-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathspike_detector.py
More file actions
496 lines (399 loc) · 16.4 KB
/
spike_detector.py
File metadata and controls
496 lines (399 loc) · 16.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
# -*- coding: utf-8 -*-
# spike_detector.py
"""
Spike Detector & Quarantine Manager
"Debug their bad behavior BEFORE it executes."
Detects anomalous token complexity by comparing predicted complexity
against historical patterns. Quarantines suspicious tokens for admin review.
Philosophy:
- Malicious users try huge payloads → Spike detected → Quarantined
- Accidental huge inputs → Spike detected → Data preserved for review
- Legitimate spikes → Admin can approve and replay
Features:
1. Complexity spike detection (deviation threshold)
2. Token quarantine with preserved arguments
3. JSON-based quarantine log for admin review
4. Replay system for approved tokens
5. DOS resistance through early detection
Integration:
- Called during token creation (before execution)
- Uses CodeInspector for predicted complexity
- Uses GuardHouse for historical patterns
- Blocks execution if spike detected
"""
import json
import time
import threading
from typing import Dict, List, Any, Optional
from dataclasses import dataclass, asdict
from pathlib import Path
from datetime import datetime
from .code_inspector import CodeMetrics
@dataclass
class QuarantinedToken:
"""
Record of a quarantined token.
Preserves all information needed to replay or analyze.
"""
token_id: str
method_name: str
# Complexity analysis
predicted_complexity: float
historical_avg_complexity: float
deviation_percent: float
# Preserved data
args_summary: str # Brief description
args_blob: Optional[str] # Full args (maybe huge)
kwargs_summary: str
kwargs_blob: Optional[str]
# Metadata
timestamp: float
quarantine_reason: str
operation_type: Optional[str] = None
admin_reviewed: bool = False
admin_decision: Optional[str] = None # 'approved', 'rejected', 'modified'
def to_dict(self) -> Dict:
"""Convert to dictionary for JSON serialization."""
return asdict(self)
def get_timestamp_str(self) -> str:
"""Get human-readable timestamp."""
return datetime.fromtimestamp(self.timestamp).strftime('%Y-%m-%d %H:%M:%S')
class TokenQuarantinedException(Exception):
"""Raised when a token is quarantined due to spike detection."""
pass
class SpikeDetector:
"""
Detects complexity spikes in token creation.
Compares predicted complexity against historical averages
to identify anomalous inputs.
"""
# Default thresholds
DEFAULT_SPIKE_THRESHOLD = 0.50 # 50% deviation
DEFAULT_EXTREME_THRESHOLD = 2.0 # 200% deviation (definitely malicious/accidental)
MIN_HISTORICAL_SAMPLES = 5 # Need at least 5 samples for a reliable baseline
def __init__(
self,
guard_house,
spike_threshold: float = DEFAULT_SPIKE_THRESHOLD,
extreme_threshold: float = DEFAULT_EXTREME_THRESHOLD,
min_samples: int = MIN_HISTORICAL_SAMPLES
):
"""
Initialize spike detector.
Args:
guard_house: GuardHouse instance for historical data
spike_threshold: Deviation % to trigger warning (default 50%)
extreme_threshold: Deviation % to auto-quarantine (default 200%)
min_samples: Minimum historical samples needed
"""
self.guard_house = guard_house
self.spike_threshold = spike_threshold
self.extreme_threshold = extreme_threshold
self.min_samples = min_samples
print(f"[SPIKE_DETECTOR] Initialized")
print(f" Spike threshold: {spike_threshold * 100}%")
print(f" Extreme threshold: {extreme_threshold * 100}%")
print(f" Min samples: {min_samples}")
def check_for_spike(
self,
method_name: str,
predicted_metrics: CodeMetrics
) -> tuple[bool, float, str]:
"""
Check if predicted complexity represents a spike.
Args:
method_name: Name of the method
predicted_metrics: Predicted metrics from CodeInspector
Returns:
(is_spike, deviation, reason)
"""
# Get historical reputation
reputation = self.guard_house.get_reputation(method_name)
# No historical data = can't detect spike (allow execution)
if not reputation:
return False, 0.0, "No historical data"
# Not enough samples = unreliable baseline (allow execution)
if reputation.total_attempts < self.min_samples:
return False, 0.0, f"Insufficient samples ({reputation.total_attempts}/{self.min_samples})"
# Get historical average complexity
historical_avg = getattr(reputation, 'avg_complexity_score', None)
# No complexity tracking yet (allow execution)
if historical_avg is None or historical_avg == 0.0:
return False, 0.0, "No complexity baseline"
# Calculate deviation
predicted_complexity = predicted_metrics.complexity_score
deviation = (predicted_complexity - historical_avg) / historical_avg
# Check thresholds
if deviation >= self.extreme_threshold:
reason = f"EXTREME spike: {deviation * 100:.1f}% deviation (predicted: {predicted_complexity:.1f}, avg: {historical_avg:.1f})"
return True, deviation, reason
elif deviation >= self.spike_threshold:
reason = f"Moderate spike: {deviation * 100:.1f}% deviation (predicted: {predicted_complexity:.1f}, avg: {historical_avg:.1f})"
return True, deviation, reason
# No spike detected
return False, deviation, "Within normal range"
def should_quarantine(
self,
method_name: str,
predicted_metrics: CodeMetrics,
auto_quarantine_extreme: bool = True
) -> tuple[bool, float, str]:
"""
Determine if the token should be quarantined.
Args:
method_name: Name of the method
predicted_metrics: Predicted metrics
auto_quarantine_extreme: Auto-quarantine extreme spikes
Returns:
(should_quarantine, deviation, reason)
"""
is_spike, deviation, reason = self.check_for_spike(method_name, predicted_metrics)
if not is_spike:
return False, deviation, reason
# Auto-quarantine extreme spikes
if auto_quarantine_extreme and deviation >= self.extreme_threshold:
return True, deviation, f"AUTO-QUARANTINE: {reason}"
# Moderate spikes - quarantine for review
if deviation >= self.spike_threshold:
return True, deviation, f"REVIEW REQUIRED: {reason}"
return False, deviation, reason
class QuarantineManager:
"""
Manages quarantined tokens.
Saves quarantined tokens to JSON, preserves arguments,
and provides an admin review interface.
"""
def __init__(self, quarantine_file: Path = None):
"""
Initialize quarantine manager.
Args:
quarantine_file: Path to quarantine JSON file
"""
self.quarantine_file = quarantine_file or Path("quarantine.json")
self.quarantined_tokens: List[QuarantinedToken] = []
self._lock = threading.Lock()
# Statistics
self.total_quarantined = 0
self.total_approved = 0
self.total_rejected = 0
# Load existing quarantine if exists
self._load_quarantine()
print(f"[QUARANTINE_MANAGER] Initialized")
print(f" Quarantine file: {self.quarantine_file}")
print(f" Loaded {len(self.quarantined_tokens)} quarantined tokens")
def _load_quarantine(self):
"""Load existing quarantine file."""
if not self.quarantine_file.exists():
return
try:
with open(self.quarantine_file, 'r') as f:
data = json.load(f)
for entry in data:
token = QuarantinedToken(**entry)
self.quarantined_tokens.append(token)
# Update stats
if token.admin_reviewed:
if token.admin_decision == 'approved':
self.total_approved += 1
elif token.admin_decision == 'rejected':
self.total_rejected += 1
except Exception as e:
print(f"[QUARANTINE_MANAGER] Error loading quarantine: {e}")
def _save_quarantine(self):
"""Save quarantine to JSON file."""
try:
data = [token.to_dict() for token in self.quarantined_tokens]
with open(self.quarantine_file, 'w') as f:
json.dump(data, f, indent=2)
except Exception as e:
print(f"[QUARANTINE_MANAGER] Error saving quarantine: {e}")
def quarantine_token(
self,
token_id: str,
method_name: str,
predicted_complexity: float,
historical_avg_complexity: float,
deviation_percent: float,
args: tuple[Any, ...],
kwargs: dict,
reason: str,
operation_type: Optional[str] = None
) -> QuarantinedToken:
"""
Quarantine a token.
Preserves all information for later review/replay.
Args:
token_id: Token identifier
method_name: Method name
operation_type: Operation type
predicted_complexity: Predicted complexity score
historical_avg_complexity: Historical average
deviation_percent: Deviation percentage
args: Function args (preserved)
kwargs: Function kwargs (preserved)
reason: Reason for quarantine
Returns:
QuarantinedToken instance
"""
with self._lock:
# Serialize args (handle large data carefully)
args_summary = self._summarize_args(args)
args_blob = self._serialize_args(args)
kwargs_summary = self._summarize_kwargs(kwargs)
kwargs_blob = self._serialize_kwargs(kwargs)
# Create quarantined token
quarantined = QuarantinedToken(
token_id=token_id,
method_name=method_name,
operation_type=operation_type,
predicted_complexity=predicted_complexity,
historical_avg_complexity=historical_avg_complexity,
deviation_percent=deviation_percent * 100, # Store as percentage
args_summary=args_summary,
args_blob=args_blob,
kwargs_summary=kwargs_summary,
kwargs_blob=kwargs_blob,
timestamp=time.time(),
quarantine_reason=reason
)
self.quarantined_tokens.append(quarantined)
self.total_quarantined += 1
# Save to disk
self._save_quarantine()
print(f"[QUARANTINE] Token quarantined: {token_id}")
print(f" Method: {method_name}")
print(f" Deviation: {deviation_percent * 100:.1f}%")
print(f" Reason: {reason}")
return quarantined
def _summarize_args(self, args: tuple[Any, ...],) -> str:
"""Create a brief summary of args."""
if not args:
return "No args"
summary_parts = []
for i, arg in enumerate(args):
if isinstance(arg, (list, tuple)):
summary_parts.append(f"arg{i}: {type(arg).__name__}[{len(arg)}]")
elif isinstance(arg, dict):
summary_parts.append(f"arg{i}: dict[{len(arg)}]")
elif isinstance(arg, str):
preview = arg[:50] + "..." if len(arg) > 50 else arg
summary_parts.append(f"arg{i}: '{preview}'")
else:
summary_parts.append(f"arg{i}: {type(arg).__name__}")
return ", ".join(summary_parts)
def _serialize_args(self, args: tuple[Any, ...],) -> str:
"""Serialize args to string (with size limits)."""
try:
# Try JSON serialization
serialized = json.dumps(args)
# Truncate if huge
if len(serialized) > 10000:
return serialized[:10000] + "... [TRUNCATED]"
return serialized
except:
return f"<Non-serializable: {type(args)}>"
def _summarize_kwargs(self, kwargs: dict) -> str:
"""Create brief summary of kwargs."""
if not kwargs:
return "No kwargs"
summary_parts = []
for key, value in kwargs.items():
if isinstance(value, (list, tuple)):
summary_parts.append(f"{key}: {type(value).__name__}[{len(value)}]")
elif isinstance(value, dict):
summary_parts.append(f"{key}: dict[{len(value)}]")
else:
summary_parts.append(f"{key}: {type(value).__name__}")
return ", ".join(summary_parts)
def _serialize_kwargs(self, kwargs: dict) -> str:
"""Serialize kwargs to string."""
try:
serialized = json.dumps(kwargs)
if len(serialized) > 10000:
return serialized[:10000] + "... [TRUNCATED]"
return serialized
except:
return f"<Non-serializable: {type(kwargs)}>"
def get_pending_review(self) -> List[QuarantinedToken]:
"""Get tokens pending admin review."""
with self._lock:
return [
token for token in self.quarantined_tokens
if not token.admin_reviewed
]
def approve_token(self, token_id: str) -> bool:
"""
Approve a quarantined token for replay.
Args:
token_id: Token to approve
Returns:
True if approved, False if not found
"""
with self._lock:
for token in self.quarantined_tokens:
if token.token_id == token_id:
token.admin_reviewed = True
token.admin_decision = 'approved'
self.total_approved += 1
self._save_quarantine()
print(f"[QUARANTINE] Token approved: {token_id}")
return True
return False
def reject_token(self, token_id: str) -> bool:
"""
Reject a quarantined token.
Args:
token_id: Token to reject
Returns:
True if rejected, False if not found
"""
with self._lock:
for token in self.quarantined_tokens:
if token.token_id == token_id:
token.admin_reviewed = True
token.admin_decision = 'rejected'
self.total_rejected += 1
self._save_quarantine()
print(f"[QUARANTINE] Token rejected: {token_id}")
return True
return False
def print_quarantine_report(self):
"""Print human-readable quarantine report."""
with self._lock:
print()
print("=" * 70)
print("QUARANTINE MANAGER - ADMIN REVIEW DASHBOARD")
print("=" * 70)
print()
print(f"Statistics:")
print(f" Total quarantined: {self.total_quarantined}")
print(f" Approved: {self.total_approved}")
print(f" Rejected: {self.total_rejected}")
print(f" Pending review: {len(self.get_pending_review())}")
print()
# Pending review
pending = self.get_pending_review()
if pending:
print("PENDING REVIEW:")
for token in pending[:10]: # Show top 10
print(f" ├─ {token.token_id}")
print(f" │ Method: {token.method_name}")
print(f" │ Deviation: {token.deviation_percent:.1f}%")
print(f" │ Time: {token.get_timestamp_str()}")
print(f" │ Args: {token.args_summary}")
print(f" │ Reason: {token.quarantine_reason}")
print(f" │")
if len(pending) > 10:
print(f" └─ ... and {len(pending) - 10} more")
print()
print("=" * 70)
def get_stats(self) -> Dict:
"""Get quarantine statistics."""
with self._lock:
return {
'total_quarantined': self.total_quarantined,
'total_approved': self.total_approved,
'total_rejected': self.total_rejected,
'pending_review': len(self.get_pending_review()),
'quarantine_file': str(self.quarantine_file)
}