Cybersecurity and Artificial Intelligence Capstone Project

Privacy-Preserving Bot & Anomaly Detection for Static-Site Telemetry

A live prototype that detects suspicious traffic patterns from static-site telemetry while minimizing personal data collection.

Live Prototype Focus

  • Cloudflare Pages static website
  • Cloudflare Worker telemetry intake
  • Azure ML API prediction endpoint
  • Cloudflare D1 event storage
  • Streamlit dashboard reporting

Project Overview

This prototype demonstrates a privacy-aware detection pipeline for identifying human traffic, good bots, bad bots, and scanner-like activity.

Problem

Static websites often use lightweight JavaScript beacons for analytics. Because these endpoints are public, they can receive bot traffic, scrapers, scanners, and inflated-metric activity.

Solution

The system places a privacy-first detection layer between the website beacon and backend storage. Events are validated, transformed, scored, and reported.

Privacy Approach

The prototype uses minimized telemetry and avoids collecting raw IP addresses, passwords, cookies, authentication tokens, private content, and invasive browser fingerprinting.

Team and Project Context

Live prototype implementation for the Cybersecurity and Artificial Intelligence capstone project.

Capstone Team

  1. Mahin Chowdhury
  2. Naveen Saranya Patro Behara
  3. Olamide Akinyosola
  4. Suma Madasu

Project Context

Institution: Humber Polytechnic, Ontario, Canada

Faculty: Faculty of Applied Sciences & Technology

Program: Cybersecurity and Artificial Intelligence

Project Sponsor: Salience Enterprises Inc.

Industry Supervisor: Abdullah Ali Syed

Course Instructor: Asama Nseaf

Project Phase: Live Prototype Implementation

Live Project Links

Public links used for the deployed prototype and project handover.

Privacy-Preserving Telemetry

Examples of Included Signals

  • Page path
  • Page view event
  • Interaction type
  • Pages per session
  • Request timing
  • Error flag or error rate
  • General user-agent category

Data Not Collected

  • Raw IP addresses
  • Names or emails
  • Passwords
  • Cookies
  • Authentication tokens
  • Private page content
  • Exact location
  • Invasive browser fingerprinting