{"id":19637174,"url":"https://github.com/kenych/fraud-detector","last_synced_at":"2025-11-21T05:04:20.193Z","repository":{"id":198655828,"uuid":"87427609","full_name":"kenych/fraud-detector","owner":"kenych","description":"The application is fed with authentication log record which contains IP address, datetime, authentication result(OK or FAIL) and username. The sole reason of this application is to practice and demonstrate in-memory cache, concurrency features and how to test concurrent application in java.","archived":false,"fork":false,"pushed_at":"2017-07-23T13:43:31.000Z","size":23,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-02-26T21:46:28.137Z","etag":null,"topics":["concurrency","data-structures","in-memory-caching","java","java8"],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kenych.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2017-04-06T12:36:16.000Z","updated_at":"2017-11-03T15:58:23.000Z","dependencies_parsed_at":null,"dependency_job_id":"20389d5c-32ad-47a1-a766-75460011a597","html_url":"https://github.com/kenych/fraud-detector","commit_stats":null,"previous_names":["kenych/fraud-detector"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/kenych/fraud-detector","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kenych%2Ffraud-detector","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kenych%2Ffraud-detector/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kenych%2Ffraud-detector/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kenych%2Ffraud-detector/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kenych","download_url":"https://codeload.github.com/kenych/fraud-detector/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kenych%2Ffraud-detector/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":285560043,"owners_count":27192467,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-11-21T02:00:06.175Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["concurrency","data-structures","in-memory-caching","java","java8"],"created_at":"2024-11-11T12:33:32.414Z","updated_at":"2025-11-21T05:04:20.178Z","avatar_url":"https://github.com/kenych.png","language":"Java","readme":"**Fraud detection system**\n\nThe application is fed with authentication log record which contains IP address, datetime, authentication result(OK or FAIL) and username.\nIt should detect fraud IP address based on certain strategies.\n\nCurrent fraud strategies:\n1) LoginAttemptsWithinSecondsLimitPolicy - This will detect an IP address which attempted a failed login 5 or more times within a 5 minute period.\n2) BlackListedIpPolicy is just using blacklisted IP address\n\nIt is obviously an artificial problem and not intended to be used in production.\nThe sole reason of this application is to practice and demonstrate **in-memory cache**, **concurrency** features and how to **test concurrent application** in java.\n\n**Libraries used**\nIn-memory cache is implemented using [DelayedQueue](https://docs.oracle.com/javase/7/docs/api/java/util/concurrent/DelayQueue.html)\nwhich is queue of DelayedCleanUpJob instances to keep track of IP addresses, and remove it when it is expired automatically.\n \n\n**Some notes about implementation.**\n\nFraudDetector delegates fraud detection to\nFraudPolicy implementations. Thus, at any time, new policy can be added without \nany change in the rest of the code.\n\nPlease note that code implemented in the multithreaded way so it should run \nunder high concurrency without problem.\n\nOn the other hand, to prevent memory leakage, as failed login attempts are saved in the internal cache,\nafter a certain configurable time, they are scheduled for deletion.\nPlease note, if IP is kept being updated with failed attempts continuously, the growing list might also potentially \nbring to memory leakage, I deliberately don't clean it, assuming once fraud is detected\nthe IP should ideally be blocked from accessing the site by adding it to blacklist and then by applying that strategy\n\nWhenever threads might clash in the race for the object access, there are locks which should take care of everything\nto go smoothly, in fact there are couple tests covering those scenarios:\nDelayedCleanUpJobTest.raceConditionWhenCleanUpThreadDoesNotRemoveIpAsFailedLoginIsBeingUpdatedByOtherThread\nand\nInMemoryCacheRepositoryTest.raceConditionWhenUpdateDoesNotHappenAtFirstTryAsOtherThreadUpdatingFailedLogin.\n\nTo demonstrate how application works I have added DemoTest.demo method which should be run manually.\nIt creates 20 threads with pseudo different IP and then every thread sends request every second for 5 times.\n     \nIn fact generated IP could be same as the one already created by other thread and this can be controlled  \nby updating randomNum with higher values to eliminate chances of duplication. On the other hand it would be nice to see what\nhappens when IPs clash, to demonstrate no dead lock or any other locking issues exist.\n     \nApproximately upon 3rd request, if all IPs are unique, detectFraud should detect fraud IP as it configured by SecondsAndAttemptsLimit.\n     \nEvery failed attempt creates a clean up job which is executed upon expiration and should delete IP from cache\nif there were no further updates for this IP after job has been created.\nEventually all IPs should be deleted from the cache once stopped being updated, thus preventing any memory leakage.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkenych%2Ffraud-detector","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkenych%2Ffraud-detector","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkenych%2Ffraud-detector/lists"}