contexa-core contexa-identity hcad

HCAD Early Threat Detection

HCAD (Host & Context Anomaly Detection) collects behavioural signals from authenticated HTTP requests, scores them, and starts the asynchronous AI analysis pipeline before the request ever reaches a protected resource (@Protectable). HCAD itself never blocks or challenges — it only decides whether the LLM pipeline should start analysing early.

Overview

HCAD early threat detection runs before controllers or @Protectable methods are reached by having HCADFilterConfigurer insert HCADFilter before Spring Security's AuthorizationFilter. The current configurer order is SecurityConfigurer.HIGHEST_PRECEDENCE + 115, followed by AuthenticatedPendingAnomalyTriggerFilter at HIGHEST_PRECEDENCE + 116. HCAD is not a final risk decision engine. It is an early gate that decides whether an authenticated request is worth sending to the LLM analysis path before a protected resource is reached.

Design principle. HCAD always lets requests through (fail-open) and never blocks or challenges on its own. The default pre-trigger mode is SHADOW: a candidate can start LLM analysis, but runtime side effects are suppressed at the event boundary. Enforced actions are still owned by the normal Zero Trust decision path.

From request arrival to decision

Stage 1
HTTP request
Authenticated session enters the filter chain
Stage 2
HCADFilter
Collects signals. Never blocks.
Stage 3
Signal scoring
Trusted projection → early-analysis score
Stage 4
Early analysis
Records an evaluation row and qualifies the candidate
Stage 5
LLM pipeline
Runs once through the shared trigger coordinator

When analysis begins

Without HCAD early detection, AI analysis begins only when a protected resource is reached. With HCAD enabled, requests that already carry strong anomaly signals get their analysis scheduled at the filter stage — before any controller code runs.

Baseline path (no early detection)
Auth
Filter
Waiting for controller
LLM
Enforce
Authentication Filter chain Idle wait LLM analysis
With HCAD early detection
Auth
HCAD
LLM analysis (early)
Enforce
Authentication HCAD collection Early analysis Enforcement

Trusted fast context projection

HCAD scoring is now based on TrustedHcadContextProjection, created by TrustedHcadContextProjectionFactory. Only fields with TRUSTED_SERVER, BRIDGE_VERIFIED, or STORE_DERIVED provenance can influence pre-trigger scoring. Client-provided simulation headers, official-inspection override slots, RAG/vector/MCP data, and external threat-pack inputs are excluded from the hot-path decision.

Trust boundary. HCAD does not score arbitrary request headers such as resource sensitivity or business impact. If a value cannot be traced to trusted server state, a verified bridge, or a store-derived baseline/history, it is ignored before the LLM trigger.
ID
Request identity
  • userId · sessionId
  • requestPath · httpMethod
  • remoteIp
GEO
Time & geography
  • clientIp
  • impossibleTravel
  • trusted server time
CTX
Context binding
  • contextBindingHash
  • tenantId
  • organizationId
AUTH
Authentication
  • authenticationMethod
  • failedLoginAttempts
  • hasValidMFA
BHV
Behaviour pattern
  • requestBurst
  • rapidSequence
  • previousPath
BL
Normal-behaviour baseline
  • baselineConfidence
  • baselineEstablished
  • STORE_DERIVED source
RES
Resource binding
  • normalizedPath
  • httpMethod
  • verificationRequired
AUTHZ
Authorization bridge
  • authorizationPolicyId
  • authorizationPrivileged
  • recentPermissionChanges
EXCL
Excluded inputs
  • RAG / vector / MCP
  • simulation headers
  • client risk overrides

Signal weight model

Signals fall into two classes. Anchor signals are heavy enough that a single anchor can push the request into the early-analysis path. Corroborating signals carry meaning only when several accumulate. The final rule is "at least one anchor AND total ≥ 70".

Anchor signals

AIMPOSSIBLE_TRAVEL
45
AAUTH_CONTEXT_INCONSISTENT
40
AFAILED_LOGIN_BURST
30
ANEW_DEVICE
25

Corroborating signals

CSENSITIVE_SURFACE
20
CREQUEST_BURST
10
CRAPID_SEQUENCE
10
CPREVIOUS_PATH_JUMP
10
CBASELINE_UNCERTAIN
5

Risk score bands

The aggregated score on a 0–100 scale is classified into four bands. Early analysis kicks in once the request enters the RED band and an anchor signal is present.

LOW MEDIUM HIGH REDLINE
0 25 50 75 100
Band Score range Meaning Triggers early analysis
LOW 0 – 29 Normal No
MEDIUM 30 – 49 Mild anomaly No
HIGH 50 – 69 Worth watching No (existing path handles it)
REDLINE 70 – 100 Inspect now Yes, provided an anchor signal is present
Other thresholds. contexa.hcad.high-risk-score = 50, contexa.hcad.medium-risk-score = 30, contexa.hcad.low-baseline-confidence-threshold = 0.35. When a user's normal-behaviour baseline confidence is below 0.35, the corroborating signal BASELINE_UNCERTAIN is added automatically.

Assessment record structure

The scorer output is stored in an immutable record — HcadPreProtectablePromotionAssessment — and attached to HTTP request attributes for the pending-anomaly trigger chain. Candidate, trigger, duplicate, and LLM-outcome state is persisted separately in hcad_detection_evaluation. The runtime audit log keeps only summary trace data; monitoring statistics are computed from the dedicated evaluation table.

score
Integer from 0 to 100. Sum of all signal weights
band
One of LOW · MEDIUM · HIGH · REDLINE
eligible
Whether the request qualifies for early analysis (true/false)
anchorSignals
Set of detected anchor signal enums
corroboratingSignals
Set of detected corroborating signal enums
reasonCodes
Array of reason codes. Used for operator explanations
summary
One-line summary string
evaluationVersion
Scorer version. Enables reproducible comparison across model updates
rawSignalSnapshot
Snapshot of raw signal values. Used by verifiers for replay

Trusted projection assessment and evaluation persistence

Example code illustrating the current hot-path shape before a request reaches the protected controller:

// Simplified from HCADFilter.
// 1. Build a canonical fast projection from trusted sources only
TrustedHcadContextProjection projection =
        trustedProjectionFactory.project(request, authentication);

// 2. Score only trusted fields; ignoredInputs are kept for explanation, not scoring
HcadPreProtectablePromotionAssessment assessment =
        hcadPreProtectablePromotionScorer.score(projection);

// 3. Attach the assessment to request attributes for the trigger chain
HcadPreProtectablePromotionRequestProjector.project(
        request,
        assessment,
        hcadProperties.getPreTrigger().effectiveMode());

// 4. The orchestrator persists hcad_detection_evaluation and coordinates LLM dedup
if (assessment.eligible()) {
    pendingAnomalyTriggerOrchestrator.maybeTrigger(request, authentication);
}

Early-analysis trigger chain

Placed right after the HCAD filter, AuthenticatedPendingAnomalyTriggerFilter publishes an event only when a request passes the sequential gates below. Any gate can stop the flow independently — the original request path is never affected. HCAD and @Protectable triggers share an idempotency key so the same request does not produce duplicate LLM analysis.

1
Eligibility
Authenticated · action = PENDING_ANALYSIS · assessment present
2
Evidence
Explanation fields complete. Produces evidence report
3
Dedup
Suppresses repeated candidates with the same request/context signature
4
Trigger coordinator
Merges HCAD and @Protectable triggers into one LLM analysis lease
5
Publish
Emits the early-analysis event and records trigger state
Responsible components. PendingAnomalyEligibilityGate (1), PendingAnomalyEvidenceCheckService (2), HcadLlmTriggerCoordinator and AnalysisTriggerStateRepository (3 & 4), PendingAnomalyEventTriggerService (5). Requests passing all gates are forwarded to ZeroTrustEventPublisher.publishPreProtectableThreat().

Normal-behaviour baseline learning

Before HCAD can decide what is abnormal for a user, it has to learn what is normal. BaselineLearningService observes high-trust requests and incrementally updates two baselines — one per user, one per cohort — across IP ranges, access hours, paths, User-Agents, operating systems, and authentication methods.

Learning mechanics

Exponential Moving Average (EMA)

  • newTrust = α·current + (1-α)·old
  • Weights recent observations more
  • Absorbs gradual drift naturally

Least-Frequently-Used eviction

  • IP · path · UA · OS sets
  • Drops the least-frequent element first
  • Keeps set sizes bounded

Personal baseline

  • Activates after 10+ samples
  • Confidence tier rises gradually
  • Stored per user

Organisational baseline

  • Fallback when personal data is absent
  • Cohort-level statistics
  • Protects brand-new users

Event payload fields

Requests that clear all five gates are published as PRE_PROTECTABLE_REDLINE events and then consumed by the existing asynchronous LLM pipeline and audit system. The payload contract carries every judgement input, so the same structure can later be reused by external verifier scenarios.

Field Type Description
hcadEvaluationId string Primary evaluation identifier persisted in hcad_detection_evaluation
hcadMode enum OBSERVE, SHADOW, or ENFORCE; default is SHADOW
decisionBoundaryMode enum Set to SHADOW for HCAD shadow candidates so enforcement side effects are skipped
hcadEscalationScore integer Risk score between 0 and 100
hcadEscalationBand enum LOW · MEDIUM · HIGH · REDLINE
hcadEscalationEligible boolean Whether early analysis fired
hcadEscalationReasons string[] Reason codes for each detected signal
hcadEscalationSummary string One-line summary for operator alerts
hcadEscalationVersion string Scorer version — ensures reproducibility
rawSignalSnapshot object Raw signal values for verifier replay
duplicateSuppressed boolean True when the coordinator suppresses a duplicate HCAD/@Protectable trigger
action enum Always PENDING_ANALYSIS. Enforcement action is decided by the LLM pipeline later

Infrastructure modes & wiring

HCAD's session metadata, request counters, and device records live in a storage layer that swaps implementations based on the infrastructure mode. Both implementations satisfy the same HCADDataStore contract, so application code is unaffected.

STANDALONE

Default mode for development and testing. All state lives in-process.

InMemoryHCADDataStore
  • Backed by ConcurrentHashMap
  • TreeMap 5-minute request window
  • Zero external dependencies

DISTRIBUTED

Multi-instance deployments. State is shared through Redis.

RedisHCADDataStore
  • Hash · Set · Sorted Set structures
  • Session TTL 24 h · device TTL 30 d
  • Consistent judgement across all instances

Wiring points

HCADFilterConfigurer
Inserts HCADFilter before Spring Security's AuthorizationFilter (configurer order=HIGHEST_PRECEDENCE + 115)
PendingAnomalyTriggerConfigurer
Places the trigger filter immediately after HCADFilter
CoreHCADAutoConfiguration
Registers projection, scorer, evaluation writer, data store, and trigger coordination beans
IdentitySecurityCoreAutoConfiguration
Integrates the HCAD path with the rest of the identity filter chain

Shadow monitoring and qualification

HCAD pre-trigger evaluation is observable through the IAM admin page /contexa/admin/security-monitor/hcad. The page reads from hcad_detection_evaluation and provides day, week, month, and year windows for candidate count, LLM trigger count, precision, false positives, observable false negatives, unknown ratio, average LLM latency, duplicate suppression, signal performance, resource performance, user/session repeats, and estimated wasted cost.

Qualification settingDefaultMeaning
contexa.hcad.pre-trigger.qualification.shadow-min-precision0.80Minimum precision for considering shadow data meaningful
contexa.hcad.pre-trigger.qualification.limited-enforce-min-precision0.90Minimum precision before limited enforce is recommended
contexa.hcad.pre-trigger.qualification.default-enforce-min-precision0.95Minimum precision before default enforce is recommended
contexa.hcad.pre-trigger.qualification.minimum-sample-size100Minimum sample count for evaluating promotion readiness