Using machine learning to detect bot attacks that leverage residential proxies

Bots using residential proxies are a significant challenge for security engineers trying to combat online abuse. Advanced bots can bypass country blocks and rate-limiting, making it difficult to identify malicious traffic. Cloudflare's new Bot Management machine learning model (v8) identifies residential proxy abuse without resorting to IP blocking, which can cause false positives for legitimate users. The model focuses on two areas of abuse: attacks leveraging residential IP proxies and those originating from cloud providers. By using a combination of network-level discrepancies and behavioral signals, the new machine learning model detects residential proxy traffic on a per-request basis while allowing benign residential users to visit Cloudflare-protected websites.