leukquant 0.1.0__tar.gz

leukquant-0.1.0/PKG-INFO

@@ -0,0 +1,99 @@
+Metadata-Version: 2.4
+Name: leukquant
+Version: 0.1.0
+Summary: Fully Local, Decentralized Threat Defense
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+Requires-Dist: onnxruntime>=1.16.0
+Requires-Dist: numpy>=1.24.0
+Requires-Dist: psutil>=5.9.0
+Requires-Dist: cryptography>=41.0.0
+Requires-Dist: pyyaml>=6.0.1
+Requires-Dist: click>=8.1.7
+Requires-Dist: rich>=13.7.0
+Requires-Dist: watchdog>=3.0.0
+Requires-Dist: scikit-learn>=1.3.2
+Requires-Dist: skl2onnx>=1.16.0
+Provides-Extra: pqc
+Requires-Dist: liboqs-python>=0.8.0; extra == "pqc"
+Provides-Extra: ember
+Requires-Dist: ember; extra == "ember"
+Requires-Dist: lief; extra == "ember"
+Provides-Extra: kaggle
+Requires-Dist: kaggle; extra == "kaggle"
+Provides-Extra: dev
+Requires-Dist: pytest>=7.4.0; extra == "dev"
+Requires-Dist: pytest-cov>=4.1.0; extra == "dev"
+
+# Leukquant — Fully Local, Decentralized Threat Defense
+
+> **Zero cloud. Zero trust in corporations. Zero single point of failure.**
+
+## Overview
+
+Leukquant is a fully local, decentralized threat defense system. It uses on-device AI for malware classification, a behavior profiler for anomaly detection, and post-quantum cryptography for file encryption.
+
+*Note: The blockchain threat ledger is currently disabled in this version. We use datasets like EMBER, VirusShare, and Kaggle Malware datasets for local AI scanning.*
+
+## Features
+
+1. **Local AI Scanning**: On-device malware classification using ONNX models. No telemetry. No cloud calls.
+2. **Behavior Profiler**: Learns normal patterns over a 14-day baseline and flags deviations.
+3. **Post-Quantum Crypto Vault**: Encrypts files with NIST PQC standards (ML-KEM, ML-DSA, SLH-DSA).
+4. **Offline Mode**: Built for machines that never touch the internet.
+
+## Installation
+
+```bash
+pip install -r requirements.txt
+```
+
+## Usage
+
+### 1. Local AI Scanning
+
+Scan a file using the local AI model:
+
+```bash
+python src/cli/main.py scan --file /path/to/file
+```
+
+### 2. Behavior Profiler
+
+Start monitoring system behavior:
+
+```bash
+python src/cli/main.py monitor
+```
+
+### 3. Post-Quantum File Encryption
+
+Encrypt a file:
+
+```bash
+python src/cli/main.py encrypt --file secret.pdf --algo ml-kem-1024 --sign ml-dsa-87
+```
+
+Decrypt a file:
+
+```bash
+python src/cli/main.py decrypt --file secret.pdf.sqe --key ~/.Leukquant/private.key
+```
+
+## File Structure
+
+- `models/`: Contains the ONNX/GGML models for malware detection.
+- `db/`: Local SQLite databases for threat signatures and behavior baselines.
+- `keys/`: Post-quantum cryptographic keys.
+- `config/`: Configuration files (e.g., `Leukquant.yml`).
+- `src/`: Source code for the scanner, behavior profiler, crypto vault, and CLI.
+- `logs/`: Local logs for anomalies.
+
+## Datasets for Training
+
+To train the local AI model, you can use the following datasets:
+- **EMBER**: Open PE malware dataset.
+- **VirusShare**: Repository of malware samples.
+- **Kaggle Malware Datasets**: Various datasets available on Kaggle.
+
+*Note: The pre-trained model should be placed in `models/malware_detector.onnx`.*

leukquant-0.1.0/README.md

@@ -0,0 +1,72 @@
+# Leukquant — Fully Local, Decentralized Threat Defense
+
+> **Zero cloud. Zero trust in corporations. Zero single point of failure.**
+
+## Overview
+
+Leukquant is a fully local, decentralized threat defense system. It uses on-device AI for malware classification, a behavior profiler for anomaly detection, and post-quantum cryptography for file encryption.
+
+*Note: The blockchain threat ledger is currently disabled in this version. We use datasets like EMBER, VirusShare, and Kaggle Malware datasets for local AI scanning.*
+
+## Features
+
+1. **Local AI Scanning**: On-device malware classification using ONNX models. No telemetry. No cloud calls.
+2. **Behavior Profiler**: Learns normal patterns over a 14-day baseline and flags deviations.
+3. **Post-Quantum Crypto Vault**: Encrypts files with NIST PQC standards (ML-KEM, ML-DSA, SLH-DSA).
+4. **Offline Mode**: Built for machines that never touch the internet.
+
+## Installation
+
+```bash
+pip install -r requirements.txt
+```
+
+## Usage
+
+### 1. Local AI Scanning
+
+Scan a file using the local AI model:
+
+```bash
+python src/cli/main.py scan --file /path/to/file
+```
+
+### 2. Behavior Profiler
+
+Start monitoring system behavior:
+
+```bash
+python src/cli/main.py monitor
+```
+
+### 3. Post-Quantum File Encryption
+
+Encrypt a file:
+
+```bash
+python src/cli/main.py encrypt --file secret.pdf --algo ml-kem-1024 --sign ml-dsa-87
+```
+
+Decrypt a file:
+
+```bash
+python src/cli/main.py decrypt --file secret.pdf.sqe --key ~/.Leukquant/private.key
+```
+
+## File Structure
+
+- `models/`: Contains the ONNX/GGML models for malware detection.
+- `db/`: Local SQLite databases for threat signatures and behavior baselines.
+- `keys/`: Post-quantum cryptographic keys.
+- `config/`: Configuration files (e.g., `Leukquant.yml`).
+- `src/`: Source code for the scanner, behavior profiler, crypto vault, and CLI.
+- `logs/`: Local logs for anomalies.
+
+## Datasets for Training
+
+To train the local AI model, you can use the following datasets:
+- **EMBER**: Open PE malware dataset.
+- **VirusShare**: Repository of malware samples.
+- **Kaggle Malware Datasets**: Various datasets available on Kaggle.
+
+*Note: The pre-trained model should be placed in `models/malware_detector.onnx`.*

leukquant-0.1.0/leukquant.egg-info/PKG-INFO

@@ -0,0 +1,99 @@
+Metadata-Version: 2.4
+Name: leukquant
+Version: 0.1.0
+Summary: Fully Local, Decentralized Threat Defense
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+Requires-Dist: onnxruntime>=1.16.0
+Requires-Dist: numpy>=1.24.0
+Requires-Dist: psutil>=5.9.0
+Requires-Dist: cryptography>=41.0.0
+Requires-Dist: pyyaml>=6.0.1
+Requires-Dist: click>=8.1.7
+Requires-Dist: rich>=13.7.0
+Requires-Dist: watchdog>=3.0.0
+Requires-Dist: scikit-learn>=1.3.2
+Requires-Dist: skl2onnx>=1.16.0
+Provides-Extra: pqc
+Requires-Dist: liboqs-python>=0.8.0; extra == "pqc"
+Provides-Extra: ember
+Requires-Dist: ember; extra == "ember"
+Requires-Dist: lief; extra == "ember"
+Provides-Extra: kaggle
+Requires-Dist: kaggle; extra == "kaggle"
+Provides-Extra: dev
+Requires-Dist: pytest>=7.4.0; extra == "dev"
+Requires-Dist: pytest-cov>=4.1.0; extra == "dev"
+
+# Leukquant — Fully Local, Decentralized Threat Defense
+
+> **Zero cloud. Zero trust in corporations. Zero single point of failure.**
+
+## Overview
+
+Leukquant is a fully local, decentralized threat defense system. It uses on-device AI for malware classification, a behavior profiler for anomaly detection, and post-quantum cryptography for file encryption.
+
+*Note: The blockchain threat ledger is currently disabled in this version. We use datasets like EMBER, VirusShare, and Kaggle Malware datasets for local AI scanning.*
+
+## Features
+
+1. **Local AI Scanning**: On-device malware classification using ONNX models. No telemetry. No cloud calls.
+2. **Behavior Profiler**: Learns normal patterns over a 14-day baseline and flags deviations.
+3. **Post-Quantum Crypto Vault**: Encrypts files with NIST PQC standards (ML-KEM, ML-DSA, SLH-DSA).
+4. **Offline Mode**: Built for machines that never touch the internet.
+
+## Installation
+
+```bash
+pip install -r requirements.txt
+```
+
+## Usage
+
+### 1. Local AI Scanning
+
+Scan a file using the local AI model:
+
+```bash
+python src/cli/main.py scan --file /path/to/file
+```
+
+### 2. Behavior Profiler
+
+Start monitoring system behavior:
+
+```bash
+python src/cli/main.py monitor
+```
+
+### 3. Post-Quantum File Encryption
+
+Encrypt a file:
+
+```bash
+python src/cli/main.py encrypt --file secret.pdf --algo ml-kem-1024 --sign ml-dsa-87
+```
+
+Decrypt a file:
+
+```bash
+python src/cli/main.py decrypt --file secret.pdf.sqe --key ~/.Leukquant/private.key
+```
+
+## File Structure
+
+- `models/`: Contains the ONNX/GGML models for malware detection.
+- `db/`: Local SQLite databases for threat signatures and behavior baselines.
+- `keys/`: Post-quantum cryptographic keys.
+- `config/`: Configuration files (e.g., `Leukquant.yml`).
+- `src/`: Source code for the scanner, behavior profiler, crypto vault, and CLI.
+- `logs/`: Local logs for anomalies.
+
+## Datasets for Training
+
+To train the local AI model, you can use the following datasets:
+- **EMBER**: Open PE malware dataset.
+- **VirusShare**: Repository of malware samples.
+- **Kaggle Malware Datasets**: Various datasets available on Kaggle.
+
+*Note: The pre-trained model should be placed in `models/malware_detector.onnx`.*

leukquant-0.1.0/leukquant.egg-info/SOURCES.txt

@@ -0,0 +1,34 @@
+README.md
+pyproject.toml
+leukquant.egg-info/PKG-INFO
+leukquant.egg-info/SOURCES.txt
+leukquant.egg-info/dependency_links.txt
+leukquant.egg-info/entry_points.txt
+leukquant.egg-info/requires.txt
+leukquant.egg-info/top_level.txt
+src/__init__.py
+src/config.py
+src/paths.py
+src/behavior/__init__.py
+src/behavior/monitors.py
+src/behavior/profiler.py
+src/cli/__init__.py
+src/cli/main.py
+src/crypto/__init__.py
+src/crypto/key_manager.py
+src/crypto/pq_encrypt.py
+src/db/__init__.py
+src/db/database.py
+src/offline/__init__.py
+src/offline/sync.py
+src/quarantine/__init__.py
+src/quarantine/manager.py
+src/scanner/__init__.py
+src/scanner/dataset_loaders.py
+src/scanner/extract.py
+src/scanner/scan.py
+src/scanner/train.py
+tests/test_behavior.py
+tests/test_crypto.py
+tests/test_quarantine.py
+tests/test_scanner.py

leukquant-0.1.0/leukquant.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

leukquant-0.1.0/leukquant.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+leukquant = src.cli.main:cli

leukquant-0.1.0/leukquant.egg-info/requires.txt

@@ -0,0 +1,24 @@
+onnxruntime>=1.16.0
+numpy>=1.24.0
+psutil>=5.9.0
+cryptography>=41.0.0
+pyyaml>=6.0.1
+click>=8.1.7
+rich>=13.7.0
+watchdog>=3.0.0
+scikit-learn>=1.3.2
+skl2onnx>=1.16.0
+
+[dev]
+pytest>=7.4.0
+pytest-cov>=4.1.0
+
+[ember]
+ember
+lief
+
+[kaggle]
+kaggle
+
+[pqc]
+liboqs-python>=0.8.0

leukquant-0.1.0/leukquant.egg-info/top_level.txt

@@ -0,0 +1 @@
+src

leukquant-0.1.0/pyproject.toml

@@ -0,0 +1,39 @@
+[build-system]
+requires = ["setuptools>=65", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "leukquant"
+version = "0.1.0"
+description = "Fully Local, Decentralized Threat Defense"
+readme = "README.md"
+requires-python = ">=3.9"
+dependencies = [
+    "onnxruntime>=1.16.0",
+    "numpy>=1.24.0",
+    "psutil>=5.9.0",
+    "cryptography>=41.0.0",
+    "pyyaml>=6.0.1",
+    "click>=8.1.7",
+    "rich>=13.7.0",
+    "watchdog>=3.0.0",
+    "scikit-learn>=1.3.2",
+    "skl2onnx>=1.16.0",
+]
+
+[project.optional-dependencies]
+pqc = ["liboqs-python>=0.8.0"]
+ember = ["ember", "lief"]
+kaggle = ["kaggle"]
+dev = ["pytest>=7.4.0", "pytest-cov>=4.1.0"]
+
+[project.scripts]
+leukquant = "src.cli.main:cli"
+
+[tool.setuptools.packages.find]
+where = ["."]
+include = ["src*"]
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+python_files = ["test_*.py"]

leukquant-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

leukquant-0.1.0/src/behavior/monitors.py

@@ -0,0 +1,100 @@
+import threading
+import time
+import logging
+from collections import deque
+from watchdog.observers import Observer
+from watchdog.events import FileSystemEventHandler
+import psutil
+
+logger = logging.getLogger(__name__)
+
+
+class FileEventTracker(FileSystemEventHandler):
+    """Tracks file system create/modify events using a rolling time window."""
+
+    def __init__(self, window_seconds: int = 60):
+        super().__init__()
+        self.window_seconds = window_seconds
+        self._events: deque = deque()
+        self._lock = threading.Lock()
+
+    def on_created(self, event):
+        if not event.is_directory:
+            self._record("created", event.src_path)
+
+    def on_modified(self, event):
+        if not event.is_directory:
+            self._record("modified", event.src_path)
+
+    def on_deleted(self, event):
+        if not event.is_directory:
+            self._record("deleted", event.src_path)
+
+    def _record(self, kind: str, path: str):
+        now = time.monotonic()
+        with self._lock:
+            self._events.append((now, kind, path))
+            cutoff = now - self.window_seconds
+            while self._events and self._events[0][0] < cutoff:
+                self._events.popleft()
+
+    def get_rate(self) -> float:
+        """Return events-per-minute in the current window."""
+        now = time.monotonic()
+        cutoff = now - self.window_seconds
+        with self._lock:
+            recent = sum(1 for ts, _, _ in self._events if ts >= cutoff)
+        # Normalize to events/minute
+        return (recent / self.window_seconds) * 60
+
+
+class SystemMonitor:
+    """
+    Aggregates real-time system metrics:
+      - File system event rate (watchdog)
+      - Active process count (psutil)
+      - Network connection count (psutil)
+      - Memory utilization % (psutil)
+    """
+
+    def __init__(self, watch_path: str = "/tmp", window_seconds: int = 60):
+        self.watch_path = watch_path
+        self.file_tracker = FileEventTracker(window_seconds)
+        self._observer = Observer()
+        self._observer.schedule(self.file_tracker, watch_path, recursive=True)
+        self._running = False
+
+    def start(self):
+        if not self._running:
+            try:
+                self._observer.start()
+                self._running = True
+                logger.info(f"SystemMonitor started. Watching: {self.watch_path}")
+            except Exception as e:
+                logger.warning(f"Could not start file watcher: {e}")
+
+    def stop(self):
+        if self._running:
+            self._observer.stop()
+            self._observer.join()
+            self._running = False
+            logger.info("SystemMonitor stopped.")
+
+    def get_snapshot(self) -> dict:
+        try:
+            mem = psutil.virtual_memory()
+            net = psutil.net_connections(kind="inet")
+            return {
+                "process_spawn_rate": len(psutil.pids()),
+                "file_write_rate": self.file_tracker.get_rate(),
+                "network_socket_count": len(net),
+                "memory_alloc_spikes": mem.percent,
+            }
+        except Exception as e:
+            logger.warning(f"SystemMonitor snapshot error: {e}")
+            return {
+                "process_spawn_rate": 0,
+                "file_write_rate": 0.0,
+                "network_socket_count": 0,
+                "memory_alloc_spikes": 0.0,
+            }

leukquant-0.1.0/src/behavior/profiler.py

@@ -0,0 +1,99 @@
+import time
+import numpy as np
+import logging
+import os
+from datetime import datetime
+from src.db.database import DatabaseManager
+from src.behavior.monitors import SystemMonitor
+from src.config import Config
+from src.paths import app_path
+
+logger = logging.getLogger(__name__)
+
+MIN_BASELINE_SAMPLES = 10
+
+
+class BehaviorProfiler:
+    """
+    Collects system metrics every `poll_interval` seconds, stores them in SQLite,
+    and computes a Z-score anomaly metric against the rolling `baseline_days`-day window.
+
+        A(t) = (1/N) * Σ |x_i(t) − μ_i| / σ_i
+
+    Scores above `alert_threshold` are logged; scores above `quarantine_threshold`
+    are also written as anomaly events for downstream quarantine decisions.
+    """
+
+    PID_FILE = app_path("logs", "monitor.pid")
+
+    def __init__(self, poll_interval: int = 60):
+        cfg = Config.get()
+        self.baseline_days: int = cfg.get_value("behavior", "baseline_period_days", default=14)
+        self.alert_threshold: float = cfg.get_value("behavior", "alert_threshold", default=3.5)
+        self.quarantine_threshold: float = cfg.get_value("behavior", "quarantine_threshold", default=5.0)
+        self.poll_interval = poll_interval
+        self.db = DatabaseManager()
+        self.monitor = SystemMonitor()
+
+    # ─── metric helpers ───────────────────────────────────────────────────────
+
+    def _collect(self) -> dict:
+        snap = self.monitor.get_snapshot()
+        snap["timestamp"] = datetime.now()
+        return snap
+
+    def calculate_anomaly_score(self, metrics: dict) -> float:
+        rows = self.db.get_baseline_metrics(days=self.baseline_days)
+        if len(rows) < MIN_BASELINE_SAMPLES:
+            logger.debug(f"Only {len(rows)} samples in baseline — skipping anomaly scoring.")
+            return 0.0
+
+        baseline = np.array(rows, dtype=float)
+        means = np.mean(baseline, axis=0)
+        stds = np.std(baseline, axis=0)
+        stds[stds == 0] = 1e-6
+
+        current = np.array([
+            metrics["process_spawn_rate"],
+            metrics["file_write_rate"],
+            metrics["network_socket_count"],
+            metrics["memory_alloc_spikes"],
+        ], dtype=float)
+
+        z_scores = np.abs(current - means) / stds
+        return float(np.mean(z_scores))
+
+    # ─── main loop ────────────────────────────────────────────────────────────
+
+    def monitor_loop(self):
+        os.makedirs(app_path("logs"), exist_ok=True)
+        with open(self.PID_FILE, "w") as f:
+            f.write(str(os.getpid()))
+
+        self.monitor.start()
+        logger.info(f"Behavior monitor started (PID {os.getpid()}, interval {self.poll_interval}s).")
+
+        try:
+            while True:
+                metrics = self._collect()
+                self.db.insert_metrics(metrics)
+                score = self.calculate_anomaly_score(metrics)
+
+                if score > self.alert_threshold:
+                    details = (
+                        f"score={score:.3f} | "
+                        f"procs={metrics['process_spawn_rate']} | "
+                        f"files/min={metrics['file_write_rate']:.1f} | "
+                        f"sockets={metrics['network_socket_count']} | "
+                        f"mem%={metrics['memory_alloc_spikes']:.1f}"
+                    )
+                    level = "CRITICAL" if score > self.quarantine_threshold else "WARNING"
+                    logger.warning(f"[{level}] Anomaly score {score:.3f} — {details}")
+                    self.db.log_anomaly(score, details)
+
+                time.sleep(self.poll_interval)
+        finally:
+            self.monitor.stop()
+            if os.path.exists(self.PID_FILE):
+                os.remove(self.PID_FILE)
+            logger.info("Behavior monitor stopped.")