Algorithms

Bayesian Adaptive Authentication?

Good afternoon
At the university, as a term paper, they suggested making adaptive authentication. for example, detect anomalous login procedures from an unusual ip address, geo location, browser, time, etc.
I decided to do this using the Bayesian method, but apparently I’m not doing the feature exctaction correctly, because according to the formula it turns out like this: total user records in the system - 11
honest user logs in for example with ip 195.10.1.2, user agent: Chrome, Country: Belarus entries for this user with this ip - 10, with user agent - 10, with geo - 10, total logins - 10, (10/10 * 10/10 * 10/10 * 10/11) = 0.9090909091
the attacker logged in from 195.10.34.123, user agent: Chrome, Country: Belarus records for this user with this ip - 1, with user agent - 10, with geo - 10, total logins - 1, (10/1 * 1/1 * 1/1 * 1/11) = 9.090909091
i.e. an attacker, due to the fact that he has the same user agent and only 1 entry in the system - a more honest user,
what am I doing wrong?