Baskerville is an analytics engine that leverages machine learning to distinguish between normal and abnormal web traffic behavior. It is currently in production on the Deflect network, as a web application firewall, working in coordination with the Challenger and Banjax tools. Baskerville was created to help our systems team identify and block malicious bots attacking our clients’ websites. Its primary functionality was built around the following needs:
- Be fast enough to make it count
- Be able to adapt to changing traffic patterns
- Provide actionable intelligence (a prediction and a score for every IP)
- Provide reliable predictions (probation period & feedback)
Baskerville is also an open source project and can be installed in any web environment. In the near future, Baskerville will become a clearinghouse of threat intelligence and will allow anyone to query our machine model for identifying malicious traffic on their networks. Read more about the project below.