Traffic Analysis Detections
What Is Traffic Analysis?
The AI Security Gateway includes a built-in traffic analysis engine that monitors MCP and LLM proxy traffic in real-time. It uses heuristic pattern matching to detect suspicious behaviours such as automated scanning, attack sequences, and anomalous content patterns.
Key points:
- Always active — runs automatically on all proxy traffic, no configuration required
- Monitor-only — flags suspicious patterns for human review, does not block requests
- Heuristic-based — uses pattern matching and statistical analysis, not confirmed threat intelligence
- May produce false positives — especially in development, testing, and automated CI/CD environments
Traffic analysis alerts are meant to surface behaviours worth investigating. They complement guardrail providers and security policies but are not a substitute for them.
How to Identify Traffic Analysis Alerts
All traffic analysis alerts share these characteristics:
- Policy Name:
traffic-analysis - Description prefix:
[Traffic Analysis] - Description suffix: "flagged for investigation, not a confirmed threat"
- Action: Always
Monitor(neverBlock)
You can filter for these alerts in the Alerts dashboard using the Policy Name filter set to traffic-analysis.
Detection Types
Attack Sequence Detection
The engine tracks sequences of MCP method calls within a session and flags patterns that match known attack behaviours.
| Alert Title | Rule ID | What It Detects |
|---|---|---|
| Attack Sequence: Reconnaissance Sequence | SEQUENCE_RECONNAISSANCE_SEQUENCE | Sequential tools/list → resources/list → tools/call pattern suggesting systematic enumeration |
| Attack Sequence: Privilege Escalation | SEQUENCE_PRIVILEGE_ESCALATION | Commands associated with privilege elevation (whoami, sudo, su) |
Common false positive scenarios:
- Normal MCP clients that list tools before calling them (standard MCP handshake)
- Development and testing scripts that enumerate available tools
- Automated integration tests
Behavioural Anomaly Detection
Tracks session-level behaviour patterns and flags statistical outliers.
| Alert Title | Rule ID | What It Detects |
|---|---|---|
| Behavioral Anomaly: RapidFire | BEHAVIORAL_RAPIDFIRE | Requests arriving faster than the configured threshold (default: 100ms) |
| Behavioral Anomaly: MethodDomination | BEHAVIORAL_METHODDOMINATION | A single MCP method making up more than 80% of session requests |
Common false positive scenarios:
- Automated clients or CI/CD pipelines making rapid sequential calls
- Load testing or performance benchmarking
- Batch processing workloads
Content Analysis
Examines request and response payloads for suspicious content characteristics.
| Alert Title | Rule ID | What It Detects |
|---|---|---|
| Content Analysis: HighEntropy | CONTENT_HIGHENTROPY_* | Encoded, encrypted, or obfuscated content (Shannon entropy > 7.0 bits) |
| Content Analysis: EncodingDetected | CONTENT_ENCODINGDETECTED_* | Base64, hex, URL encoding, or Unicode escape sequences in payloads |
Common false positive scenarios:
- Legitimate binary or encoded data in tool call arguments
- Base64-encoded images or file content
- Encrypted API payloads from secure integrations
Alert Examples
Attack Sequence Alert
json
{
"title": "Attack Sequence: Privilege Escalation",
"description": "[Traffic Analysis] Detected sequence pattern matching \"Privilege Escalation\" with 90% confidence — flagged for investigation, not a confirmed threat",
"severity": "High",
"policy_name": "traffic-analysis",
"rule_id": "SEQUENCE_PRIVILEGE_ESCALATION",
"action": "Monitor",
"source": "[::1]:64644",
"user_identity": "Refactor",
"user_group": "Admin User"
}Behavioural Anomaly Alert
json
{
"title": "Behavioral Anomaly: RapidFire",
"description": "[Traffic Analysis] Client making requests every 45ms — flagged for investigation, not a confirmed threat (confidence: 95%)",
"severity": "Medium",
"policy_name": "traffic-analysis",
"rule_id": "BEHAVIORAL_RAPIDFIRE",
"action": "Monitor"
}Investigating Traffic Analysis Alerts
When you see a traffic analysis alert:
- Check the context — look at the user identity, source IP, and timing. Is this a known automated client or test environment?
- Review surrounding alerts — a single sequence detection in isolation is often a false positive. Multiple correlated detections from the same source are more concerning.
- Check request logs — navigate to the proxy's request logs to see the full sequence of calls the user made.
- Compare with guardrail results — if guardrail providers are configured, check whether they also flagged the same traffic. Guardrail violations are more definitive than traffic analysis heuristics.
- Mark false positives — if the alert is benign, mark it as False Positive to keep your alert dashboard clean and help identify tuning opportunities.
Traffic Analysis vs Other Alert Sources
| Feature | Traffic Analysis | Guardrail Providers | Security Policies |
|---|---|---|---|
| Detection method | Heuristic pattern matching | External AI evaluation | Rule-based regex/pattern |
| Action | Monitor only | Monitor or Block | Monitor or Block |
| Confidence | Varies (may false-positive) | Provider-scored | Rule-defined |
| Configuration | Automatic (always on) | Requires provider setup | Requires policy assignment |
| Raw data | Steps/evidence only | Full evaluation results (per-policy scores, rationale) | Matched rule details |
| Best for | Surfacing unknown patterns | Content safety enforcement | Known threat signatures |
Reducing False Positives
If traffic analysis generates too many alerts in your environment:
- Mark false positives — use the False Positive status so you can track patterns
- Filter in dashboards — use Policy Name filter to separate traffic analysis alerts from guardrail and policy alerts
- Adjust thresholds — see the Advanced Traffic Analysis technical guide for configuration options
Related Documentation
- Alert System: Alert Recording System
- Guardrail Providers: Guardrail Providers Guide
- Technical Details: Advanced Traffic Analysis Architecture