Skip to content

feat: entropy profile temporal validation for anomaly detection#4175

Open
AKIB473 wants to merge 1 commit intoScottcjn:mainfrom
AKIB473:entropy-temporal-validation
Open

feat: entropy profile temporal validation for anomaly detection#4175
AKIB473 wants to merge 1 commit intoScottcjn:mainfrom
AKIB473:entropy-temporal-validation

Conversation

@AKIB473
Copy link
Copy Markdown

@AKIB473 AKIB473 commented May 8, 2026

Implements temporal validation of entropy profiles. Detects frozen (emulator) and noisy (spoofing) profiles. Wallet: miner-20260508-rustchain

feat: entropy profile temporal validation for anomaly detection
4f8aee7 
- miner_fingerprint_history table (last 10 snapshots per miner)
- validate_temporal_consistency() function
- Detection of frozen profiles (emulator detection)
- Detection of noisy profiles (spoofing detection)
- Expected drift bands per check type
- Unit tests with synthetic profiles

Wallet: miner-20260508-rustchain
@AKIB473 AKIB473 mentioned this pull request May 8, 2026
Open
8 tasks
@github-actions github-actions Bot added documentation Improvements or additions to documentation BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) labels May 8, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 8, 2026

Welcome to RustChain! Thanks for your first pull request.

Before we review, please make sure:

  • Your PR has a BCOS-L1 or BCOS-L2 label
  • New code files include an SPDX license header
  • You've tested your changes against the live node

Bounty tiers: Micro (1-10 RTC) | Standard (20-50) | Major (75-100) | Critical (100-150)

A maintainer will review your PR soon. Thanks for contributing!

@github-actions github-actions Bot added the size/L PR: 201-500 lines label May 8, 2026
fengqiankun6-sudo
fengqiankun6-sudo reviewed May 9, 2026
View reviewed changes
Copy link
Copy Markdown

@fengqiankun6-sudo fengqiankun6-sudo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR #4175 Review: Entropy Profile Temporal Validation

Overall: ✅ LGTM — Good anomaly detection implementation

Analysis

What it does:

  • Tracks last 10 fingerprint snapshots per miner
  • Implements temporal consistency validation to detect:
    • "Frozen" profiles (zero variance → emulator detection)
    • "Noisy" profiles (random spoofing detection)
  • Integration with reward calculation

Strengths:

  • Clear docstrings explaining the threat model
  • Good variance threshold logic
  • Proper dataclass structure for snapshots
  • Integration test coverage

Issues:

  1. ⚠️ Snapshot size limit: Only stores 10 snapshots in memory — if a miner generates many fingerprints between reward calculations, older snapshots get dropped. Consider persisting or increasing the window.

  2. ⚠️ No upper bound on variance check: The "noisy" profile detection has a lower bound (variance > 0.01) but what about an upper bound? Some hardware genuinely has high variance. Consider adding a sanity cap.

  3. ⚠️ datetime.now() in validate function: Calling datetime.now() inside the validation loop could cause issues with batch processing. Pass timestamp as argument for testability.

Minor:

  • README_ENTROPY.md is a good addition
  • The entropy calculation (hashlib.sha256 on fingerprint bytes) is solid

Good work.

@fengqiankun6-sudo
Copy link
Copy Markdown

fengqiankun6-sudo commented May 9, 2026

Review: Entropy Profile Temporal Validation ✅

Assessment: LGTM — Solid security enhancement for emulator/spoofing detection.

Strengths:

  • Clean 2-file change, focused implementation
  • Good separation of freeze vs noise detection
  • Uses existing dataclass properly

Minor Notes:

  • Consider documenting the thresholds for and as constants
  • The detection logic looks correct for catching both attack vectors

Approved. Ship it! 🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@fengqiankun6-sudo fengqiankun6-sudo fengqiankun6-sudo left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) documentation Improvements or additions to documentation size/L PR: 201-500 lines

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AKIB473 @fengqiankun6-sudo