Cybersecurity and Artificial Intelligence Capstone Project
Privacy-Preserving Bot & Anomaly Detection for Static-Site Telemetry
A live prototype that detects suspicious traffic patterns from static-site telemetry while minimizing personal data collection.
Live Prototype Focus
- Cloudflare Pages static website
- Cloudflare Worker telemetry intake
- Azure ML API prediction endpoint
- Cloudflare D1 event storage
- Streamlit dashboard reporting
Project Overview
This prototype demonstrates a privacy-aware detection pipeline for identifying human traffic, good bots, bad bots, and scanner-like activity.
Problem
Static websites often use lightweight JavaScript beacons for analytics. Because these endpoints are public, they can receive bot traffic, scrapers, scanners, and inflated-metric activity.
Solution
The system places a privacy-first detection layer between the website beacon and backend storage. Events are validated, transformed, scored, and reported.
Privacy Approach
The prototype uses minimized telemetry and avoids collecting raw IP addresses, passwords, cookies, authentication tokens, private content, and invasive browser fingerprinting.
Team and Project Context
Live prototype implementation for the Cybersecurity and Artificial Intelligence capstone project.
Capstone Team
- Mahin Chowdhury
- Naveen Saranya Patro Behara
- Olamide Akinyosola
- Suma Madasu
Project Context
Institution: Humber Polytechnic, Ontario, Canada
Faculty: Faculty of Applied Sciences & Technology
Program: Cybersecurity and Artificial Intelligence
Project Sponsor: Salience Enterprises Inc.
Industry Supervisor: Abdullah Ali Syed
Course Instructor: Asama Nseaf
Project Phase: Live Prototype Implementation
Live Project Links
Public links used for the deployed prototype and project handover.
Live Website
Worker Events API
Streamlit Dashboard
GitHub Repository
Privacy-Preserving Telemetry
Examples of Included Signals
- Page path
- Page view event
- Interaction type
- Pages per session
- Request timing
- Error flag or error rate
- General user-agent category
Data Not Collected
- Raw IP addresses
- Names or emails
- Passwords
- Cookies
- Authentication tokens
- Private page content
- Exact location
- Invasive browser fingerprinting