Risk-X: Real-Time Risk Intelligence (Graduate Project)

Risk-X Thumbnail

Status: In Progress 🚧
Risk-X is a cloud-native streaming system for real-time transaction risk monitoring. It scores each incoming transaction for anomalies, detects concept drift in behavior patterns, and automatically adapts by recalibrating alert thresholds and resetting the anomaly model when drift is detected.

Project Sections

Overview

Traditional fraud and risk systems often rely on batch processing and periodic retraining, which can lag behind rapidly changing user behavior and evolving fraud tactics. Risk-X addresses this by using a streaming pipeline on Microsoft Azure to process events in real time, detect anomalies immediately, and respond to drift (distribution changes) so alerting remains stable and meaningful.

Key Goals

  • Stream transactions in real time and assign an anomaly risk score per event.
  • Detect drift in the score stream and/or key feature statistics.
  • Apply an adaptation policy: reset anomaly model + recalibrate alert thresholds.
  • Persist results for auditability and analysis.
  • Provide a live dashboard for anomaly trends, alerts, and drift markers.

Confirmed Design Decisions

  • Dataset: IEEE-CIS Fraud Detection (replayed as a transaction stream)
  • Ingestion: Azure Event Hubs
  • Compute: Consumer microservice deployed on Azure Container Apps
  • Modeling: Online anomaly detection using River
  • Drift Detection: ADWIN / Page-Hinkley
  • Adaptation Policy: Reset model + recalibrate threshold
  • Storage: Azure SQL Database
  • Dashboard: Streamlit deployed on Azure Container Apps
  • Monitoring: Azure Monitor (and logs/metrics from services)
  • Explainability: Rule-based "reason codes"

Project Workflow

  • 1) Data Replay / Producer

    Replay IEEE-CIS records in time order and publish each transaction as a JSON event into Azure Event Hubs.

  • 2) Consumer Microservice (Real-Time Scoring)

    Consume events from Event Hubs, validate and preprocess the message, engineer features, compute an anomaly score, update drift detection, and write results to Azure SQL.

  • 3) Drift Handling (Auto Adaptation)

    When drift is detected, the microservice triggers the adaptation policy: recalibrate alert threshold (e.g., rolling percentile of recent scores) and reset the anomaly model. Drift events and updated thresholds are persisted for visibility.

  • 4) Dashboard

    Streamlit dashboard queries Azure SQL to visualize anomaly score trends, alert events, drift markers, and system statistics.

Evaluation Plan (Planned)

  • Alert Quality: Compare alerts against IEEE-CIS labels offline (e.g., Precision@K, alert hit-rate).
  • Operational Metrics: End-to-end latency, throughput, alert rate stability.
  • Drift Impact: Measure alert behavior before/after drift events; verify recalibration prevents alert spam or silence.

Technologies Used

Cloud: Azure Event Hubs, Azure Container Apps, Azure SQL, Azure Monitor

Programming: Python

Streaming + ML: River (online anomaly detection + drift detection)

Dashboard: Streamlit

Progress Tracker

  • Completed: Architecture design + microservice flowchart
  • In Progress: Data replay producer (IEEE-CIS → Event Hubs)
  • In Progress: Consumer microservice skeleton (consume → score → drift → persist)
  • Planned: Azure SQL schema + ingestion tables (transactions_scored, drift_events)
  • Planned: Streamlit dashboard MVP
  • Planned: Monitoring + evaluation scripts

Project Media

Images

System Architecture Diagram

This diagram shows the end-to-end architecture of Risk-X, a real-time risk monitoring pipeline. The IEEE-CIS dataset is replayed by an event producer that publishes transaction events to Azure Event Hubs. A consumer microservice running on Azure Container Apps ingests the stream, performs online anomaly detection, runs drift detection (ADWIN/Page-Hinkley), and applies an adaptation policy (model reset + threshold recalibration) when drift is detected. All scores, alerts, and drift events are stored in an Azure SQL Database, which powers a Streamlit dashboard for visualization, while Azure Monitor tracks logs and operational metrics.

This diagram illustrates the detailed microservice architecture and data flow within the Consumer component. It shows how incoming transaction events are validated, preprocessed, and fed through the feature engineering pipeline. The anomaly detection model (powered by River) generates risk scores in real-time, which are then monitored by drift detection algorithms (ADWIN/Page-Hinkley). When drift is detected, the system automatically triggers the adaptation policy to reset the model and recalibrate alert thresholds, ensuring the system remains responsive to changing patterns while maintaining alert quality and stability.

Repository Link

Repository (will be updated as development progresses): GitHub - Risk-X