惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Vercel News
Vercel News
The GitHub Blog
The GitHub Blog
博客园 - 【当耐特】
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Recent Announcements
Recent Announcements
D
Docker
GbyAI
GbyAI
酷 壳 – CoolShell
酷 壳 – CoolShell
WordPress大学
WordPress大学
The Cloudflare Blog
雷峰网
雷峰网
A
About on SuperTechFans
小众软件
小众软件
博客园 - Franky
博客园 - 聂微东
F
Full Disclosure
大猫的无限游戏
大猫的无限游戏
C
Check Point Blog
MongoDB | Blog
MongoDB | Blog
G
Google Developers Blog
Microsoft Azure Blog
Microsoft Azure Blog
U
Unit 42
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
V
V2EX
Engineering at Meta
Engineering at Meta
宝玉的分享
宝玉的分享
aimingoo的专栏
aimingoo的专栏
量子位
P
Proofpoint News Feed
Hugging Face - Blog
Hugging Face - Blog
博客园_首页
罗磊的独立博客
Martin Fowler
Martin Fowler
D
DataBreaches.Net
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
S
Secure Thoughts
Project Zero
Project Zero
L
LangChain Blog
阮一峰的网络日志
阮一峰的网络日志
C
Cybersecurity and Infrastructure Security Agency CISA
T
Tailwind CSS Blog
S
Schneier on Security
Blog — PlanetScale
Blog — PlanetScale
The Hacker News
The Hacker News
Spread Privacy
Spread Privacy
Security Latest
Security Latest
NISL@THU
NISL@THU
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
C
CXSECURITY Database RSS Feed - CXSecurity.com
J
Java Code Geeks

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
TwinShield: How We Built a Living Fraud Detection System with Digital Twins and MongoDB
Akshaj Sri · 2026-04-27 · via DEV Community

Authors: Tupurani Sree Rama Akshaj,Bhuvanesh Naidu, Aakash Samudrala, Chandravadan Rao

What TwinShield Actually Is
The core idea behind TwinShield is that fraud doesn't happen in isolation. A single suspicious transaction tells you something, but what tells you much more is how different that transaction is from everything that user has ever done before.
That's what the Digital Twin layer does. Every user in the system has a living document — a profile that tracks their average transaction amount, the devices they typically use, the locations they transact from, their total history, their anomaly count, and a rolling risk score. Every time a new transaction comes in, that document updates itself.
So when the AI engine flags something as suspicious, you're not just getting a score in isolation. You're getting a verdict that's being compared against a continuously evolving baseline of who that user actually is.
That framing — a digital twin of a bank user — is what made MongoDB the right call. A twin isn't a set of rows across four tables. It's one coherent thing that you read and write as a unit.

The Two Collections That Run Everything
We kept the data model simple on purpose. Two collections: transactions and user_profiles.
transactions is pretty much what it sounds like. Every financial event that comes through the system lands here as one document — the user ID, the amount, the timestamp, the device, whether that device is trusted, the location, the IP. Once the AI engine finishes scoring it, we also write the anomaly score, the risk level (LOW, MEDIUM, or HIGH), and a boolean flag for whether it's been classified as an anomaly.
Everything in one place. No joins to run when the dashboard needs to pull recent anomalies.

user_profiles is where the actual Digital Twin lives. This document is never static — it rebuilds itself after every transaction:

The rolling average calculation in TransactionService runs after every transaction and writes the updated values back. The twin just... keeps learning.

Why This Wouldn't Have Worked as Well in a Relational DB
Take typicalDevices and typicalLocations. In MySQL, those would have needed their own lookup tables. Every time we wanted to check whether a user's current device is in their known-device list, we'd be running a join. Every time we wanted to update that list, we'd be touching a separate table.
In MongoDB, they're just arrays in the same document. We read them, check if the current device is in there, and update the list — in the same operation, touching one document.

That simplicity adds up fast when you're doing this for every transaction, in real time.
And then there's the schema flexibility thing. Midway through development we decided to add peakAnomalyScore to the user profile. In MongoDB, we added the field and started writing to it. Old documents just returned null for that field until they got their next update. No migration script, no ALTER TABLE, no downtime, no drama. That happened a couple more times over the course of the project. Each time: zero overhead.

The Spring Data Repository Layer
Because we used Spring Data MongoDB rather than JPA or Hibernate, the repository layer stayed very clean.
Spring Data just translates those method names into MongoDB queries. There's no query language to maintain separately, no XML mapping, no annotation soup. It reads almost like pseudocode, which made the backend much easier to reason about.

The AI Engine: Isolation Forest
For anomaly detection, we went with Isolation Forest from scikit-learn, running inside a Python Flask service that the Spring Boot backend calls over HTTP.
The intuition behind Isolation Forest is pretty elegant: if you randomly partition a dataset over and over, anomalous data points — the rare, structurally weird ones — get isolated from the rest faster than normal ones. The model measures how quickly each point gets cut off, and that isolation speed becomes its anomaly score.
For fraud detection specifically, this is a good fit. Fraud is by definition the outlier — the transaction that doesn't look like anything else in the user's history.

The Six Features We Feed It
We don't pass raw transaction data to the model. We engineer six features first:

The raw score from the model gets normalized to 0–1. Above 0.65 becomes MEDIUM risk. Above 0.80 is HIGH.
At startup, the model pre-trains on 600 synthetic normal transactions so it has a baseline before any real data comes in. After that, you can retrain it through the /train endpoint as real transactions accumulate.

The Fallback: Because Things Break
One thing we were pretty deliberate about is that the Flask AI service is a separate process. If it goes down, we didn't want the whole system to fail.
So inside the Spring Boot backend, we built a Java-based rule engine as a fallback:

When the AI call fails, the backend catches the exception and routes through this instead. Every transaction still gets a verdict. The system degrades gracefully rather than going down.
It's not as sophisticated as the Isolation Forest model, but it covers the obvious cases and it keeps the whole thing alive under failure conditions. We'd rather have a slightly less accurate system than a broken one.

The Simulation Engine
We built a simulation engine that injects four types of attack patterns on demand:

Large night transfers — High-value transactions during unusual hours
Untrusted device attacks — Transactions from a device not in the user's history
Geo-suspicious transactions — Locations the user has never transacted from
Combined attacks — All three signals at once

Every simulated transaction runs through the exact same pipeline as a real one. AI engine scores it, MongoDB stores it, the user's Digital Twin updates. You can trigger a fraud scenario in seconds and watch the dashboard react.
This turned out to be genuinely important. When we were showing the system to people, being able to hit a button and watch it detect a combined attack in real time was far more convincing than showing static test logs. Demos matter.

The Dashboard: Eight-Second Polling
The React frontend polls the summary endpoint every eight seconds. One API call returns total transaction count, anomaly count and rate, active user count, and how many Digital Twins have crossed into high-risk territory.
For the detailed view, findByOverallRiskScoreGreaterThan(0.7) pulls all user profiles where accumulated evidence has pushed the rolling risk score into dangerous territory — users whose Digital Twin has drifted far from their normal baseline.
It's not fancy, but it's live and it's real. Watching a user's risk score climb in real time after a simulated attack sequence is oddly satisfying.

What We Actually Learned
The biggest shift was thinking about data as documents rather than rows. Once you make that switch, the Digital Twin concept clicks into place naturally. A user's behavioural profile is a coherent thing — you want to read it whole, update it whole, and query it directly. It maps to a document much better than it maps to a set of relational tables.
The schema flexibility sounds like a minor convenience until you're mid-project and you realize you need to add a field. Then it becomes one of the most valuable things about MongoDB. We weren't writing migration scripts. We were building features.
If you're working on anything that involves evolving user profiles, real-time scoring, or live behavioural modelling, the document model is worth thinking seriously about. For us, the fit between MongoDB and the Digital Twin architecture wasn't coincidental. It was the right tool for what we were actually trying to build.

What's Next
Replacing the polling dashboard with MongoDB Aggregation Pipelines for server-side time-series fraud trends
Exploring Atlas Vector Search for semantic similarity queries across past transactions
A scheduled retraining pipeline that pulls fresh MongoDB data and updates the Isolation Forest model automatically

Special Thanks
A huge thank you to our mentor @chanda_rajkumar for the guidance, the critical feedback, and for pushing us to think more carefully about the architecture at every stage. This project is significantly better because of his involvement.

Resources
GitHub: https://github.com/SriAkshaj-720/TwinShieldV2.git
Spring Data MongoDB: docs.spring.io/spring-data/mongodb
Isolation Forest (scikit-learn): scikit-learn.org
MongoDB Atlas: mongodb.com/atlas
Youtube Link:-