Hugging Face's logo

adarsh-aur
/
rgcn-security-zero-embedding

graph-neural-network
cybersecurity
rgcn
pytorch-geometric
multi-cloud
Model card Files
xet
Community
rgcn-security-zero-embedding / README.md
adarsh-aur's picture
adarsh-aur
Upload README.md with huggingface_hub
0d06661 verified
preview code
|
raw
history blame contribute delete
2.44 kB
 ---
tags: [graph-neural-network, cybersecurity, rgcn, pytorch-geometric, multi-cloud]
---
# Stage 6 β€” Heterogeneous Structural GNN (RGCN)
## Multi-Cloud Threat Detection Pipeline β€” Holistic Version
**Library**: PyTorch Geometric (RGCNConv)
**Design**: Schema-agnostic β€” works with any node/edge types, any feature dimension
### Architecture
- Input: any fdim β†’ zero-padded to MAX_FDIM=1024 β†’ Linear(1024β†’256)
- 3-layer RGCNConv (256β†’256β†’128), num_relations=20
- PEFT Adapters (rank=16) after layers 1 and 2
- DistMult edge anomaly scoring per relation type
### Master Schema
- **Node types (15)**: User, VM, IP, Role, CVE, Container, CloudAccount, Subnet, Bucket, Function, Cluster, Pod, Database, LoadBalancer, Gateway
- **Edge types (20)**: EXPLOITS, CROSS_CLOUD_ACCESS, CONNECTS_TO, EXPLOITS, ACCESS, ASSUMES_ROLE, CONNECTS_TO, RESTART_VM, START_VM, STOP_VM, DEPLOYED_ON, HAS_VULN, LATERAL_MOVEMENT, GRANTS_ACCESS, RUNS_ON, EXPLOITS, ACCESS, TRIGGERS, ACCESS, CONTAINS
### Active Schema (this run)
- **Node types**: User, VM, IP, Role, CVE
- **Edge types**: 10
- **Supervised**: User, Role
## Ablation Results (Test Set)
| Model | Type | Params | User_AUC | User_F1 | User_AP | Role_AUC | Role_F1 | Role_AP |
|:--------|:---------|:----------|-----------:|----------:|----------:|-----------:|----------:|----------:|
| RGCN | PRIMARY | 8,515,599 | 0.5 | 0 | 0.5 | 0.5 | 0 | 0.5 |
| GCN | BASELINE | 5,219,855 | 0.5 | 0 | 0.5 | 0.5 | 0 | 0.5 |
| GAT | BASELINE | 5,320,207 | 0.5 | 0 | 0.5 | 0.5 | 0 | 0.5 |
| SAGE | BASELINE | 5,383,695 | 0.5 | 0 | 0.5 | 0.5 | 0 | 0.5 |
## Usage β€” Stage 7 API Integration
```python
import torch
from huggingface_hub import hf_hub_download
# Load once, call forever
ckpt = torch.load(hf_hub_download("adarsh-aur/rgcn-security-zero-embedding", "model_RGCN.pt"))
model = HeteroRGCN()
model.load_state_dict(ckpt['model_state_dict'])
model.eval()
# Works with any graph snapshot from Stage 5
with torch.no_grad():
h_v, offsets, logits = model(graph_snapshot)
# h_v shape: [total_nodes, 128] β†’ feed to Stage 7 GRU
# New node/edge types: silently skipped
# Missing node/edge types: silently skipped
# Different fdim: auto-padded/truncated to 1024
```