--- license: apache-2.0 library_name: ultralytics pipeline_tag: object-detection tags: - object-detection - yolo11 - ultralytics - threat-modeling - architecture-diagrams - stride - security --- # ARGUS — Architecture Component Detector (YOLO11) Supervised object detector from the **ARGUS** project (FIAP IADT, Phase 5 Hackathon). It locates cloud/software components in **architecture diagram images** and classifies them into **21 cloud-agnostic canonical classes** (AWS, Azure and GCP icons map to the same class). This is **stage E1** of the ARGUS pipeline; the later stages (topology, DFD, STRIDE-per-element, Graph-RAG, scoring/report) operate only on the canonical classes, so only this visual stage is coupled to each cloud's iconography. ## Classes (21) - `actor_user` (ExternalEntity) - `edge_security` (Process) - `api_gateway` (Process) - `load_balancer` (Process) - `compute` (Process) - `serverless_fn` (Process) - `app_service` (Process) - `database_sql` (DataStore) - `database_nosql` (DataStore) - `cache` (DataStore) - `object_storage` (DataStore) - `file_storage` (DataStore) - `message_queue` (DataStore) - `cdn` (Process) - `identity` (Process) - `secrets` (DataStore) - `search` (DataStore) - `monitoring` (DataStore) - `email_notify` (Process) - `backend_external` (ExternalEntity) - `trust_boundary` (TrustBoundary) ## Metrics (synthetic test set) - **mAP@50**: 0.9931 - **mAP@50-95**: 0.9858 - **Precision**: 0.9878 - **Recall**: 0.9918 > These figures are computed on a held-out split of the **synthetic** dataset > (in-distribution). On real reference diagrams the detector recognizes most components > correctly but exhibits a **synthetic-to-real gap** (e.g., it may confuse load balancers > or external web services with the user class, or a key-vault with a database). Closing > this gap with a real annotated set is planned future work. ## Training data **Self-labeled synthetic dataset**: official AWS/Azure/GCP architecture icons composited onto varied backgrounds with arrows, text labels and trust boundaries. Because the icon positions are known, YOLO labels are emitted automatically (no manual annotation), which makes the set scalable. Base model: `yolo11s`, `imgsz=1280`. ## Usage ```python from ultralytics import YOLO model = YOLO("best.pt") results = model("diagram.png", conf=0.25, imgsz=1280) for b in results[0].boxes: print(results[0].names[int(b.cls[0])], float(b.conf[0])) ``` ## Intended use & limitations - **Intended use:** automatic, draft component extraction from cloud architecture diagrams, as the first stage of an automated STRIDE threat-modeling pipeline. - **Limitations:** coupled to the appearance of AWS/Azure/GCP icons; generic/whiteboard diagrams or other clouds are meant to be covered by ARGUS's OCR (text-label) path, not by this detector. Outputs are drafts and should be reviewed by a human. ## Links - Project & training code: https://github.com/Zagari/argus-threat-modeling