Risk-X: Real-Time Risk Intelligence

Graduate project • Streaming anomaly detection + drift adaptation on Azure

Risk-X thumbnail

Status: In Progress 🚧  —  Risk-X is a cloud-native streaming system for real-time transaction risk monitoring. It scores each incoming transaction for anomalies, detects concept drift in behavior patterns, and automatically adapts by recalibrating alert thresholds and resetting the anomaly model when drift is detected.

TL;DR

Real-time risk monitoring pipeline that replays transactions into Azure Event Hubs, scores anomalies online, detects drift, and auto-adapts to keep alerts stable and meaningful.

My role

Designed the architecture and workflow, built the streaming pipeline plan (producer → consumer microservice → SQL), and implemented the project structure + evaluation plan for real-time scoring and drift handling.

Tech

Azure Event HubsAzure Container AppsAzure SQLRiverADWIN / Page-HinkleyPythonStreamlit

Links

GitHub Repo

Overview

Traditional fraud and risk systems often rely on batch processing and periodic retraining, which can lag behind rapidly changing user behavior and evolving fraud tactics. Risk-X addresses this by using a streaming pipeline on Microsoft Azure to process events in real time, detect anomalies immediately, and respond to drift so alerting remains stable and meaningful.

Key goals

  • Stream transactions in real time and assign an anomaly risk score per event.
  • Detect drift in the score stream and/or key feature statistics.
  • Apply an adaptation policy: reset anomaly model + recalibrate alert thresholds.
  • Persist results for auditability and analysis.
  • Provide a live dashboard for anomaly trends, alerts, and drift markers.

Confirmed design decisions

  • Dataset: IEEE-CIS Fraud Detection (replayed as a transaction stream)
  • Ingestion: Azure Event Hubs
  • Compute: Consumer microservice deployed on Azure Container Apps
  • Modeling: Online anomaly detection using River
  • Drift detection: ADWIN / Page-Hinkley
  • Adaptation policy: Reset model + recalibrate threshold
  • Storage: Azure SQL Database
  • Dashboard: Streamlit deployed on Azure Container Apps
  • Monitoring: Azure Monitor
  • Explainability: Rule-based “reason codes”

Project workflow

1) Data replay / producer

Replay IEEE-CIS records in time order and publish each transaction as a JSON event into Azure Event Hubs.

2) Consumer microservice (real-time scoring)

Consume events from Event Hubs, validate and preprocess the message, engineer features, compute an anomaly score, update drift detection, and write results to Azure SQL.

3) Drift handling (auto adaptation)

When drift is detected, the microservice triggers the adaptation policy: recalibrate alert threshold (e.g., rolling percentile of recent scores) and reset the anomaly model. Drift events and updated thresholds are persisted for visibility.

4) Dashboard

Streamlit dashboard queries Azure SQL to visualize anomaly score trends, alert events, drift markers, and system statistics.

Evaluation plan (planned)

  • Alert quality: Compare alerts against IEEE-CIS labels offline (e.g., Precision@K, alert hit-rate).
  • Operational metrics: End-to-end latency, throughput, alert rate stability.
  • Drift impact: Measure alert behavior before/after drift events.

Media

Risk-X system architecture diagram
End-to-end architecture: replay → Event Hubs → scoring + drift detection → adaptation → Azure SQL → Streamlit dashboard.
Microservice flowchart (PDF). If it doesn’t render, open it here.