Initial commit: ER-TP-DGP research prototype

Event-Reified Temporal Provenance Dual-Granularity Prompting for LLM-based APT detection on DARPA provenance datasets. Includes phase 0-14 method spec, IR/graph/metapath/trimming/prompt modules, scripts for THEIA candidate universe, landmark CSG construction, hybrid prompting, and LLM inference. Excludes data/, reports/, and local LLM config from version control.
2026-05-15 16:53:57 +08:00
commit b86ae87b75
88 changed files with 18570 additions and 0 deletions
--- a/configs/llm.example.yaml
+++ b/configs/llm.example.yaml
@@ -0,0 +1,25 @@
+# Copy this file to configs/llm.yaml and edit local values.
+# Do not commit real API keys.
+
+provider: local  # local or api
+base_url: http://localhost:8000/v1
+model: your-local-model
+
+# For remote API, prefer api_key_env instead of api_key.
+api_key_env: OPENAI_COMPAT_API_KEY
+# api_key: null
+
+timeout_seconds: 120
+temperature: 0.0
+max_tokens: 512
+# top_p: 1.0
+
+# Some self-hosted gateways behind WAF/CDN rules may reject Python's default
+# user agent. Prefer fixing server-side allow rules, but this can help with
+# basic User-Agent filtering.
+# If your endpoint is behind a WAF/CDN that rejects Python's default signature,
+# use a browser-like User-Agent or configure the server to allow this client.
+user_agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0 Safari/537.36
+extra_headers: {}
+
+extra_body: {}