Inferensys

Glossary

Anomaly Detection

Anomaly detection is a machine learning technique that establishes a baseline of normal traffic patterns and flags statistical deviations in request rates, navigation flows, or session lengths indicative of scraping activity.
Stylish WeWork-like workspace with hot desks and document wall, professional searching through enterprise knowledge base on a mounted ultrawide display, warm industrial pendants overhead.
BEHAVIORAL BASELINING

What is Anomaly Detection?

Anomaly detection is a machine learning technique that establishes a statistical baseline of normal system behavior and flags deviations in metrics like request rates, navigation flows, or session lengths to identify scraping activity.

Anomaly detection is a machine learning approach that establishes a baseline of normal traffic patterns and flags statistical deviations indicative of scraping activity. By analyzing features such as request rates, navigation flows, and session lengths, the system identifies outliers that automated scripts produce but human users do not. This method moves beyond static rules to detect novel, evolving bot behaviors.

The technique relies on algorithms like clustering, isolation forests, or autoencoders to model legitimate user behavior. When a visitor's interaction pattern falls outside the established norm—such as accessing pages at superhuman speed or following non-linear link paths—the system triggers an alert or automated block, enabling real-time bot mitigation without predefined signatures.

Statistical Baselines & Behavioral Deviations

Core Anomaly Detection Techniques

Anomaly detection establishes a statistical model of normal traffic and flags deviations in request rates, navigation flows, or session lengths that indicate automated scraping activity.

01

Statistical Baseline Modeling

The foundational process of establishing a normal operating profile for web traffic. This involves calculating the mean, median, and standard deviation of metrics like requests per second, unique URLs accessed, and session duration over a defined training window. Once the baseline is established, any observation falling outside a configurable threshold—typically three standard deviations from the mean—is flagged as anomalous. This technique is highly effective against high-volume scrapers that deviate from human browsing cadence.

Common Threshold
02

Request Rate Anomalies

Detects bots by monitoring the inter-arrival time between consecutive HTTP requests. Human users exhibit variable, stochastic timing patterns with natural pauses for reading and interaction. Automated scripts typically generate requests at machine-gun speeds with unnaturally consistent intervals. A Poisson distribution is often used to model human request rates; traffic that violates this distribution with sub-second, perfectly periodic requests is a high-confidence indicator of a scripted agent.

< 50ms
Bot Inter-Arrival Time
03

Navigation Flow Analysis

Examines the sequence and topology of page transitions within a session. Human users follow organic, referential paths—clicking links, reading content, and navigating with purpose. Scrapers often traverse the site graph in unnatural patterns:

  • Depth-first crawling: Recursively following every link on a page before returning.
  • Breadth-first crawling: Systematically enumerating all URLs at a directory level.
  • Random jumping: Accessing deeply nested pages without intermediate navigation. Markov chain models can score the probability of a given transition sequence, flagging low-probability paths as automated.
04

Session Length Outliers

Identifies bots by analyzing the distribution of session durations. Human sessions typically follow a log-normal distribution, with most visits lasting a few minutes and a long tail of extended engagements. Scraping sessions often manifest as extreme outliers—either thousands of requests in seconds or persistent, multi-hour connections that never idle. Monitoring the ratio of active interaction events to total session time provides a powerful signal for distinguishing human browsing from automated data extraction.

05

Entropy-Based Detection

Measures the randomness and diversity of requested URLs within a session. Human traffic exhibits high entropy in the types of assets requested—a mix of HTML pages, CSS, images, and API calls with varied query parameters. Scrapers targeting structured data often show abnormally low entropy, requesting only product pages or sequentially iterating through numeric IDs. Shannon entropy calculated over the URL path and query string character distributions provides a mathematical basis for flagging highly predictable, automated request patterns.

06

Isolation Forest Algorithm

An unsupervised machine learning algorithm specifically designed for anomaly detection. Unlike methods that profile normal points, Isolation Forest explicitly isolates anomalies by randomly selecting a feature and a split value. Anomalous data points—being few and different—require fewer random partitions to be isolated, resulting in shorter path lengths in the tree ensemble. This technique is computationally efficient, requires no distance calculations, and excels at detecting scraping traffic that forms sparse, distinct clusters in high-dimensional feature space.

ANOMALY DETECTION

Frequently Asked Questions

Explore the core concepts behind using machine learning to identify and block sophisticated web scraping attempts by analyzing deviations from normal traffic patterns.

Anomaly detection is a machine learning technique that establishes a statistical baseline of normal user behavior to identify deviations indicative of automated scraping. Unlike static rules that block known signatures, anomaly detection models learn the typical distribution of request rates, navigation flows, and session lengths for a web application. When a visitor exhibits behavior that falls outside this learned norm—such as an impossibly fast click-through rate or a uniform interval between requests—the system flags it as a statistical outlier. This approach is critical for catching headless browser sessions and sophisticated bots that mimic human fingerprints but fail to replicate organic behavioral entropy.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.