Undesired Content and Viewers

Malicious users may try to re-stream undesired content (e.g., professional sports) on your platform. This kind of streaming can dramatically increase the amount of live-streamed video that your application is serving as well as the costs associated with it, without adding value to your business. In addition to providing you with controls to stop active streams, Amazon IVS provides resources to help detect and prevent this kind of behavior in the first place.

Detecting Undesired Content

Anomaly Detection

You can detect and alert on the kind of anomalous spike in viewership that happens when certain undesired content is being streamed. (Once you detect that a spike has occurred, you can take the steps mentioned in stop the stream and reset the stream key, as discussed below.)

Amazon CloudWatch allows you to create alarms which can send alerts under specific circumstances; for example, when your viewership spikes. Amazon IVS automatically reports concurrent views (CCV) metrics to Amazon CloudWatch for all your channels, so you only need to set up an alarm. To set up an anomaly-detection alarm based on CCV, follow these steps:

1. Open the Amazon CloudWatch console at https://console.aws.amazon.com/cloudwatch/.

2. On the left navigation bar, select Alarms, then select All alarms.

3. On the top right of the page, select Create alarm.

4. Select Select Metric. Under Metrics, select IVS, then All, then select the checkbox next to ConcurrentViews.

5. On the lower right, select Select metric. A 4-step alarm-creation wizard opens.

6. Wizard: In Step 1, Specify metric and conditions, specify these settings:

   1. Statistic = Maximum

   2. Period = 1 minute

   3. Threshold type = Anomaly Detection

   4. Whenever concurrent views is… = Greater than the band

   5. Anomaly detection threshold = 3

      This threshold value is an initial suggestion. You may want to select a different value depending on your typical traffic patterns and needs. Use a lower value to watch your metrics more closely; a higher value, to get fewer alarms.

   6. Select Next.

7. Wizard: In Step 2, Configuration actions, choose an existing SNS topic or create a new one, to send email to an address you specify. To create a topic which sends an email, select Create new topic, provide a topic name, enter your email address, and select Create topic. Select Next to continue.

8. Wizard: In Step 3, Add name and description, add a name and optional description for the alarm, then select Next.

9. Wizard: In Step 4, Preview and create, verify that the information is correct, then select Create alarm.

10. Your alarm is created. If prompted, follow any instructions for confirming SNS subscriptions.

For more information, see:

1. Monitoring Amazon IVS Low-Latency Streaming

2. Creating a CloudWatch alarm based on anomaly detection

Custom Content Moderation

You can explore custom content-moderation solutions to detect undesired content via image recognition. Amazon IVS provides the ability to automatically record Amazon IVS live streams to Amazon S3, including the generation of thumbnail images for use in this kind of solution.

Consider these additional detection and prevention techniques:

• The Amazon IVS moderation with Amazon Rekognition demo showcases how to use IVS Auto-Record to S3 in conjunction with Amazon Rekognition to moderate live content.

• Add Hive content moderation to your Amazon IVS video streams

• Creating Safer Online Communities with AI/ML Content Moderation is a blog post about using Amazon Rekognition within an IVS application.

Preventing Undesired Content and Viewers

Stop the Stream and Reset the Stream Key

If you detect that a channel is being used to stream undesired content, you can use the Amazon IVS console to shut down the stream:

1. Open the Amazon IVS console. (You can also access the Amazon IVS console through the AWS Management Console.)

2. If needed, from the navigation bar, use the Select a Region drop-down to choose the region in which the channel is hosted.

3. Select the channel on which the stream that you want to stop is running.

4. On the channel page, navigate down to the Live Stream section and select Stop stream.

Even after you stop the stream, the broadcaster can restart the stream on that channel. To prevent this, reset the stream key; that prevents the broadcaster from restarting a stream without first acquiring a new stream key. To reset the stream key:

• While still on the channel page, navigate down to the Stream configuration section and select Reset stream key.

You also can stop a stream and reset (delete/create) the stream key programmatically. See the Amazon IVS Low-Latency Streaming API Reference.

Depending on how your application issues stream keys, you may need to take further measures to prevent any new stream keys from being acquired.

Use Private Channels

In many cases, undesired content is streamed to a large audience outside of your platform by simply embedding the playback URL in a third-party website. The best solution to prevent this kind of behavior is Amazon IVS private channels. By using private channels, you can restrict playback to viewers with valid playback tokens. Playback tokens are used to validate the viewer within the playback application, impeding viewership on unintended platforms. In addition, you can enable origin enforcement, which prevents viewers from watching streams on websites that aren't hosted on your domains. You can extend this protection to cover common streaming applications by also enabling strict origin enforcement.

Note that you can get the protection of private channels and authentication without forcing users to create and/or log in to formal accounts. Your playback application can simply acquire a token anonymously behind the scenes. You’ll still be able to take advantage of origin enforcement.

To learn more about private channels, see:

• Setting Up Private Channels in the IVS Low-Latency Streaming User Guide. Within that document, to learn more about origin enforcement, see Generate and Sign Playback Tokens.

• Creating a Private Channel for Authorized Live Stream Playback with Amazon IVS (blog post)

Use Playback Restriction Policies

If you do not want to use private channels, you can still benefit from some of the same protections by leveraging playback restriction policies. These policies allow you to enable features such as GeoBlocking and origin enforcement on public channels. You create a playback restriction policy using the IVS console or API, then attach the policy’s ARN to your channels.

To learn more about playback restriction policies, see:

• Getting Started with IVS Low-Latency Streaming – See the information on preventing undesired content and Viewers.

• IVS Low-Latency Streaming API Reference – See playback restriction policy endpoints and the PlaybackRestrictionPolicy object.