pull down to refresh

First, I'd keep that part of the code closed-source. Treat it like a black box, an extension, to the open source parts. The goal for the extension is fast inference, using traffic metadata to predict, probability-of-bot.
Second, I'd run a few models in parallel, all trying to compete for bot detection.
Third, I'd explore joining data sets, to improve the models.
Tech wise - its a mix of python, kubeflow, maybe snowflake.
Data wise - its probably a mix of vendor + quality of traffic + a training set comprised of human curated real-user activity.