Skip to content

jbsec/sovereign-xai

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
frontend
frontend
 
 
orchestrator
orchestrator
 
 
xai-compute
xai-compute
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

Sovereign XAI: Multi-Model Time Series Benchmarking for Network Forensics

This is an offline, air-gapped framework built to benchmark deep learning time-series models against stealthy, low-rate network anomalies. It evaluates how different architectures handle malicious packet intervals—like automated command-and-control (C2) beaconing hidden inside standard background DHCP traffic.

The platform runs 10 modern time-series models through a diagnostic suite of 20 explainability (XAI) metrics to test their causal accuracy, feature attribution, and robustness under adversarial noise.

Screenshot 2026-06-17 184056 Screenshot 2026-06-17 184043

🔬 Core Insights & Findings

The primary goal of this framework is to expose where standard deep learning architectures break down when dealing with sparse, highly localized time-series signals:

  • The Global Tokenization Flaw: Models that rely on global embedding blocks (such as iTransformer and Autoformer) mix all telemetry channels together early in the encoder phase. In a network setting, this causes high entropy cross-contamination (channel leakage), leading the model to confuse standard background noise with an active threat vector.
  • Why PatchTST Wins: By using Channel Independence (processing each telemetry channel as an isolated 1-D series) and Sub-Tokenization (breaking the sequence into local, overlapping patches), PatchTST keeps localized variations intact. Testing via TS-LIME and Patch SHAP proves it maps mathematical weights accurately to the exact boundary intervals of an anomaly, maintaining stability even when packet loss or jitter is introduced.

🛠️ System Architecture & Stack

The platform is split into decoupled, lightweight services configured to run completely offline:

  • Frontend (Next.js / React): A clean dashboard built with a lightweight, vanilla JavaScript markdown parser. This avoids massive external npm dependencies and handles local LLM text streams safely without breaking the runtime environment.
  • Backend API (FastAPI / Python): Handles data vectorization matrices, orchestrates evaluation routes, and manages the inference pipeline.
  • Local LLM (Ollama): Serves local parameter streams for offline log analysis and forensic summaries without calling external cloud APIs.
  • Environment (Docker Compose): Ties the frontend, backend, and LLM together into an isolated, reproducible container stack.

🚀 Quickstart Deployment

Prerequisites

  • Docker Desktop installed on your host machine.
  • A target packet capture file (the default configuration looks for dhcp.pcap in the workspace directory).

1. Clone the Repository

git clone [https://github.com/jbsec/sovereign-xai.git](https://github.com/jbsec/sovereign-xai.git)
cd sovereign-xai

About

An offline, Dockerized time-series benchmarking platform that evaluates 10 deep learning models across 20 XAI metrics to detect low-rate network anomalies.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages