The first version used a weighted sum: assign each behavioral feature a threat score, add them up, trigger if the sum exceeds a threshold. It got 97% detection. It also got a 60% false positive rate.
Compiling code looks like cryptomining — sustained CPU, many threads. Video encoding looks like ransomware — high disk I/O, many file writes. Database backups look like exfiltration — large outbound data, sequential file reads. Every intensive workload shares features with some attack category. Weighted sums cannot distinguish intent from intensity.
Each threat category defines a signature: a set of required features that must ALL be present, plus a list of confirming features where at least one must also match. A single feature never triggers alone, no matter how anomalous.
Cryptominer requires sustained CPU AND specific mining patterns AND at least one of: known pool connections, GPU compute abuse, or hashrate fingerprint. Compiling code has sustained CPU but no mining patterns — never triggers. The combination is the signature, not any individual feature.
21 signatures total. 0.7ms to evaluate all of them.
| Category | Detected | Rate |
|---|---|---|
| Cryptominer | 3/3 | 100% |
| Ransomware | 3/3 | 100% |
| DDoS | 2/3 | 67% |
| Timebomb | 2/2 | 100% |
| Exfiltration | 3/3 | 100% |
| Privilege Escalation | 2/2 | 100% |
| Lateral Movement | 2/2 | 100% |
| Rootkit | 2/2 | 100% |
| Keylogger | 1/1 | 100% |
| Backdoor | 2/2 | 100% |
| Supply Chain | 2/2 | 100% |
| Credential Attack | 2/2 | 100% |
| Evasion | 2/2 | 100% |
| Integrity | 1/1 | 100% |
The one miss: a UDP flood DDoS variant that lacked diverse_targets. The signature requires evidence of targeting multiple destinations — a single-target UDP flood looks like a legitimate high-bandwidth stream. This is a hard edge of the rule-based approach.
| Workload | Verdict |
|---|---|
| Web browsing | CLEAN |
| Compiling code | CLEAN |
| Video encoding | CLEAN |
| Database backup | CLEAN |
| System update | CLEAN |
| Docker build | CLEAN |
| CI pipeline | CLEAN |
| SSH admin session | CLEAN |
| Log rotation | CLEAN |
| npm install | CLEAN |
The DDoS UDP flood without diverse targets is the measured miss. But the deeper limitation is structural: rule-based combination signatures only catch attack patterns that have been defined. Unknown attack patterns — novel zero-days, new lateral movement techniques, creative exfiltration channels — need behavioral baselines, not just signatures.
This system catches known shapes fast and with zero false positives. It does not learn new shapes. That boundary is honest and permanent for this architecture.
MM10P honest limits: the 29/30 detection rate is self-referential — we designed the signatures and the test cases simultaneously. This is not independent validation. The 0/10 false positive test used 10 hand-picked normal scenarios, not real production workload traces. Five novel attack patterns (living-off-the-land, slow exfiltration, insider threat, encrypted C2 via CDN, subtle supply chain) would all evade these signatures. An attacker who knows the required features can avoid them. This demonstrates the combination-signature principle, not a validated security product. Real security tools (CrowdStrike, etc.) use ML-based anomaly detection that handles novel patterns.
Computed on Mac Mini M4, 35W.