Risk plug-ins and detection technologies
Within the context of nevisDetect, a Risk plug-in serves as an adapter for a particular detection technology. The Risk plug-in extracts and converts the relevant information from the HTTP request data and calls the remote service that represents the detection technology.
Detection technologies usually work with profiles or the like that they create per user (ID). Such a profile is based on (request) data gathered for a specific user. Which data is used and how such a profile looks like depends on the detection technology. Each time the plug-in sends request data to the detection service, the service compares this data with the relevant user's profile. The degree in which request data matches the profile says something about the risk of the HTTP request: In general, the more the request data matches the profile, the lower the risk.
In the context of nevisDetect, the term risk always refers to the risk that someone other than the legitimate user has executed the HTTP request.
The detection service sends the result of the comparison to the plug-in, which maps the result onto a plug-in risk score. The Risk plug-in then forwards a result list containing the following elements
- The plug-in risk score: a numerical value between 0.0 and 1.0.
- The confidence number for the plug-in risk score: a numerical value between 0.0 and 1.0.
- The trained flag: a Boolean flag, which specifies whether the user is considered as trained or untrained by the detection technology.