Traffic Entropy Anomaly
CS47 (Shannon entropy, E=−∑p·log p) per window: nominal → anomalous when source/destination entropy collapses below the floor (flood/DDoS uniformity) → flagged once it persists.
| Category | Network & Comms |
| Template ID | traffic-entropy-anomaly |
| Definition | traffic_entropy_anomaly v1.0 |
| States | 4 (initial: nominal; terminal: cleared) |
| Transitions | 4 |
| Operators composed | CS47, KO42 |
| Audit clock | on · tick rate 1 |
What it's for
- DDoS / flood detection
- Port-scan entropy gating
- Beacon / exfil traffic anomaly
States
| State | Role |
|---|---|
nominal | initial |
anomalous | intermediate |
flagged | intermediate |
cleared | terminal |
Transitions
| From | To | Operator | Fires when | Proof | Trigger / actions |
|---|---|---|---|---|---|
nominal | anomalous | CS47 | input.entropy_bits < input.entropy_floor_bits | required | — |
anomalous | nominal | CS47 | input.entropy_bits >= input.entropy_floor_bits | required | — |
anomalous | flagged | CS47 | input.sustained_windows > input.flag_windows | required | — |
flagged | cleared | KO42 | input.analyst_ack == true | no | — |
Operators it composes
Each transition fires a registry operator through the master equation (compute → prove → verify). This template composes:
CS47KO42
Browse the operators at /operators/; the building blocks a transition calls are the framework's protocols. KO42 is the always-on substrate operator; physics operators carry proof_required: true, so each fire runs the full compute → prove → verify path and lands a verifiable proof digest on your entangled state.
Deploy it
Inspect the full definition, then deploy it onto your state machine. Every fire is Zeqond-stamped onto your entangled state.
# 1. Inspect — the full definition (states, transitions, operators) as served
curl -sS https://zeqsdk.com/api/contracts/templates/traffic-entropy-anomaly
# 2. Deploy onto your machine (auth: session; body carries your machine slug)
curl -sS -X POST https://zeqsdk.com/api/contracts/templates/traffic-entropy-anomaly/deploy \
-H "Content-Type: application/json" \
-b "<your session cookie>" \
-d '{"slug":"<your-machine>"}'
# → 201 { "ok": true, "contract": { "id": "…", "currentState": "nominal", … },
# "template_id": "traffic-entropy-anomaly" }
The deploy path runs the same two-stage validation as the canonical create route (ContractDefinitionSchema.parse + validateContractDefinition against the live registry), writes the creation row onto your entangled state, and schedules the first fire. From there, drive transitions with POST /api/chain/<your-machine>/contracts/<id>/transition or let any triggers fire them autonomously.
Next
- Contract IDE — author, preview, and deploy contracts (this template is in the Templates tab).
- State Contracts — the full contract model: conditions, triggers, pre/post actions, lifecycle.
- Templates Library — every ready-to-deploy contract, grouped by category.
- Protocols — the named building blocks a transition composes.