Gone offline: how Cloudflare Radar detects Internet outages

This article explains how Cloudflare detects Internet disruptions by analyzing Internet traffic data from various sources. The main challenge in this task is the heterogeneity of time series and presence of artifacts, which can affect the accuracy of anomaly detection algorithms. To overcome these challenges, Cloudflare developed a method that involves computing Euclidean distances to find most similar 24-hour periods for a reference day, selecting the top six closest matches based on the last 28 days (plus the reference day), and using median traffic volume as forecasted data. The algorithm also incorporates rules for relative change in actual vs. forecasted traffic, sustained anomaly detection, point anomaly detection, and closing an anomaly event. This approach has been effective at detecting traffic anomalies while keeping a low false positive rate, and Cloudflare will continue refining the algorithm to cover more use cases in the future.