For this project I started with an extensive survey with anchor hosts, then analyze the results to better understand what value proposition they wanted. The next step was gathering domain knowledge about how the internet functions. We used this knowledge to develop anomaly detection methods that could be used to find alert-worthy moments. Next to my data oriented tasks I also took up some of the front end development work, since our team did not have a dedicated front end developer. The second semester I took up the role of product owner, focusing more on what we need to develop.
Some monitoring tools already existed, but they were complicated to set up. The two focus points for this project were no complicated setup and no need to tweak thresholds. The architecture that we came up with consists of two main parts: The anomaly detection and feedback engine. The anomaly detection follows a plugin structure, which allows users to develop better detection methods based on their domain knowledge (we have learned quite a bit, but are not network engineers with a couple of years of experience!). The feedback engine uses feedback (thumbs up and down) from users on anomalies to predict if future anomalies should be alerts or not.