HCAD Early Threat Detection
HCAD (Host & Context Anomaly Detection) collects behavioural signals from authenticated HTTP requests, scores them, and starts the asynchronous AI analysis pipeline before the request ever reaches a protected resource (@Protectable). HCAD itself never blocks or challenges — it only decides whether the LLM pipeline should start analysing early.
Overview
HCAD early threat detection runs before controllers or @Protectable methods are reached by having HCADFilterConfigurer insert HCADFilter before Spring Security's AuthorizationFilter. The current configurer order is SecurityConfigurer.HIGHEST_PRECEDENCE + 115, followed by AuthenticatedPendingAnomalyTriggerFilter at HIGHEST_PRECEDENCE + 116. On every request it collects nine dimensions of behavioural signals, combines them into a risk score using anchor and corroborating signal weights, and emits an early-analysis event when the score crosses redlineScore = 70 with at least one anchor signal present.
ZeroTrustActionRepository. HCAD only makes that path start earlier.
From request arrival to decision
When analysis begins
Without HCAD early detection, AI analysis begins only when a protected resource is reached. With HCAD enabled, requests that already carry strong anomaly signals get their analysis scheduled at the filter stage — before any controller code runs.
Nine behavioural signal dimensions
On every request, HCAD builds an HCADContext value object that carries nine dimensions of information: identity, session, device, geography, behaviour, authentication, resource, intent, and baseline. The same object is used by the scorer and later by the LLM pipeline as shared context.
- userId · sessionId
- requestPath · httpMethod
- remoteIp
- country · city
- latitude · longitude
- currentAccessHour
- isNewSession
- isNewDevice
- isNewUser
- authenticationMethod
- failedLoginAttempts
- hasValidMFA
- recentRequestCount (5 min)
- lastRequestInterval
- previousPath
- baselineConfidence
- updateCount
- avgTrustScore
- resourceType
- isSensitiveResource
- intentBotUserAgent
- intentMissingReferer
- toVector() — 384 dims
- toJson()
- toCompactString()
Signal weight model
Signals fall into two classes. Anchor signals are heavy enough that a single anchor can push the request into the early-analysis path. Corroborating signals carry meaning only when several accumulate. The final rule is "at least one anchor AND total ≥ 70".
Anchor signals
Corroborating signals
Risk score bands
The aggregated score on a 0–100 scale is classified into four bands. Early analysis kicks in once the request enters the RED band and an anchor signal is present.
| Band | Score range | Meaning | Triggers early analysis |
|---|---|---|---|
| LOW | 0 – 29 | Normal | No |
| MEDIUM | 30 – 49 | Mild anomaly | No |
| HIGH | 50 – 69 | Worth watching | No (existing path handles it) |
| REDLINE | 70 – 100 | Inspect now | Yes, provided an anchor signal is present |
highRiskScore = 50, mediumRiskScore = 30, lowBaselineConfidenceThreshold = 0.35. When a user's normal-behaviour baseline confidence is below 0.35, the corroborating signal BASELINE_UNCERTAIN is added automatically.
Assessment record structure
The scorer output is stored in an immutable record — HcadPreProtectablePromotionAssessment — and projected into both HCADContext.additionalAttributes and HTTP request attributes. This record is the single source of truth for every downstream explanation, audit entry, and verifier replay.
Early-analysis trigger chain
Placed right after the HCAD filter, AuthenticatedPendingAnomalyTriggerFilter publishes an event only when a request passes five sequential gates. Any gate can stop the flow independently — the original request path is never affected.
PendingAnomalyEligibilityGate (1), PendingAnomalyEvidenceCheckService (2), AnalysisTriggerStateRepository (3 & 4), PendingAnomalyEventTriggerService (5). Requests passing all five gates are forwarded to ZeroTrustEventPublisher.publishPreProtectableThreat().
Normal-behaviour baseline learning
Before HCAD can decide what is abnormal for a user, it has to learn what is normal. BaselineLearningService observes high-trust requests and incrementally updates two baselines — one per user, one per cohort — across IP ranges, access hours, paths, User-Agents, operating systems, and authentication methods.
Learning mechanics
Exponential Moving Average (EMA)
- newTrust = α·current + (1-α)·old
- Weights recent observations more
- Absorbs gradual drift naturally
Least-Frequently-Used eviction
- IP · path · UA · OS sets
- Drops the least-frequent element first
- Keeps set sizes bounded
Personal baseline
- Activates after 10+ samples
- Confidence tier rises gradually
- Stored per user
Organisational baseline
- Fallback when personal data is absent
- Cohort-level statistics
- Protects brand-new users
Event payload fields
Requests that clear all five gates are published as PRE_PROTECTABLE_REDLINE events and then consumed by the existing asynchronous LLM pipeline and audit system. The payload contract carries every judgement input, so the same structure can later be reused by external verifier scenarios.
| Field | Type | Description |
|---|---|---|
hcadEscalationScore |
integer | Risk score between 0 and 100 |
hcadEscalationBand |
enum | LOW · MEDIUM · HIGH · REDLINE |
hcadEscalationEligible |
boolean | Whether early analysis fired |
hcadEscalationReasons |
string[] | Reason codes for each detected signal |
hcadEscalationSummary |
string | One-line summary for operator alerts |
hcadEscalationVersion |
string | Scorer version — ensures reproducibility |
rawSignalSnapshot |
object | Raw signal values for verifier replay |
action |
enum | Always PENDING_ANALYSIS. Enforcement action is decided by the LLM pipeline later |
Infrastructure modes & wiring
HCAD's session metadata, request counters, and device records live in a storage layer that swaps implementations based on the infrastructure mode. Both implementations satisfy the same HCADDataStore contract, so application code is unaffected.
STANDALONE
Default mode for development and testing. All state lives in-process.
InMemoryHCADDataStore
- Backed by
ConcurrentHashMap TreeMap5-minute request window- Zero external dependencies
DISTRIBUTED
Multi-instance deployments. State is shared through Redis.
RedisHCADDataStore
- Hash · Set · Sorted Set structures
- Session TTL 24 h · device TTL 30 d
- Consistent judgement across all instances
Wiring points
HCADFilter before Spring Security's AuthorizationFilter (configurer order=HIGHEST_PRECEDENCE + 115)