Update CyberForge ML models and deployment artifacts

README.md

@@ -19,6 +19,10 @@ Production-ready machine learning models for cybersecurity threat detection.
 
 | Model | Task | Accuracy | F1 Score | Inference Time |
 |-------|------|----------|----------|----------------|
+| phishing_detection | random_forest | 0.9890 | 0.9890 | 0.01ms |
+| malware_detection | gradient_boosting | 0.9985 | 0.9985 | 0.00ms |
+| anomaly_detection | random_forest | 0.9990 | 0.9990 | 0.01ms |
+| web_attack_detection | random_forest | 1.0000 | 1.0000 | 0.03ms |
 
 
 ## Usage

agent_config.json

@@ -0,0 +1,26 @@
+{
+  "version": "1.0.0",
+  "confidence_threshold": 0.7,
+  "max_concurrent_tasks": 5,
+  "severity_weights": {
+    "critical": 1.0,
+    "high": 0.8,
+    "medium": 0.5,
+    "low": 0.3,
+    "info": 0.1
+  },
+  "evidence_weights": {
+    "model_prediction": 0.4,
+    "signature_match": 0.3,
+    "behavioral_pattern": 0.2,
+    "heuristic_rule": 0.1
+  },
+  "task_priorities": {
+    "CRITICAL": 4,
+    "HIGH": 3,
+    "MEDIUM": 2,
+    "LOW": 1,
+    "BACKGROUND": 0
+  },
+  "gemini_model": "gemini-2.5-flash"
+}

anomaly_detection/metadata.json

@@ -0,0 +1,14 @@
+{
+  "model_type": "random_forest",
+  "dataset": "anomaly_detection",
+  "accuracy": 0.999,
+  "f1_score": 0.9989986620975891,
+  "inference_time_ms": 0.006589841842651367,
+  "feature_names": [
+    "timestamp",
+    "event_id",
+    "anomaly_score"
+  ],
+  "version": "1.0.0",
+  "framework": "sklearn"
+}

anomaly_detection/model.pkl

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d10d6bc1da4a579239ea1485d858b1f6e16331aa5ac8c18391328629d39d75df
+size 513929

anomaly_detection/package_info.json

@@ -0,0 +1,23 @@
+{
+  "name": "anomaly_detection",
+  "type": "random_forest",
+  "version": "1.0.0",
+  "accuracy": 0.999,
+  "f1_score": 0.9989986620975891,
+  "inference_time_ms": 0.006589841842651367,
+  "files": {
+    "model": {
+      "path": "anomaly_detection/model.pkl",
+      "checksum": "833a0b8d0d785bdc4ab163b2f2e4a7b9",
+      "size_bytes": 513929
+    },
+    "scaler": {
+      "path": "anomaly_detection/scaler.pkl",
+      "checksum": "50935889b0c4b5813f2691c7f63bfa4a"
+    },
+    "metadata": {
+      "path": "anomaly_detection/metadata.json"
+    }
+  },
+  "packaged_at": "2026-02-15 19:21:08"
+}

anomaly_detection/scaler.pkl

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6261b8dfcb46bc291d7aab75733a27ac820d7fba4a902f188f8a01bc8d6b59c3
+size 927

cyberforge_agent.py

@@ -0,0 +1,60 @@
+
+"""CyberForge Agent Intelligence Module"""
+
+import json
+import time
+import numpy as np
+from pathlib import Path
+from dataclasses import dataclass, asdict
+from typing import Dict, List, Any, Optional
+
+@dataclass
+class AgentDecision:
+    action: str
+    confidence: float
+    reasoning: str
+    evidence: List[str]
+    risk_level: str
+    recommended_follow_up: List[str]
+
+    def to_dict(self):
+        return asdict(self)
+
+class DecisionEngine:
+    SEVERITY_WEIGHTS = {"critical": 1.0, "high": 0.8, "medium": 0.5, "low": 0.3, "info": 0.1}
+
+    def calculate_threat_score(self, indicators: List[Dict]) -> tuple:
+        if not indicators:
+            return 0.0, "low"
+        scores = [i.get("confidence", 0.5) * self.SEVERITY_WEIGHTS.get(i.get("severity", "low"), 0.3) 
+                  for i in indicators]
+        score = sum(scores) / len(scores) if scores else 0
+        risk = "critical" if score >= 0.8 else "high" if score >= 0.6 else "medium" if score >= 0.4 else "low"
+        return score, risk
+
+class CyberForgeAgent:
+    def __init__(self):
+        self.engine = DecisionEngine()
+
+    def analyze(self, url: str, data: Dict) -> Dict:
+        indicators = self._extract_indicators(data)
+        score, risk = self.engine.calculate_threat_score(indicators)
+        action = "block" if score >= 0.8 else "alert" if score >= 0.6 else "monitor" if score >= 0.4 else "allow"
+
+        return AgentDecision(
+            action=action,
+            confidence=score,
+            reasoning=f"Threat score: {score:.2f}. {len(indicators)} indicators found.",
+            evidence=[str(i) for i in indicators[:3]],
+            risk_level=risk,
+            recommended_follow_up=["Continue monitoring"]
+        ).to_dict()
+
+    def _extract_indicators(self, data: Dict) -> List[Dict]:
+        indicators = []
+        sec = data.get("security_report", {})
+        if not sec.get("is_https", True):
+            indicators.append({"type": "insecure", "severity": "medium", "confidence": 0.9})
+        if sec.get("mixed_content"):
+            indicators.append({"type": "mixed_content", "severity": "medium", "confidence": 0.85})
+        return indicators

inference.py

@@ -0,0 +1,158 @@
+
+"""
+CyberForge ML Inference Module
+Backend integration for mlService.js
+"""
+
+import json
+import time
+import joblib
+import numpy as np
+from pathlib import Path
+from typing import Dict, List, Any, Optional
+
+class CyberForgeInference:
+    """
+    ML inference service for CyberForge backend.
+    Compatible with mlService.js API contract.
+    """
+
+    def __init__(self, models_dir: str):
+        self.models_dir = Path(models_dir)
+        self.loaded_models = {}
+        self.manifest = self._load_manifest()
+
+    def _load_manifest(self) -> Dict:
+        manifest_path = self.models_dir / "manifest.json"
+        if manifest_path.exists():
+            with open(manifest_path) as f:
+                return json.load(f)
+        return {"models": {}}
+
+    def load_model(self, model_name: str) -> bool:
+        """Load a model into memory"""
+        if model_name in self.loaded_models:
+            return True
+
+        model_dir = self.models_dir / model_name
+        model_path = model_dir / "model.pkl"
+        scaler_path = model_dir / "scaler.pkl"
+
+        if not model_path.exists():
+            return False
+
+        self.loaded_models[model_name] = {
+            "model": joblib.load(model_path),
+            "scaler": joblib.load(scaler_path) if scaler_path.exists() else None
+        }
+        return True
+
+    def predict(self, model_name: str, features: Dict) -> Dict:
+        """
+        Make a prediction.
+
+        Args:
+            model_name: Name of the model to use
+            features: Feature dictionary
+
+        Returns:
+            Response matching mlService.js contract
+        """
+        if not self.load_model(model_name):
+            return {"error": f"Model not found: {model_name}"}
+
+        model_data = self.loaded_models[model_name]
+        model = model_data["model"]
+        scaler = model_data["scaler"]
+
+        # Convert features to array
+        X = np.array([list(features.values())])
+
+        # Scale if scaler available
+        if scaler:
+            X = scaler.transform(X)
+
+        # Predict
+        start_time = time.time()
+        prediction = int(model.predict(X)[0])
+        inference_time = (time.time() - start_time) * 1000
+
+        # Get confidence
+        confidence = 0.5
+        if hasattr(model, "predict_proba"):
+            proba = model.predict_proba(X)[0]
+            confidence = float(max(proba))
+
+        # Determine risk level
+        risk_level = (
+            "critical" if confidence >= 0.9 else
+            "high" if confidence >= 0.7 else
+            "medium" if confidence >= 0.5 else
+            "low" if confidence >= 0.3 else "info"
+        )
+
+        return {
+            "prediction": prediction,
+            "confidence": confidence,
+            "risk_level": risk_level,
+            "model_name": model_name,
+            "model_version": "1.0.0",
+            "inference_time_ms": inference_time
+        }
+
+    def batch_predict(self, model_name: str, features_list: List[Dict]) -> List[Dict]:
+        """Batch predictions"""
+        return [self.predict(model_name, f) for f in features_list]
+
+    def list_models(self) -> List[str]:
+        """List available models"""
+        return list(self.manifest.get("models", {}).keys())
+
+    def get_model_info(self, model_name: str) -> Dict:
+        """Get model information"""
+        return self.manifest.get("models", {}).get(model_name, {})
+
+
+# FastAPI integration
+def create_api(models_dir: str):
+    """Create FastAPI app for model serving"""
+    try:
+        from fastapi import FastAPI, HTTPException
+        from pydantic import BaseModel
+    except ImportError:
+        return None
+
+    app = FastAPI(title="CyberForge ML API", version="1.0.0")
+    inference = CyberForgeInference(models_dir)
+
+    class PredictRequest(BaseModel):
+        model_name: str
+        features: Dict
+
+    @app.post("/predict")
+    async def predict(request: PredictRequest):
+        result = inference.predict(request.model_name, request.features)
+        if "error" in result:
+            raise HTTPException(status_code=404, detail=result["error"])
+        return result
+
+    @app.get("/models")
+    async def list_models():
+        return {"models": inference.list_models()}
+
+    @app.get("/models/{model_name}")
+    async def get_model_info(model_name: str):
+        info = inference.get_model_info(model_name)
+        if not info:
+            raise HTTPException(status_code=404, detail="Model not found")
+        return info
+
+    return app
+
+
+if __name__ == "__main__":
+    import sys
+    models_dir = sys.argv[1] if len(sys.argv) > 1 else "."
+
+    inference = CyberForgeInference(models_dir)
+    print(f"Available models: {inference.list_models()}")

malware_detection/metadata.json

@@ -0,0 +1,18 @@
+{
+  "model_type": "gradient_boosting",
+  "dataset": "malware_detection",
+  "accuracy": 0.9985,
+  "f1_score": 0.9984999996249999,
+  "inference_time_ms": 0.0010334253311157227,
+  "feature_names": [
+    "file_size",
+    "entropy",
+    "pe_sections",
+    "imports",
+    "exports",
+    "strings_count",
+    "is_malware"
+  ],
+  "version": "1.0.0",
+  "framework": "sklearn"
+}

malware_detection/model.pkl

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0d359447aa4278fd0f36e2892e0da1a685b10e1f970a907af9a6d4cee1a7302e
+size 205132

malware_detection/package_info.json

@@ -0,0 +1,23 @@
+{
+  "name": "malware_detection",
+  "type": "gradient_boosting",
+  "version": "1.0.0",
+  "accuracy": 0.9985,
+  "f1_score": 0.9984999996249999,
+  "inference_time_ms": 0.0010334253311157227,
+  "files": {
+    "model": {
+      "path": "malware_detection/model.pkl",
+      "checksum": "18493b189c1d2817b561f38a1d4059d3",
+      "size_bytes": 205132
+    },
+    "scaler": {
+      "path": "malware_detection/scaler.pkl",
+      "checksum": "33d7907d3981c8e0e0e786fb87c6c6d8"
+    },
+    "metadata": {
+      "path": "malware_detection/metadata.json"
+    }
+  },
+  "packaged_at": "2026-02-15 19:21:08"
+}

malware_detection/scaler.pkl

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3ba7986970aeedffad94bf1d6860f694a6b9ee08e3f49dbdfa297d2578a75053
+size 1071

manifest.json

@@ -0,0 +1,98 @@
+{
+  "models": {
+    "phishing_detection": {
+      "name": "phishing_detection",
+      "type": "random_forest",
+      "version": "1.0.0",
+      "accuracy": 0.9889857732905002,
+      "f1_score": 0.9889844643474395,
+      "inference_time_ms": 0.010500483799549678,
+      "files": {
+        "model": {
+          "path": "phishing_detection/model.pkl",
+          "checksum": "d71ee133bc3d72d097e8ae6c84733fb2",
+          "size_bytes": 5135049
+        },
+        "scaler": {
+          "path": "phishing_detection/scaler.pkl",
+          "checksum": "8dbf6376b3219801d6995268c7d5d05a"
+        },
+        "metadata": {
+          "path": "phishing_detection/metadata.json"
+        }
+      },
+      "packaged_at": "2026-02-15 19:21:08"
+    },
+    "malware_detection": {
+      "name": "malware_detection",
+      "type": "gradient_boosting",
+      "version": "1.0.0",
+      "accuracy": 0.9985,
+      "f1_score": 0.9984999996249999,
+      "inference_time_ms": 0.0010334253311157227,
+      "files": {
+        "model": {
+          "path": "malware_detection/model.pkl",
+          "checksum": "18493b189c1d2817b561f38a1d4059d3",
+          "size_bytes": 205132
+        },
+        "scaler": {
+          "path": "malware_detection/scaler.pkl",
+          "checksum": "33d7907d3981c8e0e0e786fb87c6c6d8"
+        },
+        "metadata": {
+          "path": "malware_detection/metadata.json"
+        }
+      },
+      "packaged_at": "2026-02-15 19:21:08"
+    },
+    "anomaly_detection": {
+      "name": "anomaly_detection",
+      "type": "random_forest",
+      "version": "1.0.0",
+      "accuracy": 0.999,
+      "f1_score": 0.9989986620975891,
+      "inference_time_ms": 0.006589841842651367,
+      "files": {
+        "model": {
+          "path": "anomaly_detection/model.pkl",
+          "checksum": "833a0b8d0d785bdc4ab163b2f2e4a7b9",
+          "size_bytes": 513929
+        },
+        "scaler": {
+          "path": "anomaly_detection/scaler.pkl",
+          "checksum": "50935889b0c4b5813f2691c7f63bfa4a"
+        },
+        "metadata": {
+          "path": "anomaly_detection/metadata.json"
+        }
+      },
+      "packaged_at": "2026-02-15 19:21:08"
+    },
+    "web_attack_detection": {
+      "name": "web_attack_detection",
+      "type": "random_forest",
+      "version": "1.0.0",
+      "accuracy": 1.0,
+      "f1_score": 1.0,
+      "inference_time_ms": 0.02898440998830613,
+      "files": {
+        "model": {
+          "path": "web_attack_detection/model.pkl",
+          "checksum": "3071f634875fa3a54b389667634b1afe",
+          "size_bytes": 285769
+        },
+        "scaler": {
+          "path": "web_attack_detection/scaler.pkl",
+          "checksum": "a511f6f966d0e45f2515732533dec192"
+        },
+        "metadata": {
+          "path": "web_attack_detection/metadata.json"
+        }
+      },
+      "packaged_at": "2026-02-15 19:21:08"
+    }
+  },
+  "version": "1.0.0",
+  "created_at": "2026-02-15 19:21:08"
+}

ml_client.js

@@ -0,0 +1,77 @@
+
+/**
+ * CyberForge ML Client
+ * Integration with mlService.js
+ */
+
+const axios = require('axios');
+
+class CyberForgeMLClient {
+    constructor(baseUrl = 'http://localhost:8001') {
+        this.baseUrl = baseUrl;
+        this.client = axios.create({
+            baseURL: baseUrl,
+            timeout: 5000,
+            headers: { 'Content-Type': 'application/json' }
+        });
+    }
+
+    /**
+     * Get prediction from ML model
+     * @param {string} modelName - Name of the model
+     * @param {Object} features - Feature dictionary
+     * @returns {Promise<Object>} Prediction result
+     */
+    async predict(modelName, features) {
+        try {
+            const response = await this.client.post('/predict', {
+                model_name: modelName,
+                features: features
+            });
+            return response.data;
+        } catch (error) {
+            console.error('ML prediction error:', error.message);
+            throw error;
+        }
+    }
+
+    /**
+     * Analyze website for threats
+     * @param {string} url - URL to analyze
+     * @param {Object} scrapedData - Data from WebScraperAPIService
+     * @returns {Promise<Object>} Threat analysis result
+     */
+    async analyzeWebsite(url, scrapedData) {
+        try {
+            const response = await this.client.post('/analyze', {
+                url: url,
+                data: scrapedData
+            });
+            return response.data;
+        } catch (error) {
+            console.error('Website analysis error:', error.message);
+            throw error;
+        }
+    }
+
+    /**
+     * List available models
+     * @returns {Promise<Array>} List of model names
+     */
+    async listModels() {
+        const response = await this.client.get('/models');
+        return response.data.models;
+    }
+
+    /**
+     * Get model information
+     * @param {string} modelName - Name of the model
+     * @returns {Promise<Object>} Model metadata
+     */
+    async getModelInfo(modelName) {
+        const response = await this.client.get(`/models/${modelName}`);
+        return response.data;
+    }
+}
+
+module.exports = CyberForgeMLClient;

phishing_detection/metadata.json

@@ -0,0 +1,39 @@
+{
+  "model_type": "random_forest",
+  "dataset": "phishing_detection",
+  "accuracy": 0.9889857732905002,
+  "f1_score": 0.9889844643474395,
+  "inference_time_ms": 0.010500483799549678,
+  "feature_names": [
+    "num_dots",
+    "subdomain_level",
+    "https",
+    "shortening_service",
+    "suspicious_words",
+    "is_phishing",
+    "url_url_length",
+    "url_domain_length",
+    "url_path_length",
+    "url_query_length",
+    "url_subdomain_count",
+    "url_domain_depth",
+    "url_suspicious_keyword_count",
+    "url_digit_count",
+    "url_special_char_count",
+    "url_hyphen_count",
+    "url_underscore_count",
+    "url_param_count",
+    "url_tld_length",
+    "url_has_subdomain",
+    "url_is_https",
+    "url_has_port",
+    "url_non_standard_port",
+    "url_has_ip_address",
+    "url_has_injection_pattern",
+    "url_at_symbol",
+    "url_has_query",
+    "url_is_common_tld"
+  ],
+  "version": "1.0.0",
+  "framework": "sklearn"
+}

phishing_detection/model.pkl

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a862118f7454849774b088a36e00d7fe238b5c728a4e602a6c3d794ac6152fd8
+size 5135049

phishing_detection/package_info.json

@@ -0,0 +1,23 @@
+{
+  "name": "phishing_detection",
+  "type": "random_forest",
+  "version": "1.0.0",
+  "accuracy": 0.9889857732905002,
+  "f1_score": 0.9889844643474395,
+  "inference_time_ms": 0.010500483799549678,
+  "files": {
+    "model": {
+      "path": "phishing_detection/model.pkl",
+      "checksum": "d71ee133bc3d72d097e8ae6c84733fb2",
+      "size_bytes": 5135049
+    },
+    "scaler": {
+      "path": "phishing_detection/scaler.pkl",
+      "checksum": "8dbf6376b3219801d6995268c7d5d05a"
+    },
+    "metadata": {
+      "path": "phishing_detection/metadata.json"
+    }
+  },
+  "packaged_at": "2026-02-15 19:21:08"
+}

phishing_detection/scaler.pkl

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:67132bd0e3398d8006d2a1fbc0227e577e8e0beeb423a89ad55d10adf58c7205
+size 2039

web_attack_detection/metadata.json

@@ -0,0 +1,35 @@
+{
+  "model_type": "random_forest",
+  "dataset": "web_attack_detection",
+  "accuracy": 1.0,
+  "f1_score": 1.0,
+  "inference_time_ms": 0.02898440998830613,
+  "feature_names": [
+    "response_code",
+    "is_attack",
+    "url_url_length",
+    "url_domain_length",
+    "url_path_length",
+    "url_query_length",
+    "url_subdomain_count",
+    "url_domain_depth",
+    "url_suspicious_keyword_count",
+    "url_digit_count",
+    "url_special_char_count",
+    "url_hyphen_count",
+    "url_underscore_count",
+    "url_param_count",
+    "url_tld_length",
+    "url_has_subdomain",
+    "url_is_https",
+    "url_has_port",
+    "url_non_standard_port",
+    "url_has_ip_address",
+    "url_has_injection_pattern",
+    "url_at_symbol",
+    "url_has_query",
+    "url_is_common_tld"
+  ],
+  "version": "1.0.0",
+  "framework": "sklearn"
+}

web_attack_detection/model.pkl

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f774d2935861a272513a885cc3d091c1d44dbc067e739590e8600bc335b127aa
+size 285769

web_attack_detection/package_info.json

@@ -0,0 +1,23 @@
+{
+  "name": "web_attack_detection",
+  "type": "random_forest",
+  "version": "1.0.0",
+  "accuracy": 1.0,
+  "f1_score": 1.0,
+  "inference_time_ms": 0.02898440998830613,
+  "files": {
+    "model": {
+      "path": "web_attack_detection/model.pkl",
+      "checksum": "3071f634875fa3a54b389667634b1afe",
+      "size_bytes": 285769
+    },
+    "scaler": {
+      "path": "web_attack_detection/scaler.pkl",
+      "checksum": "a511f6f966d0e45f2515732533dec192"
+    },
+    "metadata": {
+      "path": "web_attack_detection/metadata.json"
+    }
+  },
+  "packaged_at": "2026-02-15 19:21:08"
+}

web_attack_detection/scaler.pkl

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f0f47a4d2ae1c388c1fd534b2fcb742c5e51aa7e2fdef963d887a08dc1d8986d
+size 1879