Lightweight behavioural genome engine for analyzing running system processes
Project description
PhenoVector – Behavioural Genome Engine for Running Processes
PhenoVector is a fully local, lightweight behavioural‑genome engine that derives structured “genome vectors” for running system processes. It performs safe on‑device telemetry collection using psutil, computes >20 behaviour‑driven gene scores, assigns risk levels, and provides an optional Streamlit dashboard for visual exploration.
All capabilities described here match the actual source code: features.py, genes.py, genome.py, and app.py.
🔍 What PhenoVector Does
1. Collects Runtime Behaviour Features
From each process (features.py):
- CPU percentage
- RSS memory
- Thread count
- Open file handles
- Network connections
- Executable entropy (first 200kB)
- Lifetime & CPU time
- System process / temp executable identification
2. Computes Behavioural Gene Scores
Each behaviour feature is normalised via PopulationStats and transformed into 20+ genes (genes.py):
- resource_abuse
- entropy
- impersonation
- exfiltration
- tracking
- persistence
- mutation
- stealth
- latency
- syscall_diversity
- burst_density
- thread_intensity
- registry_touch
- io_intensity
- network_activity
- file_entropy
- handle_abuse
- injection_sus
- dll_sideload
Every gene strictly returns a float in [0,1].
3. Produces Per‑Process Genome Objects
genome.py returns a structured ProcessGenome:
- identity: pid, name, exe
- behaviour features
- gene vector (dict)
- risk_score (0–1)
- risk_level (
benign,suspicious,high)
4. Optional Visual Dashboard
app.py provides:
- PCA/t‑SNE process clustering
- Radar charts of gene profiles
- IsolationForest anomaly scoring
- PID whitelisting
- Raw genome table & JSON export
📦 Installation
pip install phenovector
🚀 Quick Usage
from phenovector.genome import analyze_system
genomes = analyze_system(limit=100)
for g in genomes:
print(g.pid, g.name, g.risk_score, g.risk_level)
print(g.genes)
📊 Run the Streamlit UI
streamlit run -m phenovector.app
📄 License
APACHE 2.0
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file phenovector-0.1.0.tar.gz.
File metadata
- Download URL: phenovector-0.1.0.tar.gz
- Upload date:
- Size: 18.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
286a0b640534a7b536eaf85fb6ad2191ad32625fea3cfc814f925fdd89d4c3ff
|
|
| MD5 |
67b6d1f8e76b64283ab8cac34ae7ab14
|
|
| BLAKE2b-256 |
5dc450ff8093e1fadb4420cf555c98e5f4a362264990f61a10b4defa128175b6
|
File details
Details for the file phenovector-0.1.0-py3-none-any.whl.
File metadata
- Download URL: phenovector-0.1.0-py3-none-any.whl
- Upload date:
- Size: 19.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
98da441ae389dc601377a3d8fd87f417c04c84d25b4e66581fe3b72e3911a65e
|
|
| MD5 |
90873a08c55f86923df2d4a3f56c713d
|
|
| BLAKE2b-256 |
42bff3411b142bf18e42cf180dafd4b065e6be53cb2959cf5bf85d4ec464109a
|
