In nevisDetect, two different kind of data are historized:
- User history data The temporal evolution of all plug-in risk scores and normalized risk scores per single user.
- Risk score history data The temporal evolution of the plug-in risk scores and the normalized risk scores for all users.
User history data
User history data serves two requirements:
- Forensic: In case of a fraudulent user request, it is useful to analyze the risk scores of this user in the past.
- Training phase: Sometimes, the risk scores of a user are not decreasing during the training phase. It is important to identify such a user and analyze its risk score history.
User history data is displayed as a time series.
Risk score history data
We use risk score history data to get an overview of the overall distribution of the plug-in risk scores. The configuration of the normalization and the policy takes place on the basis of this overview.
It is possible to configure a sliding window for each kind of history data.
In a typical setup, the size of the sliding window for both histories is different:
- For user history data, it is sufficient to have a sliding window in the order of thousand requests or a few weeks. (The settingrequestsKeepDays defines the number of days a request is kept)
- For risk score history data, you may need a larger sliding window in the orders of months, configured in days. The consumed table space is only influenced by that number of days, not by the number of requests. (The setting timeslotsKeepDays defines the number of days the aggregated request data is stored (day, number of request for specific fingerprint)).