PleoMorph
/

ctem-g2pm-models

attack-path-prediction

graph-neural-networks

threat-modeling

Model card Files Files and versions

ctem-g2pm-models / README.md

PleoMorph's picture

Upload README.md with huggingface_hub

7fb3ffc verified about 1 month ago

|

history blame contribute delete

3.36 kB

	---
	license: mit
	tags:
	- attack-path-prediction
	- graph-neural-networks
	- cybersecurity
	- mitre-attack
	- threat-modeling
	datasets:
	- custom
	language:
	- en
	library_name: pytorch
	---

	# CTEM G2PM Models

	Graph-to-Path Models for Attack Path Prediction

	Trained models for the [CTEM Enterprise Platform](https://github.com/LucPlessier/PleoMorphic) - Continuous Threat Exposure Management using Graph Neural Networks.

	## Research Foundation

	Based on [Michael Bronstein's geometric deep learning research](https://arxiv.org/abs/2104.13478) and GraphAny architecture for learning on arbitrary graph structures.

	## Models

	\| Model \| Accuracy \| Parameters \| Purpose \|
	\|-------\|----------\|------------\|---------\|
	\| `semi_supervised_99_7_best.pt` \| 99.7% \| 660K \| Technique classification (122 MITRE ATT&CK techniques) \|
	\| `spectral_281k_best.pt` \| 59.1% \| 1.5M \| Attack path transition prediction \|
	\| `graphany_category_best.pt` \| 53.8% \| 950K \| Category classification (137 categories) \|

	## Training Data

	- 279,304 attack technique embeddings (768-dim, sentence-transformers)
	- 147 expert-labeled attack chains
	- 122 MITRE ATT&CK techniques

	## Usage

	### Download Models

	```bash
	pip install huggingface_hub

	# Download all models
	huggingface-cli download PleoMorph/ctem-g2pm-models --local-dir ./models
	```

	### Load in Python

	```python
	import torch
	from huggingface_hub import hf_hub_download

	# Download model
	model_path = hf_hub_download(
	repo_id="PleoMorph/ctem-g2pm-models",
	filename="semi_supervised_99_7_best.pt"
	)

	# Load checkpoint
	checkpoint = torch.load(model_path, map_location="cpu")
	print(f"Accuracy: {checkpoint['best_acc']*100:.1f}%")
	print(f"Techniques: {checkpoint['num_classes']}")
	print(f"Technique mapping: {list(checkpoint['technique_to_idx'].keys())[:10]}...")
	```

	### Model Architecture

	SemiSupervisedG2PM (99.7% accuracy):
	```python
	class SemiSupervisedG2PM(nn.Module):
	def __init__(self, input_dim=768, hidden_dim=256, num_classes=122):
	self.encoder = nn.Sequential(
	nn.Linear(768, 256), nn.ReLU(), nn.Dropout(0.2),
	nn.Linear(256, 256), nn.ReLU(), nn.Dropout(0.2),
	)
	self.classifier = nn.Linear(256, 122)
	```

	SpectralG2PM (transition prediction):
	```python
	class SpectralG2PM(nn.Module):
	# Spectral graph convolution + transition predictor
	# Input: embedding (768) + spectral features (256)
	# Output: transition probability P(A → B)
	```

	## Files

	\| File \| Size \| Description \|
	\|------\|------\|-------------\|
	\| `semi_supervised_99_7_best.pt` \| 2.6 MB \| Best classifier model \|
	\| `spectral_281k_best.pt` \| 5.7 MB \| Transition predictor \|
	\| `spectral_281k_results.pkl` \| 478 MB \| G2PM features & technique index \|
	\| `graphany_category_best.pt` \| 3.6 MB \| Category classifier \|
	\| `semi_supervised_cpu_results.pkl` \| 3.2 MB \| Pseudo-labels & confidences \|

	## Related

	- GitHub: [CTEM Enterprise Platform](https://github.com/LucPlessier/PleoMorphic)
	- Documentation: [Model Architecture](https://github.com/LucPlessier/PleoMorphic/blob/clean-upload/docs/MODELS.md)

	## Citation

	```bibtex
	@software{ctem_g2pm_2025,
	title={CTEM G2PM: Graph-to-Path Models for Attack Path Prediction},
	author={PleoMorph},
	year={2025},
	url={https://huggingface.co/PleoMorph/ctem-g2pm-models}
	}
	```

	## License

	MIT License