Content delivery network (CDN) bot detection using primitive and compound feature sets

What we claim follows below: 1. A method of bot detection in a content delivery network (CDN) comprising a distributed set of edge servers, comprising: as clients interact with the edge servers, collecting transaction data; mining transaction data against a set of primitive or compound features sets to generate a database, wherein the feature sets can comprise any one of: a canvas fingerprint, one or more browser parameters, device size, user agent, TLS fingerprint, request headers, and one or more additional features, and combinations thereof, the database comprising one or more data structures, wherein a given data structure associates a feature value with its relative percentage occurrence across the collected transaction data; and upon receipt of a new transaction request, comparing primitive or compound feature set data derived from the new transaction request against the database; and based on the comparison, characterizing an end user client associated with the new transaction request. 2. The method as described in claim 1 wherein a compound feature set is a concatenation of two or more primitive feature sets. 3. The method as described in claim 1 wherein the transaction data is mined periodically. 4. The method as described in claim 1 wherein the end user client is characterized as a bot when the primitive or compound feature set derived from the new transaction request is not found in the database. 5. The method as described in claim 1 wherein the end user client is characterized as a bot when the primitive or compound feature derived from the new transaction request is found in the database but a frequency of occurrence associated with additional transactions associated with the end user client is inconsistent with the relative percentages set forth in the database. 6. The method as described in claim 1 wherein the transaction data is collected across all of the edge servers. 7. The method as described in claim 1 wherein the transaction data is collected across a subset of the edge servers. 8. The method as described in claim 1 further including providing a script for execution on the end user client, wherein the feature set data is collected upon execution of the script. 9. The method as described in claim 1 wherein a compound features set is defined for a pair of primitive feature sets that are shown to be correlated with one another. 10. The method as described in claim 1 wherein the method is carried out in an automated manner. 11. Apparatus, comprising: a processor; computer memory holding computer program instructions configured to: receive a request from a client; compare primitive or compound feature set data derived from the request against a database, wherein the feature sets can comprise any one of: a canvas fingerprint, one or more browser parameters, device size, user agent, TLS fingerprint, request headers, and one or more additional features, and combinations thereof, the database comprising a database of one or more data structures, wherein a given data structure in the database associates a feature value with its relative percentage occurrence across a set of transaction data collected from prior transactions; based on the comparison, determine whether the client is a bot; and upon a determination that the client is a bot, take a mitigation action with respect to the request. 12. The apparatus as described in claim 11 wherein the computer program instructions are further configured to characterize the client as a bot when the primitive or compound feature derived from the request is found in the database but a frequency of occurrence associated with additional transactions associated with the client is inconsistent with the relative percentages set forth in the database. 13. The apparatus as described in claim 11 wherein the computer program instructions comprise a content delivery network edge server process. 14. The apparatus as described in claim 11 wherein the compound feature set is a concatenation of two or more primitive feature sets. 15. The apparatus as described in claim 11 wherein the transaction data is mined periodically. 16. An article, comprising program media holding machine-readable code executable by a processor, the machine-readable code comprising code configured to: collect transaction data; mine transaction data against a set of primitive or compound features sets to generate a database, wherein the feature sets can comprise any one of: a canvas fingerprint, one or more browser parameters, device size, user agent, TLS fingerprint, request headers, and one or more additional features, and combinations thereof, the database comprising one or more data structures, wherein a given data structure associates a feature value with its relative percentage occurrence across the collected transaction data; upon receipt of a new transaction request, compare primitive or compound feature set data derived from the new transaction request against the database; and based on the comparison, characterize an end user client associated with the new transaction request. 17. The article as described in claim 16 wherein the compound feature set is a concatenation of two or more primitive feature sets.