Upload folder using huggingface_hub

README.md

@@ -1,12 +1,36 @@
 ---
-title: C2sentinel
-emoji: 👁
-colorFrom: blue
-colorTo: red
+title: C2Sentinel
+emoji: 🛡️
+colorFrom: red
+colorTo: gray
 sdk: gradio
-sdk_version: 6.3.0
+sdk_version: 5.0.0
 app_file: app.py
 pinned: false
+license: mit
+models:
+  - danielostrow/c2sentinel
 ---
 
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
+# C2Sentinel Demo
+
+Interactive demo for C2Sentinel - a machine learning model for detecting Command and Control (C2) beacon communications in network traffic.
+
+## Features
+
+- Analyze network connection patterns for C2 activity
+- Preset examples for common scenarios (C2 beacons, legitimate traffic)
+- Adjustable detection threshold
+- Detailed risk factor analysis
+
+## Usage
+
+1. Paste connection data as JSON or select a preset example
+2. Adjust the detection threshold if needed
+3. Click "Analyze" to run the model
+
+## Model
+
+See the [C2Sentinel model repository](https://huggingface.co/danielostrow/c2sentinel) for full documentation.
+
+**Author:** Daniel Ostrow | [neuralintellect.com](https://neuralintellect.com)

app.py

@@ -0,0 +1,221 @@
+#!/usr/bin/env python3
+"""
+C2Sentinel Demo - HuggingFace Space
+Interactive demo for testing C2 beacon detection.
+"""
+
+import gradio as gr
+import json
+from huggingface_hub import hf_hub_download
+import sys
+import os
+
+# Download model files from the model repo
+model_dir = "."
+try:
+    hf_hub_download(repo_id="danielostrow/c2sentinel", filename="c2sentinel.py", local_dir=model_dir)
+    hf_hub_download(repo_id="danielostrow/c2sentinel", filename="c2_sentinel.safetensors", local_dir=model_dir)
+    hf_hub_download(repo_id="danielostrow/c2sentinel", filename="c2_sentinel.json", local_dir=model_dir)
+except Exception as e:
+    print(f"Error downloading model files: {e}")
+
+# Import the model
+from c2sentinel import C2Sentinel
+
+# Load model
+sentinel = C2Sentinel.load('c2_sentinel')
+
+# Example connection data
+EXAMPLES = {
+    "C2 Beacon (60s intervals)": json.dumps([
+        {"timestamp": 1705600000, "dst_ip": "45.33.32.156", "dst_port": 443, "bytes_sent": 200, "bytes_recv": 500},
+        {"timestamp": 1705600060, "dst_ip": "45.33.32.156", "dst_port": 443, "bytes_sent": 200, "bytes_recv": 500},
+        {"timestamp": 1705600120, "dst_ip": "45.33.32.156", "dst_port": 443, "bytes_sent": 200, "bytes_recv": 500},
+        {"timestamp": 1705600180, "dst_ip": "45.33.32.156", "dst_port": 443, "bytes_sent": 200, "bytes_recv": 500},
+        {"timestamp": 1705600240, "dst_ip": "45.33.32.156", "dst_port": 443, "bytes_sent": 200, "bytes_recv": 500},
+        {"timestamp": 1705600300, "dst_ip": "45.33.32.156", "dst_port": 443, "bytes_sent": 200, "bytes_recv": 500},
+        {"timestamp": 1705600360, "dst_ip": "45.33.32.156", "dst_port": 443, "bytes_sent": 200, "bytes_recv": 500},
+        {"timestamp": 1705600420, "dst_ip": "45.33.32.156", "dst_port": 443, "bytes_sent": 200, "bytes_recv": 500},
+    ], indent=2),
+
+    "Metasploit Default Port": json.dumps([
+        {"timestamp": 1705600000, "dst_ip": "10.10.10.10", "dst_port": 4444, "bytes_sent": 150, "bytes_recv": 300},
+        {"timestamp": 1705600030, "dst_ip": "10.10.10.10", "dst_port": 4444, "bytes_sent": 150, "bytes_recv": 300},
+        {"timestamp": 1705600060, "dst_ip": "10.10.10.10", "dst_port": 4444, "bytes_sent": 150, "bytes_recv": 300},
+        {"timestamp": 1705600090, "dst_ip": "10.10.10.10", "dst_port": 4444, "bytes_sent": 150, "bytes_recv": 300},
+        {"timestamp": 1705600120, "dst_ip": "10.10.10.10", "dst_port": 4444, "bytes_sent": 150, "bytes_recv": 300},
+    ], indent=2),
+
+    "SSH Keepalive (Legitimate)": json.dumps([
+        {"timestamp": 1705600000, "dst_ip": "192.168.1.10", "dst_port": 22, "bytes_sent": 48, "bytes_recv": 48},
+        {"timestamp": 1705600030, "dst_ip": "192.168.1.10", "dst_port": 22, "bytes_sent": 48, "bytes_recv": 48},
+        {"timestamp": 1705600060, "dst_ip": "192.168.1.10", "dst_port": 22, "bytes_sent": 48, "bytes_recv": 48},
+        {"timestamp": 1705600090, "dst_ip": "192.168.1.10", "dst_port": 22, "bytes_sent": 48, "bytes_recv": 48},
+        {"timestamp": 1705600120, "dst_ip": "192.168.1.10", "dst_port": 22, "bytes_sent": 48, "bytes_recv": 48},
+        {"timestamp": 1705600150, "dst_ip": "192.168.1.10", "dst_port": 22, "bytes_sent": 48, "bytes_recv": 48},
+    ], indent=2),
+
+    "Web Browsing (Legitimate)": json.dumps([
+        {"timestamp": 1705600000, "dst_ip": "93.184.216.34", "dst_port": 443, "bytes_sent": 500, "bytes_recv": 15000},
+        {"timestamp": 1705600002, "dst_ip": "93.184.216.34", "dst_port": 443, "bytes_sent": 200, "bytes_recv": 8000},
+        {"timestamp": 1705600010, "dst_ip": "151.101.1.140", "dst_port": 443, "bytes_sent": 800, "bytes_recv": 45000},
+        {"timestamp": 1705600015, "dst_ip": "172.217.14.206", "dst_port": 443, "bytes_sent": 300, "bytes_recv": 12000},
+        {"timestamp": 1705600025, "dst_ip": "151.101.1.140", "dst_port": 443, "bytes_sent": 150, "bytes_recv": 5000},
+    ], indent=2),
+
+    "Slow Beacon (5 min intervals)": json.dumps([
+        {"timestamp": 1705600000, "dst_ip": "203.0.113.50", "dst_port": 8080, "bytes_sent": 256, "bytes_recv": 512},
+        {"timestamp": 1705600300, "dst_ip": "203.0.113.50", "dst_port": 8080, "bytes_sent": 256, "bytes_recv": 512},
+        {"timestamp": 1705600600, "dst_ip": "203.0.113.50", "dst_port": 8080, "bytes_sent": 256, "bytes_recv": 512},
+        {"timestamp": 1705600900, "dst_ip": "203.0.113.50", "dst_port": 8080, "bytes_sent": 256, "bytes_recv": 512},
+        {"timestamp": 1705601200, "dst_ip": "203.0.113.50", "dst_port": 8080, "bytes_sent": 256, "bytes_recv": 512},
+    ], indent=2),
+}
+
+
+def analyze_connections(connection_json: str, threshold: float, strict_mode: bool) -> tuple:
+    """Analyze connection data and return results."""
+    try:
+        connections = json.loads(connection_json)
+        if not isinstance(connections, list):
+            return "Error: Input must be a JSON array of connection objects", "", ""
+
+        if len(connections) < 3:
+            return "Error: Need at least 3 connections for analysis", "", ""
+
+        # Run analysis
+        result = sentinel.analyze(connections, threshold=threshold, strict_mode=strict_mode)
+
+        # Format primary result
+        if result.is_c2:
+            verdict = f"C2 DETECTED: {result.c2_type}"
+            verdict_color = "red"
+        else:
+            verdict = "No C2 Detected"
+            verdict_color = "green"
+
+        primary = f"""## Verdict: {verdict}
+
+**Probability:** {result.c2_probability:.1%}
+**Confidence:** {result.confidence:.1%}
+**Detection Method:** {result.detection_method}
+"""
+
+        if result.matched_legitimate_pattern:
+            primary += f"**Matched Pattern:** {result.matched_legitimate_pattern}\n"
+        if result.service_type:
+            primary += f"**Service Type:** {result.service_type}\n"
+        if result.immediate_detection:
+            primary += "**Immediate Detection:** Yes (signature match)\n"
+
+        # Format risk factors
+        risk_text = ""
+        if result.risk_factors:
+            risk_text = "### Risk Factors\n"
+            for factor in result.risk_factors:
+                risk_text += f"- {factor}\n"
+
+        if result.mitigating_factors:
+            risk_text += "\n### Mitigating Factors\n"
+            for factor in result.mitigating_factors:
+                risk_text += f"- {factor}\n"
+
+        # Format recommendations
+        rec_text = ""
+        if result.recommendations:
+            rec_text = "### Recommendations\n"
+            for rec in result.recommendations:
+                rec_text += f"- {rec}\n"
+
+        return primary, risk_text, rec_text
+
+    except json.JSONDecodeError as e:
+        return f"Error: Invalid JSON - {str(e)}", "", ""
+    except Exception as e:
+        return f"Error: {str(e)}", "", ""
+
+
+def load_example(example_name: str) -> str:
+    """Load example connection data."""
+    return EXAMPLES.get(example_name, "")
+
+
+# Build the interface
+with gr.Blocks(title="C2Sentinel Demo", theme=gr.themes.Soft()) as demo:
+    gr.Markdown("""
+    # C2Sentinel
+
+    **Command and Control Beacon Detection**
+
+    Analyze network connection patterns to detect C2 beacon activity.
+    The model uses behavioral analysis to identify C2 communications on any port.
+
+    [Model Repository](https://huggingface.co/danielostrow/c2sentinel) | [Documentation](https://huggingface.co/danielostrow/c2sentinel/blob/main/API_REFERENCE.md)
+    """)
+
+    with gr.Row():
+        with gr.Column(scale=2):
+            example_dropdown = gr.Dropdown(
+                choices=list(EXAMPLES.keys()),
+                label="Load Example",
+                value=None
+            )
+
+            connection_input = gr.Textbox(
+                label="Connection Data (JSON)",
+                placeholder='[\n  {"timestamp": 1000000, "dst_ip": "10.0.0.1", "dst_port": 443, "bytes_sent": 200, "bytes_recv": 500},\n  ...\n]',
+                lines=15
+            )
+
+            with gr.Row():
+                threshold = gr.Slider(
+                    minimum=0.1,
+                    maximum=0.9,
+                    value=0.5,
+                    step=0.1,
+                    label="Detection Threshold"
+                )
+                strict_mode = gr.Checkbox(
+                    label="Strict Mode (min 0.7 threshold)",
+                    value=False
+                )
+
+            analyze_btn = gr.Button("Analyze", variant="primary")
+
+        with gr.Column(scale=2):
+            result_primary = gr.Markdown(label="Analysis Result")
+            result_risks = gr.Markdown(label="Risk Analysis")
+            result_recommendations = gr.Markdown(label="Recommendations")
+
+    gr.Markdown("""
+    ---
+    ### Connection Record Format
+
+    | Field | Type | Required | Description |
+    |-------|------|----------|-------------|
+    | `timestamp` | float | Yes | Unix timestamp |
+    | `dst_ip` | str | Yes | Destination IP |
+    | `dst_port` | int | Yes | Destination port |
+    | `bytes_sent` | int | Yes | Bytes sent |
+    | `bytes_recv` | int | Yes | Bytes received |
+
+    ---
+    **Author:** Daniel Ostrow | [neuralintellect.com](https://neuralintellect.com)
+    """)
+
+    # Event handlers
+    example_dropdown.change(
+        fn=load_example,
+        inputs=[example_dropdown],
+        outputs=[connection_input]
+    )
+
+    analyze_btn.click(
+        fn=analyze_connections,
+        inputs=[connection_input, threshold, strict_mode],
+        outputs=[result_primary, result_risks, result_recommendations]
+    )
+
+
+if __name__ == "__main__":
+    demo.launch()

requirements.txt

@@ -0,0 +1,4 @@
+torch
+numpy
+safetensors
+huggingface_hub