Question
Design an edge bot- and abuse-detection system for a global CDN/web platform serving 5M req/s across 250 PoPs. It must score every request in under 1ms of added p99 latency, block credential-stuffing, scraping, and L7 DDoS, and adapt to new attack patterns within minutes. Threat model: distributed residential-proxy botnets that rotate IPs, mimic real browsers, and stay under any single-IP rate limit. You may emit a JS/TLS-fingerprint challenge but must keep human friction near zero. Walk through detection signals, where decisions are made (edge vs central), and how models are trained and pushed.
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.