Adaptive Anomaly & Threat Detection Platform

A unified behavioral & anomaly detection layer for modern APIs, microservices, and on‑chain ecosystems. Hafeniq learns real usage patterns, flags deviations early, and tailors detections for Web2 SaaS, Web3 protocols, DeFi flows, and hybrid infrastructures.

Behavior‑native: temporal + relational modeling across users, keys, contracts, wallets, services.
Multi‑surface: API abuse, fraud indicators, governance manipulation, smart‑contract interaction drift.
Web3 aware: on‑chain event semantics + off‑chain API context fused into one risk signal.
Low overhead: lightweight metadata stream; no full payload exfiltration.
Actionable: human‑readable reason codes, confidence bands, reproducible traces.

Platform Overview

Collection

Edge / gateway plugins, sidecars, or SDKs capture minimal request & interaction metadata (headers, timing, fingerprint hashes, contract call intents) — never raw secrets or full bodies.

Normalization

Unifies heterogeneous events (REST, GraphQL, JSON‑RPC, EVM logs, queue messages) into a streaming feature space with adaptive schemas.

Detection Engine

Hybrid ensemble: sequence anomaly models (temporal), graph link consistency (entity correlation), statistical drift monitors, intent clustering & signature heuristics.

Decision & Policy

Risk score + reason codes → local or SaaS policy: allow, throttle, challenge, quarantine, simulate, or alert only.

Tailored Web3 / DeFi Coverage

Contract Interaction Drift

Detects abnormal function call frequency, parameter entropy spikes, flash‑burst sequences, sandwiching patterns, MEV‑like clustering.

Wallet Behavior Profiling

Temporal fingerprints across dApp sessions: session reuse anomalies, sudden privilege escalation, cross‑protocol pivoting.

Bridging & Liquidity Abuse

Monitors multi‑hop fund movement & pool interaction cadence to surface laundering or draining precursors.

Governance Manipulation Signals

Spikes in proposal diffusion, coordinated voting wallet clusters, temporal anomalies in delegations.

Cross‑Domain Use Cases

API Abuse & Bots

Scraping, credential stuffing precursors, synthetic traffic farms, rate smoothing evasion.

Fraud Signals

Account takeover lateral movement, velocity / funnel manipulation, anomaly in purchase or claim patterns.

Platform Integrity

Spam creation bursts, abusive automation loops, reputation gaming & synthetic account rings.

Operational Drift

Config / version mismatch detection via behavioral fingerprints — surfaces silent regressions.

Adaptation & Models

Cold start → stable: few hours of passive learning builds baseline distributions. Active adaptation blends recent + historical windows with decay to avoid overfitting to attacks.

Explainability: every alert carries contributing feature deltas (e.g. time-gap variance ↑320%, entity fan‑out ↑5×, sequence novelty score 0.94).

Tuning: per‑route / per‑contract sensitivity, risk threshold simulation mode, suppression rules for known migrations or backfills.

Deployment Options

Sidecar / Container

Drop alongside your API stack (NGINX / Envoy) forwarding only hashed feature vectors.

Gateway Plugin

Lightweight Lua / WASM plugin for latency‑sensitive edges.

On‑Chain Event Ingest

Direct subscription or indexer integration for contract logs enriched with off‑chain context.

Hybrid Mode

Local scoring for high‑frequency paths + SaaS async enrichment for deep anomaly analytics.

Privacy & Governance

Default: metadata & derived features only (no raw payloads, no private keys). Optional field hashing / redaction, deterministic pseudonymization, regional processing, mTLS / HMAC auth. Data retention windows configurable; raw stream ephemeral by default.

See a Tailored Demo

Show us a representative slice (API routes, contract set, traffic sample) — we map baseline & surface early anomalies in under a day.

Request a tailored anomaly demo