Architecture Overview
Architecture Overview
HookProbe’s architecture is built on three pillars: NEURO (Living Cryptography), DSM (Decentralized Security Mesh), and HTP (HookProbe Transport Protocol).
The Three Pillars
┌─────────────────────────────────────────────────────────────────────────────────┐│ HOOKPROBE THREE PILLARS │├─────────────────────────────────────────────────────────────────────────────────┤│ ││ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐ ││ │ NEURO │ │ DSM │ │ HTP │ ││ │ Protocol │ │ Decentralized │ │ Transport │ ││ │ │ │ Security Mesh │ │ Protocol │ ││ ├─────────────────┤ ├─────────────────┤ ├─────────────────┤ ││ │ Living │ │ Collective │ │ Trust Fabric │ ││ │ Cryptography │ │ Intelligence │ │ + File Transfer │ ││ │ │ │ │ │ │ ││ │ • TER Sensors │ │ • Microblocks │ │ • UDP 8144 │ ││ │ • Weight Evolve │ │ • BLS Consensus │ │ • ChaCha20 │ ││ │ • PoSF Signing │ │ • Merkle DAG │ │ • NAT Traversal │ ││ │ • Deterministic │ │ • Byzantine FT │ │ • CRUD Files │ ││ └─────────────────┘ └─────────────────┘ └─────────────────┘ ││ │ │ │ ││ └─────────────────────┼─────────────────────┘ ││ │ ││ ┌────────────┴────────────┐ ││ │ QSECBIT │ ││ │ Universal Resilience │ ││ │ Metric (0.0-1.0) │ ││ └─────────────────────────┘ ││ │└─────────────────────────────────────────────────────────────────────────────────┘Pillar Overview
| Pillar | Function | Innovation |
|---|---|---|
| NEURO | Living Cryptography | Neural weights replace static keys |
| DSM | Collective Intelligence | Byzantine fault-tolerant distributed SOC |
| HTP | Trust Fabric | Simple, auditable transport protocol |
System Layers
Layer 1: Hardware
Edge devices range from IoT gateways to servers:
| Tier | Hardware | RAM |
|---|---|---|
| Sentinel | IoT gateway | 256MB |
| Guardian | Raspberry Pi | 1.5GB |
| Fortress | Mini PC | 4GB |
| Nexus | Server | 16GB+ |
Layer 2: POD Infrastructure
The 7-POD architecture provides modular services:
| POD | Function |
|---|---|
| POD-001 | Web UI / API Gateway |
| POD-002 | IAM / Identity |
| POD-003 | PostgreSQL Database |
| POD-004 | Cache / Queues |
| POD-005 | Metrics / Dashboards |
| POD-006 | Security Detection |
| POD-007 | AI Response Engine |
Learn more about the 7-POD Stack →
Layer 3: Networking
Network security through OVS and XDP:
| Component | Purpose |
|---|---|
| OpenVSwitch | VLAN segmentation, OpenFlow ACLs |
| XDP/eBPF | Kernel-level DDoS mitigation |
| PSK-VXLAN | Encrypted inter-POD tunnels |
| Nftables | Host firewall rules |
Layer 4: Detection
Multi-engine security detection:
| Engine | Function |
|---|---|
| NAPSE | AI-native IDS/NSM/IPS (unified detection) |
| dnsXai | AI DNS protection |
| Layer Detector | L2-L7 analysis |
Learn more about Security Engines →
Layer 5: Intelligence
Collective threat intelligence:
| Component | Function |
|---|---|
| DSM | Decentralized consensus |
| Mesh | Global threat sharing |
| QSecBit | Unified threat scoring |
| NEURO | Neural authentication |
Layer 6: Monitoring
Observability stack:
| Tool | Purpose |
|---|---|
| Prometheus | Metrics collection |
| Grafana | Dashboards |
| VictoriaMetrics | Long-term storage |
| ClickHouse | Analytics (Nexus) |
Data Flow
┌─────────────────────────────────────────────────────────────────────────────────┐│ DATA FLOW │├─────────────────────────────────────────────────────────────────────────────────┤│ ││ ┌─────────┐ Raw ┌─────────┐ Qsecbit ┌─────────┐ ││ │Guardian │ ──telemetry──► │ Nexus │ ───scores───► │ Mesh │ ││ │Fortress │ (local) │ │ (derived) │ │ ││ │Sentinel │ │ │ │ │ ││ └─────────┘ └─────────┘ └─────────┘ ││ │ ││ ┌─────────┐ Hardened ┌─────────┐ Global ┌────┴────┐ ││ │Guardian │ ◄───model──── │ Nexus │ ◄──updates── │ Mesh │ ││ │Fortress │ (updates) │ │ (insights) │ │ ││ │Sentinel │ │ │ │ │ ││ └─────────┘ └─────────┘ └─────────┘ ││ ││ RAW DATA NEVER LEAVES THE EDGE ││ │└─────────────────────────────────────────────────────────────────────────────────┘Security Model
Defense in Depth
Layer 1: XDP/eBPF (kernel) └─► DDoS mitigation, rate limiting │Layer 2: Nftables (firewall) └─► Port filtering, connection tracking │Layer 3: OVS (network) └─► VLAN isolation, ACL enforcement │Layer 4: NAPSE (IDS/NSM/IPS) └─► Signature + ML detection, protocol analysis │Layer 5: dnsXai (AI) └─► ML classification │Layer 6: NEURO (identity) └─► Neural authenticationThreat Mitigation
| Attack | Defense |
|---|---|
| DDoS | XDP kernel filtering |
| Port Scan | Nftables rate limiting |
| VLAN Hopping | OVS strict ACLs |
| Known Exploits | NAPSE signature matching |
| Zero-day | NAPSE ML-based anomaly detection |
| C2 Communication | dnsXai ML detection |
| Impersonation | NEURO neural resonance |
Repository Structure
hookprobe/├── core/ # Core Intelligence│ ├── htp/ # Transport Protocol│ ├── qsecbit/ # Security Metric│ └── neuro/ # Neural Resonance│├── products/ # Product Tiers│ ├── sentinel/ # IoT Validator│ ├── guardian/ # Travel Companion│ ├── fortress/ # Edge Router│ └── nexus/ # ML Brain│├── shared/ # Shared Modules│ ├── dsm/ # Decentralized Mesh│ ├── dnsxai/ # DNS AI│ └── response/ # Threat Response│├── infrastructure/ # POD Deployments│ └── pod-*/ # POD configurations│└── deploy/ # Deployment ScriptsNext Steps
- 7-POD Stack - Container architecture
- Networking - OVS and XDP details
- Security Engines - Detection systems
- Monitoring - Observability stack