Harbor 🪼

Anti-Bot Machine Learning

2 min read

Modern bot detection relies heavily on Machine Learning to distinguish between human traffic, “good” bots (search engine crawlers), and malicious automated traffic (scrapers, credential stuffers, AI agents).

How ML is Used in Bot Detection

Instead of relying solely on static IP blocks and hardcoded rules, edge security providers (like Cloudflare, DataDome, and Akamai) use ML pipelines:

  1. Global Data & Supervised Learning: Platforms train models on billions of daily requests. They assign a “Bot Score” (e.g., Cloudflare’s 1-99 score) to every request based on labeled datasets of known attacks and verified human traffic.
  2. Behavioral Biometrics (Client-Side):
    • Uses lightweight JavaScript SDKs to capture mouse movements, scrolling speeds, touch events, and keystroke dynamics.
    • Time-series analysis and clustering algorithms identify superhuman uniformity or erratic anomalies that suggest automation.
  3. Request Fingerprinting (Server-Side):
    • Analyzes HTTP headers, TLS fingerprints, and connection metadata.
    • Detects spoofed User-Agent strings or missing headers typical of headless browsers like Playwright or Puppeteer.
  4. Execution at the Edge: ML inference models (often built with tools like CatBoost or optimized Rust) are executed directly on edge servers. They must run in microseconds (e.g., DataDome operates in under 3ms) to avoid adding latency to the user experience.

Case Studies in Industry

DataDome

DataDome utilizes a multi-layered AI engine combining supervised/unsupervised learning and genetic algorithms.

  • OffenderWatch (Case Study): Faced massive scraping of their public safety records. DataDome’s ML model reduced bot traffic by over 90% (from 80 million to 2.5 million daily requests), drastically cutting bandwidth costs.
  • Luxury Retailer (Appointment Fraud): Bots were booking 80% of in-store appointments for resale. The ML “Account Protect” solution filtered out 90% of fraudulent bookings in real-time by analyzing intent rather than just bot signatures.

Cloudflare Bot Management

Cloudflare analyzes tens of millions of requests per second globally.

  • Credential Stuffing Prevention: By looking at global login failure rates and anomalous velocity signatures across their entire network, their ML model detects coordinated login attacks before they hit a specific customer’s database.

Portfolio Project Idea

Project Name Idea: ML-Bot-Behavior-Classifier Concept: Collect a dataset of mouse movements and scroll events from real users and automated scripts (like Playwright). Train a Random Forest or lightweight Neural Network to classify a session as Human or Bot based on the behavioral telemetry. Deploy it as a fast API.

Backlinks