trojanhorse-js
Version:
A comprehensive JavaScript library for fetching, managing, and analyzing global threat intelligence from multiple open-source feeds and security news sources. Unlike its mythological namesake, this Trojan protects your digital fortress.
152 lines • 4.46 kB
TypeScript
/// <reference types="node" />
import { EventEmitter } from 'events';
import { ThreatIndicator } from '../types';
declare const ML_ENGINE_STATUS: {
EXPERIMENTAL: boolean;
BETA_VERSION: string;
PRODUCTION_READY: boolean;
WARNING: string;
};
export interface MLFeatures {
domainLength?: number;
subdomainCount?: number;
vowelConsonantRatio?: number;
entropyScore?: number;
hasNumbers?: boolean;
hasDashes?: boolean;
suspiciousTLD?: boolean;
isPrivateIP?: boolean;
isCloudProvider?: boolean;
geographicRisk?: number;
portScanHistory?: number;
firstSeenAge?: number;
reportingVelocity?: number;
sourceReliability?: number;
contextualAnomalies?: number;
dnsRecordCount?: number;
httpResponseCode?: number;
certificateValidity?: boolean;
redirectChainLength?: number;
}
export interface MLPrediction {
threatProbability: number;
confidence: number;
riskScore: number;
threatCategory: 'malware' | 'phishing' | 'c2' | 'botnet' | 'spam' | 'benign';
explanation: {
topFeatures: Array<{
feature: string;
importance: number;
value: any;
}>;
riskFactors: string[];
modelVersion: string;
};
anomalyScore?: number;
behavioralSignature?: string;
experimental: {
status: typeof ML_ENGINE_STATUS;
warning: string;
disclaimer: string;
};
}
export interface MLModel {
id: string;
name: string;
type: 'classification' | 'regression' | 'anomaly_detection' | 'clustering';
version: string;
accuracy: number;
lastTrained: Date;
featureImportance: Record<string, number>;
hyperparameters: Record<string, any>;
trainingMetrics: {
precision: number;
recall: number;
f1Score: number;
auc: number;
falsePositiveRate: number;
};
experimental: boolean;
}
export interface TrainingDataPoint {
features: MLFeatures;
label: number;
weight: number;
timestamp: Date;
source: string;
}
export declare class FeatureExtractor {
private suspiciousTLDs;
extractFeatures(indicator: ThreatIndicator, context?: any): MLFeatures;
private extractDomainFeatures;
private extractIPFeatures;
private extractHashFeatures;
private calculateAge;
private calculateVowelConsonantRatio;
private calculateEntropy;
private isPrivateIP;
private isCloudProvider;
private calculateGeographicRisk;
private isIpInRange;
private isPrivateIp;
private isDynamicIp;
private isCloudProviderIp;
private isVpnProxyIp;
private calculateSourceReliability;
private calculateReportingVelocity;
}
export declare class ThreatClassificationModel {
private model;
private weights;
private featureScaler;
constructor(modelConfig: Partial<MLModel>);
private initializeWeights;
predict(features: MLFeatures): MLPrediction;
private normalizeFeatures;
private calculateLogit;
private sigmoid;
private calculateConfidence;
private calculateRiskScore;
private classifyThreatType;
private getTopFeatures;
private identifyRiskFactors;
getModelInfo(): MLModel;
}
export declare class AnomalyDetectionEngine {
private baselineProfiles;
private anomalyThreshold;
detectAnomalies(indicators: ThreatIndicator[]): Array<{
indicator: ThreatIndicator;
anomalyScore: number;
reasons: string[];
}>;
private getBaselineProfile;
private createDefaultProfile;
private calculateAnomalyScore;
private identifyAnomalyReasons;
}
export declare class MLThreatEngine extends EventEmitter {
private featureExtractor;
private classificationModel;
private anomalyDetector;
private trainingData;
private predictionCache;
constructor(config?: {
modelPath?: string;
cacheSize?: number;
});
analyzeThreat(indicator: ThreatIndicator, context?: any): Promise<MLPrediction>;
analyzeBatch(indicators: ThreatIndicator[]): Promise<Map<string, MLPrediction>>;
addTrainingData(dataPoint: TrainingDataPoint): void;
retrain(): Promise<void>;
private calculateFeatureImportance;
private evaluateModel;
private loadModel;
getStats(): {
cacheSize: number;
trainingDataSize: number;
modelInfo: MLModel;
};
}
export {};
//# sourceMappingURL=MLThreatEngine.d.ts.map