Skip to main content

Documentation Index

Fetch the complete documentation index at: https://none-38c466ad.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

The system is designed under the assumption that operators will attempt to disguise or fragment their infrastructure. Resilience is therefore treated as a first-order design constraint rather than a secondary feature.

9.1 Threat Model

Actors are modeled along a spectrum of sophistication:
  • Superficial adaptation: surface-level edits such as image swaps, asset churn, or minor template changes
  • Structured rotation: systematic replacement of trackers, endpoints, or providers
  • Targeted evasion: advanced tactics including cloaking, client-fingerprint gating, and decoy deployments
The correlation framework addresses this spectrum by requiring cross-signal diversity, bounding weak-link propagation, and applying Negative Evidence Filters to suppress artificial links. Threat Model

9.2 Validation Philosophy

Resilience is validated by perturbing inputs and testing for cluster stability. For a given snapshot, selected signals are removed, altered, or randomized. Clusters are then recomputed and compared using bootstrap Jaccard similarity: J=C(1)C(2)C(1)C(2),JJJ = \frac{|C^{(1)} \cap C^{(2)}|}{|C^{(1)} \cup C^{(2)}|}, \quad J \ge J^\star Parameters omitted by design. High stability under perturbation demonstrates that linkages depend on consistent structural overlap, not on any single artifact. Validation

9.3 Design Invariants

Several invariants are enforced across all signal families:
  • Rarity-awareness prevents common artifacts from dominating correlation
  • Cross-class diversity is required before edges are admitted, avoiding single-source dependence
  • Temporal boundedness ensures stale evidence decays and only current behavior persists
  • Negative evidence filters suppress known sources of artificial linkage
These invariants are parameter-independent and reflect structural design choices that maintain stability against adversarial tactics.

9.4 Baseline Contrast

Basic approaches collapse under trivial operator changes:
  • Static DOM matching breaks with minor edits
  • URL-based asset correlation is defeated by cache-busting
  • CDN commonality causes over-merging without rarity controls
By contrast, this system sustains cluster stability through normalized signal categories, adversarial guardrails, and validation protocols. The resulting intelligence is explainable, reproducible, and resistant to common evasion strategies.