Skip to content
HookProbe Docs

Glossary

Glossary

Key terms and concepts used throughout HookProbe documentation.

A

AEGIS

Adaptive Endpoint Guardian with Intelligent Security. HookProbe’s AI orchestrator with 8 specialized agents for autonomous threat response and plain-English security explanations.

AGPL

GNU Affero General Public License. Open source license used for HookProbe’s open components.

B

BLS Signatures

Boneh-Lynn-Shacham signatures. Cryptographic signatures that can be aggregated, used in DSM consensus.

Byzantine Fault Tolerance (BFT)

Ability to reach consensus even when some participants are malicious. DSM tolerates f=(n-1)/3 Byzantine validators.

C

Checkpoint

Aggregation of microblocks into a signed summary at the end of each epoch. Contains Merkle root and BLS aggregate signature.

Collective Defense

Security model where one node’s detection protects all nodes in the mesh.

D

dnsXai

HookProbe’s AI-powered DNS classification system. Uses ML to categorize and block malicious domains.

DSM

Decentralized Security Mesh. Byzantine fault-tolerant consensus protocol for collective threat intelligence.

E

Edge Node

HookProbe deployment at the network edge (Sentinel, Guardian, or Fortress).

Epoch

Time period for DSM consensus (default 5 minutes). Microblocks are aggregated into checkpoints at epoch boundaries.

eBPF

Extended Berkeley Packet Filter. Linux kernel technology for programmable packet processing.

F

Fortress

HookProbe product tier for business networks. 4GB RAM, VLAN segmentation, NAPSE IDS/NSM/IPS.

G

Gossip Protocol

Protocol for propagating microblocks and mesh state between nodes.

Guardian

HookProbe product tier for travel/home. 1.5GB RAM, WiFi hotspot, L2-L7 detection.

H

Hardware Fingerprint

Unique device identifier derived from CPU, MAC, disk, and other hardware characteristics.

HTP

HookProbe Transport Protocol. UDP-based secure transport with weight-bound session keys.

Hot Shot Mode

Power and performance preference system for edge deployments.

L

Layer Detector

Multi-layer threat detection from L2 to L7.

M

Mesh

The global HookProbe network of interconnected edge and validator nodes.

Microblock

Security event record created by edge nodes. Signed with TPM/PoSF and propagated via gossip.

N

NAPSE

Neural Adaptive Packet Synthesis Engine. HookProbe’s proprietary unified IDS/NSM/IPS engine with 3-layer architecture (eBPF kernel fast path, Rust protocol engine, Python event synthesis) optimized for edge devices.

Neural Fingerprint

Compact (~256 byte) representation of attack behavior. Shared in mesh without raw data.

NEURO

Neural Resonance Protocol. Living cryptography where neural weights replace static keys.

Nexus

HookProbe product tier for heavy compute. 16GB+ RAM, ML training, ClickHouse analytics.

NSE

Neural Synaptic Encryption. Cryptographic system where keys are emergent, not stored.

O

OpenVSwitch (OVS)

Software-defined networking platform used for VLAN segmentation in Fortress.

P

POD

Modular container grouping in HookProbe’s 7-POD architecture. Each POD handles a specific function.

PoSF

Proof-of-Sensor-Fusion. Neural network signature proving device integrity.

Q

QSecBit

Quantified Security Bit. Universal resilience metric (0.0-1.0) for security scoring.

Quorum

Minimum number of validators required for consensus. Typically 2/3 of total validators.

R

RAG Status

Red-Amber-Green status indicator based on QSecBit score.

  • GREEN: < 0.45 (normal)
  • AMBER: 0.45-0.70 (warning)
  • RED: > 0.70 (critical)

Resonance

State where two nodes have aligned neural weight trajectories, enabling secure communication.

S

Sentinel

HookProbe product tier for IoT. 256MB RAM, DSM validation, minimal footprint.

StandardSignal

NAPSE’s unified event format for typed security events consumed by QSecBit and AEGIS.

T

TER

Temporal Event Record. 64-byte sensor snapshot that drives weight evolution.

TPM

Trusted Platform Module. Hardware security module for cryptographic operations.

V

Validator

Node that participates in DSM consensus by aggregating microblocks and creating checkpoints.

VLAN

Virtual LAN. Network segmentation used in Fortress for isolating device types.

W

Weight Evolution

Process of neural network weights changing deterministically based on TER data.

Weight Fingerprint

SHA-512 hash of current neural weights. Changes when system integrity changes.

X

XDP

eXpress Data Path. Linux kernel technology for high-performance packet processing before the network stack.

Z

Zero-Copy

AF_XDP socket mode used by NAPSE for high-performance packet capture without kernel-to-user memory copies.