Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Machine learning with streams.
var train = require('cranium').train
, opts = {
features: ['attr1', 'attr2']
, classAttribute: 'class'
}
train('input.csv', opts, function (err, machine) {
if(machine.predict({attr1: 5, attr2: 2}) > 0)
console.log('true')
else
console.log('false')
})
Accuracy rates of around 99% can be achieved once parameters are tuned for your data.
An example run with 1000 epochs on the University of Wisconsin's breast cancer data.
Plenty of options for machine learning exist if your dataset can fit in memory. I recommend my friend Matt Rajca's LearnKit, or Weka if you like having a GUI.
The amount of data you need to build a good classifier increases with the number of features you have, so out of memory errors become a problem when dealing with thousands of features. For example, Weka fails to perform logistic regression with more than a couple thousand features on a 5mb dataset. Cranium never assumes that your instances can fit in memory, so you can use it on terabytes of data.
Cranium works with node streams, so you have a lot of flexibility with your input. Using streams sacrifies speed for memory efficiency -- Cranium uses a constant amount of memory that is typically below 100mb. The speed penalty is significant: Cranium runs about 500x slower than LearnKit. If your dataset can fit in memory, Cranium is probably not right for you.
The train function creates a support vector machine and trains it on your data using stochastic gradient descent.
function train (input, opts, cb) {}
function cb (err, svm)
Required An array of strings. Strings should be the headers of columns in the csv that should be used as features.
Required A string, the header of the column to use as the class. Only binary classification is supported right now, so valid class attributes are true
and false
.
Default 0.001
. How hard to try to fit the data. Passed to the SVM.
Default false
. Set to true if your data is small enough to keep entirely in memory, and training will be sped up by about 40%. If this option is true, the input
option to train must be a filename.
Default 0.01
. The learning rate. If a float, will be held constant. If a function, should have the signature function stepLength (epoch) {}
where epoch
is an integer, the current epoch. It should return a float, which will be used as the step length for that epoch. You can use this to decay the step length as time goes on.
Default no-op.
function eachEpoch (epoch, svm, testStream, cb) {}
Default 1000
. How many epochs to train for.
Default 0.4
. The percentage of instances to use for each epoch.
Default 0.3
. The percentage of instances in each epoch to leave out. These instances are fed into the test stream passed to eachEpoch
.
The SVM object is a support vector machine.
function predict (instance) {}
Instance is an object with the same features and classAttribute as the training data. Predict returns a float representing the output of the SVM. Values greater than zero are truthy, while values smaller than zero are falsey. The magnitude of the return value is the confidence of the prediction.
function cost () {}
Returns a transform stream that accepts a stream of instances and outputs a single float. The float is the result of the cost function on the input.
function accuracy () {}
Returns a transform stream that accepts a stream of instances and outputs a single float between zero and one. The float is the percentage of instances that were correctly classified.
The MIT License (MIT)
Copyright (c) 2014 Ben Ng
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Streaming SVM trainer that uses stochastic gradient descent
The npm package cranium receives a total of 11 weekly downloads. As such, cranium popularity was classified as not popular.
We found that cranium demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.