PolySwarm

This page is available in English.

This page is available in 日本語.

Latest Update: Xvirus joins the PolySwarm network.

Learn More

How PolySwarm works

PolySwarm is a decentralized threat intelligence marketplace that rewards security experts for accurately identifying malware.

play Watch Video

Threat protection redefined

The PolySwarm ecosystem incentivizes what matters most: quality output of malintent detection. It rewards honest market participation through collection and distribution of fees to active security experts who add value.

NO REWARD END USERS (ENTERPRISES) SECURITY EXPERT SECURITY EXPERT SECURITY EXPERT OFFER BOUNTY GROUND TRUTH AMBASSADOR (INFOSEC COMPANY) ARBITERS
NO REWARD ARBITERS OFFER AMBASSADOR (INFOSEC COMPANY) END USERS (ENTERPRISES) BOUNTY SECURITY EXPERT SECURITY EXPERT SECURITY EXPERT GROUND TRUTH
nectar

Fueled by Nectar

The PolySwarm market runs on Nectar (NCT), a token that will make it easy to submit and classify potential threats on the PolySwarm market. Nectar replaces traditional lump anti-virus and threat scanning subscription payments that are inefficiently distributed to a single vendor that doesn’t cover your variety of threats well.

Select your perspective

The PolySwarm marketplace is made up of four distinct groups of users, each of whom play an important role in the detection and removal of malware. Select your perspective below and learn how PolySwarm can work for you.

Click to go back

Option 1

Choose a reputable ambassador

Identify a good Ambassador using PoySwarm's public, blockchain-based record of their past performance.
choose ambassador

Simply choose a reputable Ambassador and pay their subscription fee. That’s it. You’ll now be protected by security experts worldwide.

Click to go back

Option 2

Do it yourself

There are 2 ways to submit a suspicious Artifact: Bounties and Offers.

Click on BOUNTY or OFFER to continue

Submit a bounty

Bounties represent a public, smart (as in contract) commitment to pay for information leading to the quarantine or exoneration of Artifacts, similar to a Wild West style "Wanted" poster.
bounty
  1. Pay a small listing fee (in Nectar) to place a Bounty.
  2. Upload the Artifact in question along with a reward of Nectar and a deadline.
  3. Experts weigh in on whether they think the Artifact is malicious.
swarm it

Submit an offer

If you want more rapid transactions and want to limit the exposure of the Artifact in question and/or prefer to work only with specific Experts, you can submit Direct Offers.
offer
  1. Issue a direct Offer along with the Artifact to selected Experts.
  2. Each Expert decides whether to accept the direct Offer based on their confidence in rendering an accurate Assertion.
  3. Experts who accept will submit their Assertion.
swarm it
Click to go back

Recruit enterprises

Ambassadors provide a link between Enterprises and PolySwarm. Continue collecting subscription fees on the frontend while transparently enhancing your offering by plugging into PolySwarm on the backend.

Click on BOUNTY or OFFER to continue

Submit a bounty

ambassador bounty

Bounties represent a public, smart (as in contract) commitment to pay for information leading to the quarantine or exoneration of Artifacts, similar to a Wild West style "Wanted" poster.

  1. Pay a small listing fee (in Nectar) to place a Bounty.
  2. Upload the Artifact in question along with a reward of Nectar and a deadline.
  3. Experts weigh in on whether they think the Artifact is malicious.
  4. Taking the Experts' assertions into account, you deliver a Verdict.
swarm it

Submit an offer

Offers enable rapid (and, optionally, confidential) triage of suspect artifacts with designated Experts via Raiden-style Channels. Offers are an alternative to Bounties, providing increased speed and throughput at increased Nectar and startup costs.
offer
swarm it
Click to go back

Put your knowledge to work

Get rewarded for accurate and timely threat detection. Hunt alongside and compete with a global cadre of security experts.
expert option
  1. Create one or more Workers — modules that have codified expertise on detecting a specific type of threat in a specific type of Artifact and encapsulate your expertise.
  2. Wire the Worker up to PolySwarm by describing what types of Artifacts the Worker handles.
  3. Accept and respond to Offers and Bounties, respectively.

Click on BOUNTY or OFFER to continue

Respond to bounties

expert bounty
  1. Find a Bounty that suits your expertise and meets your financial interests.
  2. Analyze the Bounty Artifact in question and author an Assertion stating whether it’s Malicious or Benign.
  3. Submit the Assertion + Assertion Fee + Assertion Bid; the latter is reflective of your Assertion confidence.
  4. Based on your Assertion and the Assertions of other PolySwarm experts, the party that placed the Bounty will arrive at a Verdict.
  5. After the Assertion Window closes, Arbiters determine the Ground Truth of the Artifact. This ground truth is fed into the Bounty smart contract, causing the contract to release "escrow of Assertion Bids" from incorrect asserters to correct asserters, in proportion to their bid amounts.
  6. With Ground Truth ingested and Bids distributed, the Bounty contract Self Destructs.
swarm it

Accept offers

expert offer
  1. Enterprises and Ambassadors can choose to work with specific Experts by opening an offer channel. If you receive an Offer you can decide whether or not to participate at the amount of Nectar offered.
  2. Ambassadors rapidly reward experts in a low-friction manner using Raiden-style Channels.
swarm it

Frequently asked questions

If it takes 100-200 well financed hackers to build reputation over time and ultimately risk burning that reputation to hide some malware from a subset of ambassadors, I'd say we've won. That bar is far higher than today's status quo - this is a much more costly endeavor than what is required to evade AV today.

No system can be 100% perfect, including PolySwarm, but PolySwarm is far better than today's environment if such resources are required to pull off such an attack.

We have a multi-pronged approach, targeting enterprise, ambassador and security expert onboarding, respectively.

At a high level, we will foster a network effect, playing enterprise interest toward security experts (more bounties available) and then security expert interest toward ambassadors and enterprises (increasingly quality threat intelligence). This two-sided effect will naturally encourage uptake on the opposite side.

<b>1. Sponsor PolySwarm integration into existing incident response (IR) and defensive toolkits.</b>

PolySwarm will offer Nectar bounties (from Swarm Technologies, Inc’s holding) as reward for open source contributions to widely used IR, defense and forensics toolkits. Specifically, we will target open source projects like Facebook’s osquery, and The Sleuth Kit / Autopsy.

By making it trivial to use PolySwarm with these tools, PolySwarm seamlessly plugs into existing workflows. Some users will choose to leverage PolySwarm and any such leverage will help create a network effect.

<b>2. Partnership with existing threat intelligence vendors, offering early Arbitership as incentive to plug into the network.</b>

Existing threat intelligence companies will desire to become Arbiters in the PolySwarm ecosystem. PolySwarm will offer designated arbitership to chosen Arbiters to help bootstrap the network. This will be limited time offer, after which Arbiter must maintain high ecosystem throughput to maintain their status.

<b>3. Hackathons, competitions and sponsorship directed toward information security expertise, with an emphasis toward markets that already participate heavily in vulnerability bug bounty programs.</b>

This one is pretty self-explanatory. We will target information security conferences in Eastern Europe, Asia, Latin and South America in particular.

PolySwarm will enable companies like Palo Alto to enhance their offerings by being able to solicit crowdsourced opinion on files they're unsure of. Today, they reach out to VirusTotal (and pay handsomely to do so). Tomorrow, with PolySwarm, they'll get access to a broader set of security expertise without a middle man (VirusTotal is owned by Google).

From the enterprise perspective, should Palo Alto plug into PolySwarm, the enterprise will see better detection rates. Palo Alto will save money and ideally those savings will be passed down to the customer. In the PolySwarm ecosystem, Palo Alto (PA) is an "Ambassador".

In the PolySwarm marketplace, an Ambassador submits a request asking Security Experts to analyze a suspicious artifact, such as files, URLs, or network traffic. The requests submitted into the marketplace come in two forms.

The first is in the style of a Wild-West wanted poster, called a "Bounty", and is open to all Security Experts to respond. Think, "WANTED, Malicious? or Benign? The second is in the form of a direct "Offer", which is directed at a specific security expert. Think, "Mr Anderson, do you have time to take a look at this file? I’ll give you 0.15 NCT to tell me if it is Malicious or Benign."

Security Experts download their expertise into automated analysis tools, called "micro-engines". That will process an artifact if a) it supports it, and b) the Security Expert thinks the payment is worthwhile. All analysis results are provided to the Ambassador, then the Arbiters review results to determine which are correct. Finally, all Security Experts that provided correct results fast get paid in Nectar!

Excellent question (all of these are excellent questions)! If ground truth is wrong (Arbiters are wrong), this could be mean one of two things: (1) the Arbiter honestly got it incorrect, (2) the Arbiter is malicious.

For #1, PolySwarm will correct itself much like today's market corrects itself - one vendor detects WannaCry, publishes it, reaps marketing benefit, other vendors jump on the detection bandwagon. If they're more pointed about it, Vendor X calls out Vendor Y for failing to protect customers against a threat that Vendor X uniquely identifies. Again, the benefit here is a marketing coup. This process happens externally from the core market - it's a feedback loop driven by a natural desire to win customers. It's how it works today and how it'll work in PolySwarm.

For #2, this is more complex. I believe this is best addressed by maintaining a record of trustworthiness of participants / reputation. This is not something that will be built into the market, but one of those "secondary market" value-added services we expect to arise.

Additionally, a secondary market we think will spring up, namely insurance. We think some experts may want to pay a nominal fee per assertion to insure their assertion against arbiter failure. How that works probably varies so widely by jurisdiction that it’s hard to pin down. Of course, Commercial entities could be made to accept a terms of use that make this sort of liability moot.

Still have questions?

Feel free to visit our Telegram. For technical questions, check out our Discord.