Update README.md

README.md

@@ -12,95 +12,163 @@ pipeline_tag: text-classification
 ---
 # Model Card for Model ID
 
-<!-- Provide a quick summary of what the model is/does. -->
-
-This modelcard aims to be a base template for new models. It has been generated using [this raw template](https://github.com/huggingface/huggingface_hub/blob/main/src/huggingface_hub/templates/modelcard_template.md?plain=1).
-
 ## Model Details
 
+![image/png](https://cdn-uploads.huggingface.co/production/uploads/66954efe30bd2a19adcd92aa/nXwBehKsHWh8CX1LPNr6-.png)
+
 ### Model Description
 
-<!-- Provide a longer summary of what this model is. -->
+This model combines Convolutional Neural Networks (CNN) and Gated Recurrent Units (GRU), designed for sequence-based tasks like time series analysis, natural language processing (NLP), or anomaly detection.
+
+### 1. Input Layer
+- **Shape:** `(None, 384)` — Variable batch size, input dimension of 384.
+- **Reshape:** Converts input to `(None, 384, 1)` to add a channel dimension for Conv1D layers.
+
+### 2. Two Parallel Branches
+
+#### a) CNN Branch
+- **Conv1D Layers:**
+  - Filters: 32, 64, 128, 256 (increasing depth)
+  - Kernel size: (not shown, likely small like 3)
+- **MaxPooling1D:** Applied after each Conv1D layer to reduce dimensionality.
+- **GlobalMaxPooling1D:** Final pooling layer reducing output to shape `(None, 256)`.
+
+#### b) GRU Branch
+- **GRU Layers:**
+  - Units: 32, 64, 128, 256 (increasing capacity)
+  - Stacked for hierarchical feature extraction.
+  - Final GRU outputs shape `(None, 256)`.
+
+### 3. Fusion Layer
+- **Multiply:** Element-wise multiplication of outputs from CNN and GRU branches.
+- **Shape:** `(None, 256)`
 
+### 4. Dense Layers
+- **Dropout:** Applied for regularization.
+- **Fully Connected Layers:**
+  - 256 → 128 → 64 → 32 → 1
+  - Gradually reducing dimensions for feature compression.
+- **Output:** A single value — suitable for regression or binary classification.
+
+### 5. Likely Use Cases
+- Web attack detection
+- Sequence classification
+- Anomaly detection in time series
+
+This architecture captures both spatial features (CNN) and temporal dependencies (GRU), making it well-suited for complex sequential data. Let me know if you’d like help tweaking or interpreting this model! 🚀
 
 
 - **Developed by:** [noobpk](https://github.com/noobpk/)
 
 ### Model Sources
 
-<!-- Provide the basic links for the model. -->
-
 - **Paper :** [Research and Development of a Smart Solution for Runtime Web Application Self-Protection](https://doi.org/10.1145/3628797.3628901)
 
 ## Uses
 
-<!-- Address questions around how the model is intended to be used, including the foreseeable users of the model and those affected by the model. -->
-
 ### Direct Use
 
-<!-- This section is for the model use without fine-tuning or plugging into a larger ecosystem/app. -->
-
-[More Information Needed]
-
-### Downstream Use [optional]
+- Intrusion Detection: Identify suspicious activity in network traffic data.
 
-<!-- This section is for the model use when fine-tuned for a task, or when plugged into a larger ecosystem/app -->
+- Sentiment Analysis: Analyze sequential text data to determine sentiment polarity.
 
-[More Information Needed]
+- Time Series Forecasting: Predict future values based on historical data trends.
 
 ### Out-of-Scope Use
 
-<!-- This section addresses misuse, malicious use, and uses that the model will not work well for. -->
+- Image classification: This model is not optimized for handling spatial features in images.
 
-[More Information Needed]
+- Tabular data analysis: It’s designed for sequential data and may not capture non-temporal relationships well.
 
 ## Bias, Risks, and Limitations
 
-<!-- This section is meant to convey both technical and sociotechnical limitations. -->
+- Data Bias: The model’s performance heavily depends on the quality and diversity of training data. Biased or imbalanced datasets could lead to unfair or inaccurate predictions.
 
-[More Information Needed]
+- Overfitting: With its depth and complexity, the model may overfit smaller datasets, capturing noise rather than meaningful patterns.
+
+- Interpretability: CNN-GRU models can be seen as black boxes, making it difficult to interpret why specific predictions are made.
+
+- Computational Costs: The parallel CNN-GRU architecture can demand significant resources during training and inference, potentially leading to longer processing times.
 
 ### Recommendations
 
-<!-- This section is meant to convey recommendations with respect to the bias, risk, and technical limitations. -->
+- Balanced Dataset: Ensure training data represents diverse and balanced samples to mitigate bias.
+
+- Regularization: Apply dropout and early stopping to prevent overfitting.
+
+- Hyperparameter Tuning: Experiment with layer configurations, learning rates, and optimization techniques to enhance generalization.
+
+- Explainability Tools: Use SHAP or LIME libraries to interpret model predictions and understand feature importance.
 
-Users (both direct and downstream) should be made aware of the risks, biases and limitations of the model. More information needed for further recommendations.
+- Infrastructure: Deploy the model on systems with sufficient computational power, especially for real-time or large-scale applications.
 
 ## How to Get Started with the Model
 
 Use the code below to get started with the model.
 
-[More Information Needed]
+```
+import os
+os.environ["KERAS_BACKEND"] = "tensorflow"
+	
+from tensorflow.keras.models import load_model
+from sentence_transformers import SentenceTransformer
+from huggingface_hub import hf_hub_download
+
+
+def load_modeler():
+    local_model_path = hf_hub_download(
+        repo_id="noobpk/web-attack-detection",
+        filename="model.h5"
+    )
+    return load_model(local_model_path)
+    
+model = load_modeler()
+
+def load_encoder():
+    model_name_or_path = os.environ.get("model_name_or_path", "sentence-transformers/all-MiniLM-L6-v2")
+    return SentenceTransformer(model_name_or_path)
+
+encoder = load_encoder()
+
+if __name__ == "__main__":
+    payload = input("Enter payload: ")
+    print("Processing...")
+
+embeddings = encoder.encode(payload).reshape((1, 384))
+prediction = model.predict(embeddings)
+accuracy = float(prediction[0][0] * 100)
+print(f"Accuracy: {accuracy}")
+```
 
 ## Training Details
 
 ### Training Data
 
-<!-- This should link to a Dataset Card, perhaps with a short stub of information on what the training data is all about as well as documentation related to data pre-processing or additional filtering. -->
+Dataset: https://huggingface.co/datasets/noobpk/web-attack-detection
 
-[More Information Needed]
+- Using 70% for training data
 
-### Training Procedure
+#### Training Hyperparameters
 
-<!-- This relates heavily to the Technical Specifications. Content here should link to that section when it is relevant to the training procedure. -->
+- Optimizer: Adam with initial learning rate 0.001
 
-#### Preprocessing [optional]
+- Learning Rate Schedule: InverseTimeDecay with decay steps of 1000 and decay rate of 0.1
 
-[More Information Needed]
+- Batch Size: 256
 
+- Epochs: Configurable, with early stopping after 3 epochs of no improvement
 
-#### Training Hyperparameters
+- Dropout Rates:
+
+- - 0.1 after CNN and GRU branches
+
+- - 0.3 after feature fusion
+
+- Cross-Validation: K-Fold cross-validation with k=5 (or configurable)
+
+- Loss Function: Binary cross-entropy
 
-- **Training regime:**
-  learning_rate : 0.001
-  activation : relu
-  batch_size : 256
-  loss : binary_crossentropy
-  optimizer : Adam
-  Conv1D : 32 - 64 - 128 - 256 - 512
-  GRU : 32 - 64 - 128 - 256 - 512
-  
-  
+- Metrics: Accuracy
 
 #### Speeds, Sizes, Times [optional]
 
@@ -110,38 +178,34 @@ Use the code below to get started with the model.
 
 ## Evaluation
 
-<!-- This section describes the evaluation protocols and provides the results. -->
-
 ### Testing Data, Factors & Metrics
 
 #### Testing Data
 
-<!-- This should link to a Dataset Card if possible. -->
+Dataset: https://huggingface.co/datasets/noobpk/web-attack-detection
 
-[More Information Needed]
+- Using 30% for testing data
 
 #### Factors
 
-<!-- These are the things the evaluation is disaggregating by, e.g., subpopulations or domains. -->
+![image/png](https://cdn-uploads.huggingface.co/production/uploads/66954efe30bd2a19adcd92aa/QZ4X0tPafZ94W3DxtXbfs.png)
 
-[More Information Needed]
 
-#### Metrics
-
-<!-- These are the evaluation metrics being used, ideally with a description of why. -->
+![image/png](https://cdn-uploads.huggingface.co/production/uploads/66954efe30bd2a19adcd92aa/i4u6qOFuK6BbNvRMqgidx.png)
 
+#### Metrics
 
-[More Information Needed]
+- precision
+- f1-score
+- recall
+- accuracy
 
 ### Results
 
-[More Information Needed]
 
 #### Summary
 
-## Technical Specifications [optional]
-
-### Model Architecture and Objective
+### Model Architecture and Objective: Hybrid CNN-GRU
 
 ![model_arch](https://github.com/noobpk/whale-sentinel/blob/main/diagrams/WS_Deep_Learning_Model_Web_Attack_Detection.png?raw=true)
 
@@ -155,8 +219,6 @@ Use the code below to get started with the model.
 
 ## Citation
 
-<!-- If there is a paper or blog post introducing the model, the APA and Bibtex information for that should go in this section. -->
-
 **BibTeX:**
 
 @inproceedings{10.1145/3628797.3628901,
@@ -177,21 +239,10 @@ location = {Ho Chi Minh, Vietnam},
 series = {SOICT '23}
 }
 
+## Model Card Authors
 
-## Glossary [optional]
-
-<!-- If relevant, include terms and calculations in this section that can help readers understand the model or model card. -->
-
-[More Information Needed]
-
-## More Information [optional]
-
-[More Information Needed]
-
-## Model Card Authors [optional]
-
-[More Information Needed]
+[noobpk](https://github.com/noobpk/)
 
 ## Model Card Contact
 
-[More Information Needed]
+[noobpk](t.me/noobpk)