NERRF Documentation
Neural Execution Reversal & Recovery Framework - AI-driven ransomware recovery
Welcome to NERRF
NERRF is an open-source project exploring AI-driven "undo computing" for post-zero-trust cloud and IoT environments. This MVP implements a fine-grained rollback system using eBPF instrumentation, Graph Neural Networks (GNN), Long Short-Term Memory (LSTM) models, and Monte-Carlo Tree Search (MCTS) to reverse ransomware attacks (e.g., LockBit-style) on Kubernetes clusters. Aimed at reducing Mean Time to Recovery (MTTR) < 60 min and data loss < 128 MB, NERRF targets security researchers, cloud engineers, and AI practitioners. it offers a scalable, reproducible framework with Helm deployment and synthetic datasets!!
Getting Started
I Want to Deploy It
Start with the Tracker Quick Start to get eBPF tracing running in 5 minutes.
cd tracker && make tracker && sudo ./bin/trackerI Want to Understand It
Read System Architecture for a complete overview of components and threat model.
I Want to Contribute
Check Implementation Guide for deep dives into kernel code and design patterns.
I Want to Test the Attack
Follow Threat Model & LockBit Scenario to run ransomware simulations on your cluster.
Key Sections
Architecture
System design, threat model, and component responsibilities
Tracker Component
Real-time eBPF-based syscall capture (M1 Complete)
Tracker Quick Start
Deploy and run in 5 minutes
Implementation Deep Dive
Kernel code, design patterns, performance tuning
Threat Model
LockBit-3.0 attack phases and detection strategy
Contributing
How to contribute to NERRF
Acknowledgments
This project was inspired by:
- DTrace/SystemTap (runtime tracing pioneering)
- Falco (eBPF-based threat detection)
- AlphaGo (Monte-Carlo tree search for planning)
- Reversible VM Execution research (undo computing concepts)
Special thanks to my advisors and contributors!