Building an efficient and accurate bot detection strategy is a real challenge and can be as difficult as herding cats! As discussed in Chapter 1, “A Short History of the Internet,” the Internet has been built around well-thought-out principles and protocols, but the ecosystem evolves constantly, with new devices and software being released regularly. The raw material required to build efficient detection methods is data—specifically, data collected on the client side through JavaScript, which represents the client configuration and user settings, and data on the server side, that represents the network and communication protocols characteristics used. The data is used to differentiate between the ever-changing Internet ecosystem that represents valid user traffic and the dynamic attack traffic. This chapter discusses the different types of data points collected, the complexity of the Internet ecosystem, the various detection approaches, and how they have evolved over time.

Data Collection Strategy

Each interaction between a client and a server generates data used to research and differentiate what constitutes good or bad traffic. Different types of data are required to look at the request from various points of view and build resilient detection methods. Most bot management products collect data on the client side through JavaScript running on the page ...