AungMoonLord
/

bert-log-anomaly-detection

@@ -16,11 +16,11 @@ pipeline_tag: text-classification
 <!-- Provide a quick summary of what the model is/does. -->
 Model Summary
-1. bert-log-anomaly-detection is a BERT-based NLP model fine-tuned for single SQL transaction log anomaly detection.
-2. The model classifies each database transaction log as either Normal or Anomaly, with the goal of supporting AI-powered fraud detection and cybersecurity monitoring systems.
-3. This model was developed as part of the Samsung × KBTG Digital Fraud Cybersecurity Hackathon (Thailand) under the AI-Powered Fraud Detection & Prevention track.
 ### Model Description
@@ -41,7 +41,7 @@ Demo: Hackathon prototype
 <!-- Provide the basic links for the model. -->
-- **Repository:** https://github.com/AungMoonLord/AI-Cybersecurity-Hackathon/tree/main/New%20Finetune%20Hackathon
 ### How to Get Started with the Model
@@ -59,10 +59,11 @@ tokenizer = BertTokenizer.from_pretrained(MODEL_PATH)
 model.eval()
 ```
-## Step 2 (Clean & Label Log) -- Do not pass this step!!
 ```python
-#1 ทำ preprocessing สำหรับ log
-def add_prefix_token(text): # log data ต้องผ่าน code นี้ก่อน training / inference
     # clean log
     text = text.replace("\t", " ")
     text = text.strip()
@@ -72,7 +73,8 @@ def add_prefix_token(text): # log data ต้องผ่าน code นี้
     else:
         return "[LOG]\n" + text
 ```
-## Step 3 (Create function for classification log)
 ```python
 def predict_log(log_text):
     log_text = add_prefix_token(log_text)
@@ -80,7 +82,7 @@ def predict_log(log_text):
         log_text,
         return_tensors="pt",
         truncation=True,
-        padding=True, # ใส่เผื่อเอาไว้ตอน inference มากกว่า 1 log (Batch Size > 1)
         max_length=128
     )
@@ -89,19 +91,20 @@ def predict_log(log_text):
         pred = torch.argmax(logits, dim=1).item()
         prob = torch.softmax(logits, dim=-1).tolist()[0]
-    return "Normal" if pred == 1 else "Anomaly" ,prob
 ```
-## Step 4 (Samples of Inference)
 ```python
-# Ex1
 text1 = "SELECT * FROM users WHERE id = 1 OR 1=1"
 print(predict_log(text1))
-# Ex2
 text2 = "2025-01-06 14:23:45 | User: anonymous | IP: 203.154.89.102 | Duration: 0.05s SELECT * FROM users WHERE username = 'admin' OR '1'='1' -- ' AND password = 'x'"
 print(predict_log(text2))
-# Ex3
 text3 = "3051-06-22T07:20:02.296945Z 3 Query select e3mJKDCCY from 7Q8SpG8LLEWhrfpe4s5 where ph4d = 'a1S9hQa92uC1EAyJf2Y';"
 print(predict_log(text3))
 ```
@@ -124,9 +127,9 @@ print(predict_log(text3))
 ## Training Data
-- SQL database transaction logs 1,611 sample which are gererated from chatGPT ,Qwen ,DeepSeek ,Grok ,Gemini ,Claude
-- Each log labeled as Normal or Anomaly
 - Data prepared for single-log classification
@@ -145,4 +148,5 @@ print(predict_log(text3))
 #### Summary
-The model demonstrates strong anomaly detection capability with high recall, making it suitable for fraud detection and cybersecurity use cases.

 <!-- Provide a quick summary of what the model is/does. -->
 Model Summary
+1. `bert-log-anomaly-detection` is a BERT-based NLP model fine-tuned for single SQL transaction log anomaly detection.
+2. The model classifies each database transaction log as either `Normal` or `Anomaly`, with the goal of supporting AI-powered fraud detection and cybersecurity monitoring systems.
+3. This model was developed as part of the _Samsung × KBTG Digital Fraud Cybersecurity Hackathon_ (Thailand) under the AI-Powered Fraud Detection & Prevention track.
 ### Model Description
 <!-- Provide the basic links for the model. -->
+- **GitHub Repository:** https://github.com/AungMoonLord/AI-Cybersecurity-Hackathon/tree/main/New%20Finetune%20Hackathon
 ### How to Get Started with the Model
 model.eval()
 ```
+## Step 2 (Clean and Label Logs) — Do not pass this step!
 ```python
+# Perfom log preprocessing
+def add_prefix_token(text): # log data must pass this code before training/inferencing
     # clean log
     text = text.replace("\t", " ")
     text = text.strip()
     else:
         return "[LOG]\n" + text
 ```
+## Step 3 (Create the Function for Log Classification)
 ```python
 def predict_log(log_text):
     log_text = add_prefix_token(log_text)
         log_text,
         return_tensors="pt",
         truncation=True,
+        padding=True, # for cases when the inference contains more than 1 log, i.e., batch size > 1
         max_length=128
     )
         pred = torch.argmax(logits, dim=1).item()
         prob = torch.softmax(logits, dim=-1).tolist()[0]
+    return "Normal" if pred == 1 else "Anomaly", prob
 ```
+## Step 4 (Samples of Inferences)
 ```python
+# Example 1
 text1 = "SELECT * FROM users WHERE id = 1 OR 1=1"
 print(predict_log(text1))
+# Example 2
 text2 = "2025-01-06 14:23:45 | User: anonymous | IP: 203.154.89.102 | Duration: 0.05s SELECT * FROM users WHERE username = 'admin' OR '1'='1' -- ' AND password = 'x'"
 print(predict_log(text2))
+# Example 3
 text3 = "3051-06-22T07:20:02.296945Z 3 Query select e3mJKDCCY from 7Q8SpG8LLEWhrfpe4s5 where ph4d = 'a1S9hQa92uC1EAyJf2Y';"
 print(predict_log(text3))
 ```
 ## Training Data
+- SQL database transaction logs (1,611 samples) generated from ChatGPT, Qwen, DeepSeek, Grok, Gemini, and Claude
+- Each log labeled as either `Normal` or `Anomaly`
 - Data prepared for single-log classification
 #### Summary
+The model demonstrates strong anomaly detection capability with high recall, making it suitable for fraud detection and cybersecurity use cases.