. We will explore how to detect and manage the traffic and requests made to your website.

In the vast world of the internet, web traffic is the heartbeat that drives online activity. However, this flow doesn’t always follow a predictable pattern and can sometimes present anomalies that require attention.

What exactly are these anomalies?

Web traffic anomalies are significant deviations from expected patterns of behavior. These deviations can manifest themselves in a variety of ways, such as a sudden spike in the number of visitors, a drastic drop in engagement, or abrupt changes in conversion rate.

In analogy, we can equate these situations to being at a party where everything is going as planned until, unexpectedly, the number of visitors shoots up to stratospheric levels or plummets like Monday morning mood.

To identify and address these anomalies, we turn to our specialized detection system. This system is like a digital watchdog, constantly monitoring web traffic and analyzing data in real time to identify unusual patterns that could indicate the presence of an anomaly.

Features to react to anomalies

Responding quickly and effectively to the detection of an anomaly is crucial to mitigate any negative impact on website performance.

We have implemented the ability to configure automated responses to detected anomalies. This allows users to define specific actions that will be automatically triggered in response to different types of anomalies.

Our system can respond in a variety of ways, from sending an “Alert! Alert!” by email, to stronger measures. At the moment, the idea of ​​contacting INTERPOL is a stretch, but we do not rule out the possibility of developing more sophisticated responses in the future.

Automating anomaly detection and response provides a number of benefits. It not only facilitates faster and more accurate identification of potential problems, but also frees up human resources by eliminating the need for manual intervention in each incident.

For example, if a user sets up an IP blocking reaction, the moment a suspicious IP is detected, it is automatically added to a blacklist and its requests are blocked. It is a simple and effective process. In this way, we manage to reduce the risk of a possible DDoS attack, ensuring the stability and security of the site.

Implementing Reactions

In implementing these automated actions, we chose to create models for each new reaction. Each model contains a method called ‘execute_reaction’ in charge of executing the reaction.

  • Before creating the reactions, it was necessary to incorporate a model that established the connection between the detected anomalies and the automatic responses. In this way, the user can define the specific parameters as well as activate or deactivate each reaction on their websites. This approach allows for greater customization and adaptability to the needs of each company.
  • Once the connection model was established, the reactions were created. To do this, the threshold defined by the user through the control panel was considered. This threshold is the limit set to determine whether an anomaly is serious enough to trigger an automated reaction.
  • In the next phase, all the reactions created by the user were injected into the anomaly detection process. This implies that once an anomaly is detected, a sequence of actions is initiated to execute, one by one, each threshold and active reaction on that corresponding site. If the defined threshold is exceeded, the execute_reaction method is called, thus executing the configured preferences.

Simple and intuitive setup

All of these preferences and reactions are easily configurable from our user panel. With an intuitive and simple interface, you can set up new reactions in a matter of seconds. We offer a wide variety of reaction types available, and thanks to our polymorphic models, we can create new types quickly.

Remember, next time you notice some peculiar behavior in your traffic, don’t panic! Let our Anomaly Detection System take care of everything, while you sit back and enjoy the show. Until next time, and may the anomalies always be in your favor!


author:

Alan Martins

Alan Martins is one of our full stack developers who loves solving coding problems. He is constantly looking to develop efficient and improved procedures, with the aim of increasing productivity and simplicity of work. He is passionate about what he does and always seeks to face new challenges and learn new things.

Artículos Relacionados

09 Oct 24

Processing flow in VLC
Developing and improving your VCL skills will not only allow you to take full advantage of the power of Varnish, but will also give you a competitive advantage by managing your edge applications accurately and efficiently.