PolySwarm is a threat intelligence marketplace with Microengines supplying intelligence, Ambassadors brokering access to the intelligence and Arbiters determining ground truth, mediating the marketplace.
How it works (refer to this diagram):
- An Ambassador "bounties" a suspect
artifact(a file, URL, IP address or domain) on behalf of its customer.
- Microengines are alerted to the bounty and decide whether the artifact is within their area of expertise.
- If the Microengine feels that it is able to correctly categorize the artifact as malicious or benign, it produces an
assertionand places a
stakeof NCT on that
- The Ambassador considers all the Microengines'
assertionsand returns a
verdictto their customer.
- 仲裁者 提供關於此惡意樣本的 真正事實
- Microengines whose
assertionsmatch ground truth are rewarded with the escrowed funds of Microengines that disagreed.
For full details, please refer to the PolySwarm whitepaper.
Microengines offer threat intelligence in exchange for NCT.
Microengines are developed by individuals or organizations who have a knack for identifying malware. If you have unique insight into a particular malware family, class, file type, etc and want to earn tokens (NCT) along with a reputation for that insight, then you want to develop a Microengine!
Microengines encapsulate security expertise in an autonomous process that earns Nectar (NCT) rewards for accurately identifying new strands of malware.
1frontend (producer): responsible for communicating with the PolySwarm marketplace: ingesting bounties, triaging artifacts, producing pub/sub scan events for backends, implementing a staking strategy and posting assertions. The frontend translates marketplace bounties into events on a pub/sub queue for backends to consume and distills responses from backends into marketplace actions.
Nbackends (consumers): the actual scanners that process artifacts and produce
assertions(malicious / benign) coupled with confidence ratings. These backends are tasked by the frontend. The pub/sub architecture between the two components allows for trivial horizontal scaling of heavier backends.
- Listen for bounties on the Ethereum blockchain (via
- Download artifacts (via
- Scan/analyze the artifacts
- Determine a Nectar (NCT) staking amount
- Deliver an assertion (their
stake) back to the marketplace
準備好開始開發您的第一個微引擎並開始賺取 NCT 了嗎？
Linux-based Microengines are far easier to test and come with more deployment options than Windows-based Microengines. If possible, we highly recommend building Linux-based Microengines.
Ambassadors place bounties (artifacts + NCT) and receive timely crowdsourced threat intelligence in response.
Enterprises seeking to query PolySwarm for threat intelligence may:
- purchase a subscription directly from Swarm Technologies
- work with a third party that runs an Ambassador on their behalf
- act as their own Ambassador
If your organization requires finer grained control over marketplace interactions or you wish to build value-added services on top of PolySwarm (e.g. as an MSSP), you may want to build an ambassador.
Ambassadors are only supported under Linux.
Arbiters are paid (via marketplace transaction fees) to determine ground truth.
Arbiters marshall the marketplace by way of determining "ground truth". Arbiter serve a critical role: Arbiter-derived ground truth is used to determine which Microengines are correct and thus rewarded. Crucially, Arbiters must expand their internal threat detection capabilities, taking into consideration the assertions of Microengines to push the boundaries of what the PolySwarm marketplace can detect.Learn more about creating an Arbiter → (coming soon)