Integrated trust contour in web applications based on graph risk assessment and immutable decision logging

Abstract

Violations of trust and integrity in web applications often arise at the boundary between data input and the execution of functional tasks, when malicious or anomalous input from a web form or API is transformed into actions within business logic and transactional processes. This paper treats such episodes as a unified event stream and proposes an integrated trust contour that combines contextual risk assessment on an interaction graph with verifiable recording of outcomes in an immutable log. Risk is assessed by a graph-based model that captures event relationships within a sliding time window among the actor (user or service), session, device, and aggregated network signals. To reconcile heterogeneous sources, we employ a unified event representation and a common feature engineering approach: for web forms, this includes semantic, structural, and temporal characteristics; for transactions, it involves an explainable composite risk score aggregating the effects of amount, time, geospatial deviations, and payment instrument type. Verifiability of decisions is ensured through event normalization, hashing, and digital signing by the logging service prior to recording a minimally sufficient set of attributes in an immutable journal, namely event hashes, identifiers, model version checksums, response policy parameters, and final risk scores. This approach enables the detection of history tampering and supports the reconstruction of decision rationale within the scope of the recorded data, which is particularly valuable for auditing and incident investigation in web environments.

Keywords: web security, graph neural networks, spam detection, immutable log, audit, model versioning, software, architecture.