Live Architecture

Telemetry Detection Pipeline

The implemented flow connects the Cloudflare Pages website, beacon.js, Cloudflare Worker, Azure /predict ML API, Cloudflare D1, and Streamlit Dashboard.

High-Level Process Flow

Telemetry is stripped of unnecessary personal data at the edge worker endpoint before being transformed, scored, stored, and reported.

1. Static WebsiteVisitor interacts with the Cloudflare Pages site.
2. beacon.jsBrowser sends limited telemetry events.
3. Cloudflare WorkerReceives events and applies edge rules.
4. Privacy ValidationPII is avoided before scoring and storage.
5. Azure /predictML API returns prediction and confidence.
6. Cloudflare D1Stores processed event summaries and scores.
7. Streamlit DashboardReports classifications, risk levels, and evaluation evidence.
Worker connected to Azure /predict End-to-end latency measured Cloudflare D1 event storage Streamlit reporting dashboard

Pipeline Steps and System Ownership

Stage Owner Output
CollectStatic website + beacon.jsMinimized telemetry event
IntakeCloudflare WorkerAccepted event payload
ValidateCloudflare Worker privacy logicApproved non-sensitive fields
ExtractFeature extraction pipelineML-ready feature vector
DetectCloudflare Worker Rules + Azure App Service ML APIClassification + risk score
ReportCloudflare D1 + Streamlit DashboardStored summary + dashboard evidence

Detection Methods

The prototype uses a rule baseline plus two trained model files: an unsupervised Isolation Forest model and a supervised Gradient Boosting model.

Method Learning type Purpose Model file
Rule-based detector Rules Flags obvious suspicious patterns such as rapid requests, suspicious paths, high error rates, and scanner-like activity. Cloudflare Worker logic
Isolation Forest Unsupervised anomaly detection Identifies traffic patterns that differ from normal behaviour. isolation_forest_model.pkl
Gradient Boosting Supervised classification Classifies events using labelled synthetic telemetry examples. gradient_boosting_model.pkl

Project Boundaries

In Scope

  • Professional static website + beacon
  • Cloudflare Worker intake endpoint
  • Privacy validation + minimized telemetry schema
  • Synthetic dataset + feature engineering pipeline
  • Rule-based detector + Isolation Forest + Gradient Boosting
  • Cloudflare D1 storage + Streamlit Dashboard + evaluation report

Out of Scope

  • Real sponsor production data
  • Production-grade blocking or CAPTCHA enforcement
  • Rate limiting or active mitigation
  • Third-party attacks or adversarial testing
  • Invasive tracking or browser fingerprinting
  • Commercial-ready security product