Page https://www.whonix.org/wiki/Hide_Tor_and_Whonix_from_your_ISP covers that to implicitly.
Using a VPN or SSH does not provide a strong guarantee of hiding Tor use from the ISP either.  VPNs and SSHs are vulnerable to an attack called website traffic fingerprinting. 
 For a reference for website traffic fingerprinting, see VPN/SSH Fingerprinting (w).
Since adversaries can see which website is being visited even though using a VPN or SSH, even though they don’t know all the traffic in plaintext, it is easy to guess that they can also guess the type of traffic being generated.
I wouldn’t wonder if “user is really using the internet” is easily distinguished from “automated activity”. Users have unique patterns. Automation has too. User patterns change a bit but automated ones are very predictable. This looks more like a whack a mole, who takes more effort, who’s more dedicated, and not certainty for the one trying to hide activity than a resilient solution.