nr-network-known-class-detector / inference_example.py
simonmorley's picture
Card fixes: correct inference_example record-2 to TPU-QUIC (not the excluded RPC class); name the eval metric (binary ROC-AUC) and cite the dataset card's held-out-chain macro-F1 in the LOCO section
ec8e321 verified
Raw
History Blame Contribute Delete
1.6 kB
#!/usr/bin/env python3
"""nr-network-known-class-detector — inference example (Apache-2.0).
Runs real `network-v1` feature vectors (captured from the lab corpus and shipped in
`example_records.json`) through the detector:
1. a Bitcoin Core P2P attack (real CVE) -> should FIRE
2. a Solana TPU-QUIC attack (Neodyme Firedancer audit) -> should FIRE
3. a benign Bitcoin peer (same message types, normal rate) -> benign
4. an out-of-domain record (no network signal) -> scoreable=False
The exact primitive behind each record is in `example_records.json` and is printed as its
label at runtime (source of truth), so this list stays correct across corpus regenerations.
Run from the model repo dir: python inference_example.py
"""
import json
from predict import load, predict
model = load("model.joblib")
records = json.load(open("example_records.json"))
# add an out-of-domain record (no pcap.*/resp.* signal) to show the scoreability gate
records.append({"label": "out-of-domain (economic bundle)", "expect": "unscoreable",
"feat": {"econ.gov_weight_held_blocks": 0.0}})
results = predict(model, [r["feat"] for r in records])
for r, out in zip(records, results):
if out["scoreable"]:
flag = "✓" if out["verdict"] == r["expect"] else "✗"
print(f"{flag} {r['label']:<42} score={out['score']:<7} verdict={out['verdict']} "
f"(expect {r['expect']}, threshold {out['threshold']})")
else:
print(f" {r['label']:<42} UNSCOREABLE (no network signal — out of domain)")