Introduction
Keeping the Tor network in a healthy state is a crucial task for providing the anonymity and security guarantees Tor is promising its users. In order to do so we need to know when the network is about to become or already unhealthy. A good indicator for that is the presence (or absence) of anomalies: if the Tor network is functioning according to expectations then we can claim it's in a healthy state while being confronted with anomalies is putting that at risk. Thus, it becomes important to reliably detect and understand anomalies, and mitigate them if needed.
This document is concerned with collecting all information related to anomaly detection at Tor in a single place. Its main focus will be on detection methods proposed in the research literature and the state of implementing them or other anomaly detection means in our network-health infrastructure. We will keep this document updated as new detection methods emerge and more and more of them get incorporated into our day-to-day work. Thus, this is a working document. In case implemented algorithms are getting superseded by improved ones, we'll add the former to a section about past anomaly detection efforts to provide more context for understanding the status quo.