Skip to content

Tamper Protection

Nyroxis includes strong tamper-protection mechanisms designed to ensure that no attacker can delete, modify, forge, or reorder logs without detection. These protections operate fully offline and are enforced inside the local database and event pipeline.

1. Hash-Chained Event Blocks

Each event is stored as: - Encrypted payload - Integrity hash of the block content - Sequential index - Hash of the previous block

This structure forms a hash chain.

Tampering becomes visible if: - A block is removed — next block's previous-hash will not match - A block is modified — block hash will not match - A block is injected — sequence numbers and chain hashes will fail - The sequence is reordered — index inconsistency is detected

Any mismatch breaks the chain and triggers an immediate alert.

2. Integrity Verification at Read Time

Every time the AI/ML engine or Dashboard reads data: - Hash is recalculated for each block - Sequence number is checked - Previous-hash match is validated

If anything has been altered, the system: - Rejects the tampered data - Flags a tamper event - Stores a security alert in the local database

All checks are local and offline.

3. Protected Write Path

Nyroxis Agent writes logs using: - Atomic write operations - Controlled file handles - Verified write sequences - Encrypted buffers

This prevents: - Partial writes that corrupt the chain - Injection of unverified data - Race condition corruption

4. Anti-Deletion Protection

If an attacker deletes event blocks: - The next block's previous-hash will not match the deleted block's hash - Nyroxis detects the gap in the chain - A tamper-deletion alert is generated and stored locally

Nothing can be removed silently.

5. Anti-Modification Protection

If an attacker modifies: - Timestamp - Event metadata - Event content - Block ordering

Nyroxis detects it through: - Hash mismatch on the modified block - Index inconsistency - Chain breakage

Modification is impossible without detection.

6. Anti-Injection Protection

If someone tries to insert fake log entries: - Sequence numbers fail validation - Hash chain validation fails - Integrity check fails

Nyroxis rejects the entire affected data slice and warns the user.

7. Platform Service Protection

Nyroxis System Guardian monitors Nyroxis Agent and Intelligence every 3 seconds.

If either service is stopped — by crash, system event, or deliberate interference: - Guardian detects it immediately - The shutdown attempt is logged as a security event - Corrective action is taken

The monitoring platform itself cannot be silently disabled.

Summary

Nyroxis tamper protection ensures: - Logs cannot be deleted without detection - Logs cannot be modified without detection - Logs cannot be injected without detection - Logs cannot be reordered without detection - The platform cannot be silently disabled

All protections operate locally, offline, and without cloud assistance — providing forensic-grade evidence integrity at all times.

© Nyroxis Documentation — Nyroxis® Endpoint Intelligence Platform
Built with MkDocs Material — Documentation auto-generated from public modules.