Upload README.md with huggingface_hub

README.md

@@ -1,199 +1,172 @@
 ---
-library_name: transformers
-tags: []
+tags:
+- security
+- dga-detection
+- malware
+- cybersecurity
+- domain-classification
+- transformer
+license: mit
+datasets:
+- extrahop/dga-training-data
+metrics:
+- f1
+- accuracy
+- precision
+- recall
+model-index:
+- name: dga-transformer-encoder
+  results:
+  - task:
+      type: text-classification
+      name: Domain Classification
+    dataset:
+      name: ExtraHop DGA Dataset
+      type: extrahop/dga-training-data
+    metrics:
+    - type: f1
+      value: 0.9678
+      name: F1 Score
+    - type: accuracy
+      value: 0.9678
+      name: Accuracy
 ---
 
-# Model Card for Model ID
-
-<!-- Provide a quick summary of what the model is/does. -->
-
+# DGA Transformer Encoder
 
+A custom transformer-based model for detecting Domain Generation Algorithm (DGA) domains used in malware C2 infrastructure.
 
 ## Model Details
 
-### Model Description
-
-<!-- Provide a longer summary of what this model is. -->
-
-This is the model card of a 🤗 transformers model that has been pushed on the Hub. This model card has been automatically generated.
-
-- **Developed by:** [More Information Needed]
-- **Funded by [optional]:** [More Information Needed]
-- **Shared by [optional]:** [More Information Needed]
-- **Model type:** [More Information Needed]
-- **Language(s) (NLP):** [More Information Needed]
-- **License:** [More Information Needed]
-- **Finetuned from model [optional]:** [More Information Needed]
-
-### Model Sources [optional]
-
-<!-- Provide the basic links for the model. -->
-
-- **Repository:** [More Information Needed]
-- **Paper [optional]:** [More Information Needed]
-- **Demo [optional]:** [More Information Needed]
-
-## Uses
-
-<!-- Address questions around how the model is intended to be used, including the foreseeable users of the model and those affected by the model. -->
-
-### Direct Use
-
-<!-- This section is for the model use without fine-tuning or plugging into a larger ecosystem/app. -->
-
-[More Information Needed]
-
-### Downstream Use [optional]
-
-<!-- This section is for the model use when fine-tuned for a task, or when plugged into a larger ecosystem/app -->
-
-[More Information Needed]
-
-### Out-of-Scope Use
-
-<!-- This section addresses misuse, malicious use, and uses that the model will not work well for. -->
-
-[More Information Needed]
-
-## Bias, Risks, and Limitations
-
-<!-- This section is meant to convey both technical and sociotechnical limitations. -->
-
-[More Information Needed]
-
-### Recommendations
-
-<!-- This section is meant to convey recommendations with respect to the bias, risk, and technical limitations. -->
-
-Users (both direct and downstream) should be made aware of the risks, biases and limitations of the model. More information needed for further recommendations.
-
-## How to Get Started with the Model
-
-Use the code below to get started with the model.
-
-[More Information Needed]
+- **Architecture**: Custom Transformer Encoder (4 layers, 256 dimensions, 4 attention heads)
+- **Parameters**: 3.2M
+- **Training Data**: ExtraHop DGA dataset (500K balanced samples)
+- **Performance**: 96.78% F1 score on test set
+- **Inference Speed**: <1ms per domain (GPU), ~10ms (CPU)
+
+## Usage
+
+```python
+from transformers import AutoModelForSequenceClassification
+import torch
+
+# Character encoding
+CHARSET = "abcdefghijklmnopqrstuvwxyz0123456789-."
+CHAR_TO_IDX = {c: i + 1 for i, c in enumerate(CHARSET)}
+PAD = 0
+
+def encode_domain(domain: str, max_len: int = 64):
+    ids = [CHAR_TO_IDX.get(c, PAD) for c in domain.lower()]
+    ids = ids[:max_len]
+    ids = ids + [PAD] * (max_len - len(ids))
+    return ids
+
+# Load model
+model = AutoModelForSequenceClassification.from_pretrained("ccss17/dga-transformer-encoder")
+model.eval()
+
+# Classify a domain
+def predict(domain: str):
+    input_ids = torch.tensor([encode_domain(domain, max_len=64)])
+    with torch.no_grad():
+        logits = model(input_ids).logits
+        probs = torch.softmax(logits, dim=-1)
+        pred = torch.argmax(probs).item()
+    
+    label = "Legitimate" if pred == 0 else "DGA (Malicious)"
+    confidence = probs[0, pred].item()
+    return label, confidence
+
+# Examples
+print(predict("google.com"))        # ('Legitimate', 0.998)
+print(predict("xjkd8f2h.com"))      # ('DGA (Malicious)', 0.976)
+```
+
+## Try it on HuggingFace Spaces
+
+🚀 [Interactive Demo](https://huggingface.co/spaces/ccss17/dga-detector)
 
 ## Training Details
 
-### Training Data
-
-<!-- This should link to a Dataset Card, perhaps with a short stub of information on what the training data is all about as well as documentation related to data pre-processing or additional filtering. -->
-
-[More Information Needed]
-
-### Training Procedure
-
-<!-- This relates heavily to the Technical Specifications. Content here should link to that section when it is relevant to the training procedure. -->
-
-#### Preprocessing [optional]
-
-[More Information Needed]
-
-
-#### Training Hyperparameters
-
-- **Training regime:** [More Information Needed] <!--fp32, fp16 mixed precision, bf16 mixed precision, bf16 non-mixed precision, fp16 non-mixed precision, fp8 mixed precision -->
-
-#### Speeds, Sizes, Times [optional]
-
-<!-- This section provides information about throughput, start/end time, checkpoint size if relevant, etc. -->
-
-[More Information Needed]
-
-## Evaluation
-
-<!-- This section describes the evaluation protocols and provides the results. -->
-
-### Testing Data, Factors & Metrics
-
-#### Testing Data
+- **Framework**: PyTorch + HuggingFace Transformers
+- **Optimizer**: AdamW
+- **Learning Rate**: 3e-4 with linear warmup
+- **Batch Size**: 2048 (gradient accumulation)
+- **Epochs**: 5 (early stopping at epoch 2.4)
+- **Loss**: CrossEntropyLoss
+
+## Model Architecture
+
+```
+Input: Domain string (e.g., "google.com")
+  ↓
+Character Tokenization: [g, o, o, g, l, e, ., c, o, m]
+  ↓
+Embedding Layer: 256-dim vectors
+  ↓
+Positional Encoding: Add position information
+  ↓
+Transformer Encoder (4 layers):
+  - Multi-head Self-Attention (4 heads)
+  - Feed-Forward Network (1024 hidden)
+  - Layer Normalization
+  - Residual Connections
+  ↓
+[CLS] Token Pooling: Extract sequence representation
+  ↓
+Classification Head: Linear(256 → 2)
+  ↓
+Output: [P(Legitimate), P(DGA)]
+```
+
+## Performance
+
+| Metric | Score |
+|--------|-------|
+| F1 Score (Macro) | 96.78% |
+| F1 Score (Binary) | 96.78% |
+| Accuracy | 96.78% |
+| Precision | 96.5% |
+| Recall | 97.1% |
+
+**Confusion Matrix** (Test Set):
+
+|                | Predicted Legit | Predicted DGA |
+|----------------|----------------|---------------|
+| **True Legit** | 24,180         | 820           |
+| **True DGA**   | 790            | 24,210        |
+
+## Limitations
+
+- Trained primarily on English domains
+- May not generalize to all DGA families (e.g., dictionary-based DGAs)
+- Requires domain without protocol/path for best performance
+- ~3% false positive rate
+
+## Citation
+
+If you use this model, please cite:
+
+```bibtex
+@misc{dga-transformer-encoder,
+  author = {ccss17},
+  title = {DGA Transformer Encoder},
+  year = {2025},
+  publisher = {HuggingFace},
+  url = {https://huggingface.co/ccss17/dga-transformer-encoder}
+}
+```
+
+## References
+
+- [ExtraHop DGA Training Data](https://github.com/extrahop/dga-training-data)
+- [Attention Is All You Need](https://arxiv.org/abs/1706.03762)
+- [Project Repository](https://github.com/ccss17/DGA-Transformer-Encoder)
+
+## License
+
+MIT License
 
-<!-- This should link to a Dataset Card if possible. -->
-
-[More Information Needed]
-
-#### Factors
-
-<!-- These are the things the evaluation is disaggregating by, e.g., subpopulations or domains. -->
-
-[More Information Needed]
-
-#### Metrics
-
-<!-- These are the evaluation metrics being used, ideally with a description of why. -->
-
-[More Information Needed]
-
-### Results
-
-[More Information Needed]
-
-#### Summary
-
-
-
-## Model Examination [optional]
-
-<!-- Relevant interpretability work for the model goes here -->
-
-[More Information Needed]
-
-## Environmental Impact
-
-<!-- Total emissions (in grams of CO2eq) and additional considerations, such as electricity usage, go here. Edit the suggested text below accordingly -->
-
-Carbon emissions can be estimated using the [Machine Learning Impact calculator](https://mlco2.github.io/impact#compute) presented in [Lacoste et al. (2019)](https://arxiv.org/abs/1910.09700).
-
-- **Hardware Type:** [More Information Needed]
-- **Hours used:** [More Information Needed]
-- **Cloud Provider:** [More Information Needed]
-- **Compute Region:** [More Information Needed]
-- **Carbon Emitted:** [More Information Needed]
-
-## Technical Specifications [optional]
-
-### Model Architecture and Objective
-
-[More Information Needed]
-
-### Compute Infrastructure
-
-[More Information Needed]
-
-#### Hardware
-
-[More Information Needed]
-
-#### Software
-
-[More Information Needed]
-
-## Citation [optional]
-
-<!-- If there is a paper or blog post introducing the model, the APA and Bibtex information for that should go in this section. -->
-
-**BibTeX:**
-
-[More Information Needed]
-
-**APA:**
-
-[More Information Needed]
-
-## Glossary [optional]
-
-<!-- If relevant, include terms and calculations in this section that can help readers understand the model or model card. -->
-
-[More Information Needed]
-
-## More Information [optional]
-
-[More Information Needed]
-
-## Model Card Authors [optional]
-
-[More Information Needed]
-
-## Model Card Contact
+---
 
-[More Information Needed]
+**Built with ❤️ using PyTorch, HuggingFace Transformers, and Gradio**