-
Notifications
You must be signed in to change notification settings - Fork 48
Expand file tree
/
Copy pathdemo-suspicious-patterns.js
More file actions
executable file
Β·132 lines (107 loc) Β· 4.54 KB
/
demo-suspicious-patterns.js
File metadata and controls
executable file
Β·132 lines (107 loc) Β· 4.54 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
#!/usr/bin/env node
/**
* Suspicious Pattern Detection - Demo Script
*
* Demonstrates the soft alert system detecting various suspicious patterns
* without blocking any requests.
*/
// Set minimal env for demo
process.env.NODE_ENV = 'test';
process.env.API_KEYS = 'demo-key';
const suspiciousPatternDetector = require('./src/utils/suspiciousPatternDetector');
const log = require('./src/utils/log');
console.log('π Suspicious Pattern Detection Demo\n');
console.log('This demo shows how the system detects suspicious patterns');
console.log('without blocking any operations.\n');
// Mock log.warn to capture alerts
const alerts = [];
const originalWarn = log.warn;
log.warn = function(scope, message, meta) {
if (scope === 'SUSPICIOUS_PATTERN') {
alerts.push({ scope, message, meta });
console.log(`\nβ οΈ ALERT: ${meta.signal}`);
console.log(` Severity: ${meta.severity}`);
console.log(` Pattern: ${meta.pattern}`);
console.log(` Details: ${JSON.stringify(meta, null, 2)}`);
}
return originalWarn.call(this, scope, message, meta);
};
console.log('β'.repeat(60));
console.log('Demo 1: High Velocity Donations');
console.log('β'.repeat(60));
console.log('Simulating 6 rapid donations from same IP...\n');
const ip1 = '192.168.1.100';
for (let i = 0; i < 6; i++) {
suspiciousPatternDetector.detectHighVelocity(ip1, {
amount: 10,
recipient: 'RECIPIENT_KEY'
});
console.log(` β Donation ${i + 1} processed (not blocked)`);
}
console.log('\n' + 'β'.repeat(60));
console.log('Demo 2: Identical Amount Pattern');
console.log('β'.repeat(60));
console.log('Simulating 4 donations with identical amounts...\n');
const ip2 = '192.168.1.101';
for (let i = 0; i < 4; i++) {
suspiciousPatternDetector.detectIdenticalAmounts(ip2, 5.5);
console.log(` β Donation of 5.5 XLM processed (not blocked)`);
}
console.log('\n' + 'β'.repeat(60));
console.log('Demo 3: High Recipient Diversity');
console.log('β'.repeat(60));
console.log('Simulating donations to 11 different recipients...\n');
const donor = 'DONOR_PUBLIC_KEY';
for (let i = 0; i < 11; i++) {
suspiciousPatternDetector.detectRecipientDiversity(donor, `RECIPIENT_${i}`);
console.log(` β Donation to recipient ${i + 1} processed (not blocked)`);
}
console.log('\n' + 'β'.repeat(60));
console.log('Demo 4: Sequential Failures');
console.log('β'.repeat(60));
console.log('Simulating 6 consecutive failed requests...\n');
const ip3 = '192.168.1.102';
for (let i = 0; i < 6; i++) {
suspiciousPatternDetector.detectSequentialFailures(ip3, 'AUTH_FAILED');
console.log(` β Failure ${i + 1} logged (not blocked)`);
}
console.log('\n' + 'β'.repeat(60));
console.log('Demo 5: Normal Usage (No Alerts)');
console.log('β'.repeat(60));
console.log('Simulating normal donation patterns...\n');
const ip4 = '192.168.1.103';
const alertsBefore = alerts.length;
// Normal usage: varied amounts, reasonable pace
suspiciousPatternDetector.detectHighVelocity(ip4, { amount: 5, recipient: 'R1' });
console.log(' β Donation 1: 5 XLM');
suspiciousPatternDetector.detectHighVelocity(ip4, { amount: 10, recipient: 'R2' });
console.log(' β Donation 2: 10 XLM');
suspiciousPatternDetector.detectHighVelocity(ip4, { amount: 15, recipient: 'R3' });
console.log(' β Donation 3: 15 XLM');
if (alerts.length === alertsBefore) {
console.log('\n β
No alerts triggered - normal usage not flagged');
}
console.log('\n' + 'β'.repeat(60));
console.log('Summary');
console.log('β'.repeat(60));
console.log(`\nπ Metrics:`);
const metrics = suspiciousPatternDetector.getMetrics();
console.log(` Velocity Tracking: ${metrics.velocityTracking} IPs`);
console.log(` Amount Patterns: ${metrics.amountPatterns} IPs`);
console.log(` Recipient Patterns: ${metrics.recipientPatterns} donors`);
console.log(` Sequential Failures: ${metrics.sequentialFailures} IPs`);
console.log(` Time Patterns: ${metrics.timePatterns} IPs`);
console.log(`\nπ¨ Alerts Generated: ${alerts.length}`);
alerts.forEach((alert, idx) => {
console.log(` ${idx + 1}. ${alert.meta.signal} (${alert.meta.severity})`);
});
console.log('\nβ
Key Takeaways:');
console.log(' β’ All suspicious patterns were detected and logged');
console.log(' β’ No requests were blocked or rejected');
console.log(' β’ Normal usage did not trigger false positives');
console.log(' β’ System is purely observational');
console.log(' β’ Alerts available for security monitoring\n');
// Cleanup
suspiciousPatternDetector.stop();
log.warn = originalWarn;
console.log('Demo complete! Check logs for structured alert data.\n');