| | --- |
| | license: apache-2.0 |
| | tags: |
| | - security |
| | - attack-path-prediction |
| | - g2pm |
| | - graphany |
| | - ctem |
| | - threat-intelligence |
| | language: |
| | - en |
| | library_name: pytorch |
| | --- |
| | |
| | # CTEM Enterprise Models |
| |
|
| | Production-ready machine learning models for the CTEM (Continuous Threat Exposure Management) Enterprise Dashboard. |
| |
|
| | ## Model Categories |
| |
|
| | ### G2PM Models (`g2pm/`) |
| | - `semi_supervised_99_7_best.pt` - Semi-supervised classifier achieving 99.7% accuracy on MITRE ATT&CK technique classification |
| | - `spectral_281k_best.pt` - Spectral G2PM model for attack path transition prediction |
| | - `spectral_281k_results.pkl` - Pre-computed G2PM embeddings and metadata (281k attack patterns) |
| |
|
| | ### GraphAny Models (`graphany/`) |
| | - `graphany_category_best.pt` - Category classifier (137 attack categories) |
| | - `graphany_g2pm_best.pt` - Combined GraphAny + G2PM model |
| |
|
| | ### Agent Models (`agents/`) |
| | - `red_team_agent_full.pt` - AI Red Team Agent for attack simulation |
| | - `vulnerability_agent_full.pt` - Vulnerability Assessment Agent |
| | - `training_summary.json` - Model configuration and label mappings |
| |
|
| | ### Production Models (`production/`) |
| | - `phase1_g2pm_distilled.pt` - Distilled G2PM base model (580MB) |
| | - `phase2_g2pm_onpolicy.pt` - On-policy fine-tuned G2PM (580MB) |
| | - `phase3_redteam_vineppo.pt` - VinePPO-trained red team model |
| | - `phase4_redteam_selfplay.pt` - Self-play trained red team model |
| | - `phase5_vuln_hierarchical.pt` - Hierarchical vulnerability model |
| | - `graphany_mfa_final.pt` - GraphAny with MFA attack focus |
| | - `unified_g2pm_graphany_final.pt` - Combined G2PM + GraphAny unified model |
| |
|
| | ## Usage |
| |
|
| | ```python |
| | from huggingface_hub import hf_hub_download |
| | |
| | # Download a specific model |
| | model_path = hf_hub_download( |
| | repo_id="PleoMorph/ctem-enterprise-models", |
| | filename="g2pm/semi_supervised_99_7_best.pt" |
| | ) |
| | |
| | # Load with PyTorch |
| | import torch |
| | model = torch.load(model_path, map_location="cpu", weights_only=True) |
| | ``` |
| |
|
| | ## Download All Models |
| |
|
| | ```bash |
| | # Using huggingface-cli |
| | huggingface-cli download PleoMorph/ctem-enterprise-models --local-dir ./models |
| | |
| | # Or specific folder |
| | huggingface-cli download PleoMorph/ctem-enterprise-models --include "g2pm/*" --local-dir ./g2pm_models |
| | ``` |
| |
|
| | ## Model Architecture |
| |
|
| | These models are built on: |
| | - **G2PM**: Graph-to-Pattern Mapping for attack technique classification |
| | - **GraphAny**: Graph neural network for attack path prediction |
| | - **SecBERT**: Security-focused BERT embeddings (jackaduma/SecBERT) |
| |
|
| | ## License |
| |
|
| | Apache 2.0 |
| |
|
| | ## Citation |
| |
|
| | If you use these models, please cite: |
| | ``` |
| | @software{ctem_enterprise_models, |
| | title = {CTEM Enterprise Models}, |
| | author = {PleoMorph}, |
| | year = {2025}, |
| | url = {https://huggingface.co/PleoMorph/ctem-enterprise-models} |
| | } |
| | ``` |
| |
|
