Oxidize ML Models
Machine learning models for Oxidize β a workforce access security platform with an agentic closed-loop relay runtime built in pure Rust.
Oxidize runs autonomous ML agents inline on the relay datapath. Models predict, decide, and act in real-time β from preemptive congestion control to per-hostname threat scoring to adaptive per-flow strategy selection.
Model Tiers
Tier 1 β Core Datapath Intelligence
Models that run on every packet/flow decision in the hot path.
| Model | Architecture | Latency | File | Purpose |
|---|---|---|---|---|
| transformer_loss | MiniTransformer (d=64, 4 heads, INT8) | <10Β΅s | transformer_loss.safetensors |
Predict packet loss 50β100ms ahead for preemptive FEC injection |
| ppo_congestion | PPO Actor-Critic (continuous action, 128-unit hidden) | <1Β΅s | ppo_congestion.safetensors |
Smooth congestion window optimization β continuous multiplier, no CWND oscillation |
| security_threat_scorer | INT8 MLP (16 features β 64 hidden β 1) | <1Β΅s | Inline (compiled into binary) | Per-hostname threat probability for browser isolation + SWG gating |
Tier 2 β Per-Flow Optimization
Bandit and heuristic engines that adapt strategy per traffic class.
| Model | Architecture | Latency | Purpose |
|---|---|---|---|
| flow_strategy | UCB1 bandit over 18 curated arms | <1Β΅s | Select optimal (FEC level, compression, batching) per DPI-classified traffic class |
| compression_oracle | Entropy heuristic + magic-byte detection | <1Β΅s | Decide Skip/Light/Normal/Aggressive compression per payload |
| path_selector | UCB1 contextual bandit (4 paths) | <1Β΅s | Learn optimal path per traffic type across Primary/Secondary/Tertiary/Quaternary |
Tier 3 β Prediction-Action Agent
Closed-loop autonomous agent that converts passive predictions into preemptive actions.
| Component | What it does |
|---|---|
| PredictionActionAgent | State machine (Stable β PredictedDegradation β ActiveMitigation β Recovery) that emits AgentActions when degradation probability exceeds threshold |
| AgentActions | PreemptiveFecBoost, CwndTaper, PathSwitch, HandoffPrep β each with outcome tracking that feeds reward back into PPO training |
| Autotune | Self-adjusts thresholds (FEC boost, CWND reduce, action cooldown) based on observed improvement rate |
Tier 4 β Server-Side Agentic Engines
Relay-side engines that operate on connection metadata, not raw packets.
| Engine | Purpose |
|---|---|
| AgentEgressEngine | Credential detection, OAuth/API-key/JWT/cloud-credential identification in egress traffic; verdict = Allow/Log/Alert/Block |
| AgentMemoryService | Per-entity risk memory with behavioral baselines, false-positive tracking, and time-decayed risk profiles |
| MobileThreatDefenseEngine | Mobile app risk scoring β jailbreak/root detection, app reputation, OS version risk, sideload detection |
| AgenticRecommendationsEngine | Generates prioritized security recommendations (policy tightening, access reviews, config hardening) from observed traffic patterns |
| HandoffPredictor | WiFi/LTE/5G signal tracking β predicts network handoff probability β triggers preemptive tunnel prep |
Architecture Details
Transformer Loss Predictor (INT8 Quantized)
Input: [batch, 20, 8] β MultiHeadAttention(d=64, h=4) β FFN β Linear(1) β Sigmoid β Loss probability
β
INT8 Quantization (10x speedup)
β
Speculative Cache (next 100 decisions pre-computed)
Network Features (8):
| Feature | Description | Normalization |
|---|---|---|
rtt_us |
Round-trip time | / 1,000,000 |
rtt_var_us |
RTT variance (jitter) | / 500,000 |
bandwidth_bps |
Estimated bandwidth | / 10 Gbps |
loss_rate |
Recent packet loss | Raw (0β1) |
loss_trend |
Loss rate derivative | Raw |
inflight |
Packets in flight | / 10,000 |
cwnd |
Congestion window | / 1,000,000 |
buffer_occupancy |
Buffer fill level | Raw (0β1) |
PPO Congestion Controller
Input: [batch, 8] β Actor(128) β ReLU β Actor(128) β ReLU β Gaussian(mean, log_std) β CWND multiplier
Critic(128) β ReLU β Critic(128) β ReLU β Linear(1) β State value
Continuous action space β outputs a CWND multiplier instead of discrete up/down, eliminating sawtooth oscillation.
Security Threat Scorer
INT8 MLP that scores hostnames for CompositeThreatIntel, which combines feed-based (URLhaus, OpenPhish, abuse.ch, PhishTank) and ML-based classification.
Threat Scoring Features (16 inputs):
| Feature | Description | Normalization |
|---|---|---|
domain_entropy |
Shannon entropy of hostname characters | 0β1 |
subdomain_count_norm |
Domain length / 253 | 0β1 |
suspicious_pattern |
Punycode, login-, secure-, excessive digits | 0 or 1 |
high_risk_tld |
.tk, .top, .xyz, etc. | 0 or 1 |
novelty_score |
First-seen recency | 0β1 |
distinct_actors_norm |
Distinct actors hitting host / 10 | 0β1 |
ioc_match |
Request rate (requests/sec / 100) | 0β1 |
dlp_violation |
Payload entropy | 0β1 |
policy_violation |
SWG/CASB violation flag | 0 or 1 |
geo_risk |
Destination geo risk | 0β1 |
protocol_risk |
HTTPS=0, HTTP=0.5, raw TCP=1 | 0β1 |
port_risk |
Well-known=0, registered=0.5, ephemeral=1 | 0β1 |
Threat classes: Malware, Phishing, C2, Botnet, Cryptojacking, Adware, DGA, Suspicious, Sensitive, Clean.
Provider architecture:
FeedProvider (O(1) hash lookups, 200+ built-in indicators)
βββ URLhaus, OpenPhish, abuse.ch, PhishTank
β
βΌ
CompositeThreatIntel (Feed β ML β Cache)
βββ Feed priority: confirmed IOCs checked first
βββ ML fallback: INT8 MLP scores features per hostname
βββ DashMap TTL cache (32K cap)
β
ββββΊ BrowserIsolationEngine
ββββΊ SwgEngine
ββββΊ Forwarder (ml_threat_score)
Flow Strategy Engine (DPI-Informed Bandit)
Per-traffic-class UCB1 bandit over 18 curated (FEC, Compression, Batching) arms:
| Traffic Class | Reward Signal | Optimization Target |
|---|---|---|
| Gaming | 1 / jitter_ms | Lowest latency, lowest jitter |
| VoIP | 1 / latency_ms | Low RTT, stable connection |
| Streaming | 1 / throughput_stddev | Highest bandwidth stability |
| Interactive | 1 / latency_ms | Responsive, low-loss |
| Bulk | throughput_mbps (normalized) | Maximum throughput |
Strategy dimensions:
- FEC Level: None, Light, Medium, Heavy, Maximum
- Compression: None, LZ4, Zstd, ROHC-only
- Batching: Immediate, MicroBatch (250Β΅s flush), StandardBatch (1ms flush)
Prediction-Action Agent State Machine
Stable ββ(P(degradation) > threshold)βββΊ PredictedDegradation
β² β
β (emit AgentAction)
β βΌ
Recovery βββ(metrics improving)ββββ ActiveMitigation
β β
βββ(sustained good metrics)βββββββββββββββββββ
Actions and their triggers:
- PreemptiveFecBoost β loss probability exceeds FEC threshold β boost redundancy before loss hits
- CwndTaper β congestion predicted β gradual CWND reduction instead of cliff drop
- PathSwitch β primary path degrading β switch to best alternative path
- HandoffPrep β WiFi/LTE signal declining β pre-establish tunnel on new interface
Each action outcome (Improved/NoEffect/Degraded) feeds back as reward into PPO training via generate_training_feedback().
Advanced ML Features
Implemented in oxidize_common::advanced_ml:
| Feature | What it does |
|---|---|
| FederatedCoordinator | Privacy-preserving distributed training across relay servers. Differential privacy (Ξ΅=1.0), secure aggregation, trust-weighted updates. Aggregates weight deltas every 60s when min_clients threshold met. |
| MultiAgentCoordinator | Per-flow cooperative congestion control via RL. Each connection = an agent. Inter-agent messages distributed every 10s for cooperative optimization. |
| ABTestingFramework | Welch's t-test based statistical significance for model variant deployment. Create experiments at runtime, stats logged in 30s summary tick. |
Data Quality Guards
Built-in validation (ml_data_quality.rs) prevents training on garbage data:
- Range validation β RTT [100Β΅s, 10s], bandwidth [1Kbps, 100Gbps], loss rate [0, 1]
- Consistency checks β RTT variance β€ RTT, buffer occupancy β [0, 1]
- Timestamp validation β rejects future and stale samples
- Anomaly detection β rejects duplicate/synthetic patterns (DDoS poisoning defense)
- Threat sample validation β all 16 features β [0, 1], no NaN/Inf, label β [0, 1]
Self-healing: anomaly detection tracks validation failure rate; triggers automatic model retraining when >50% of samples are rejected.
Heuristic Fallback
If models aren't loaded, all components fall back to fast heuristics:
| Component | Fallback |
|---|---|
| Loss Predictor | Exponential weighted moving average |
| Congestion Controller | Standard congestion avoidance |
| Compression Oracle | Entropy threshold + magic byte detection |
| Path Selector | Round-robin with availability check |
| Flow Strategy | Default strategy per traffic class |
| Threat Scorer | Feed-only lookup (no ML scoring) |
Performance
All ML operations designed for minimal hot-path latency:
| Operation | Typical Latency |
|---|---|
| Loss prediction (cached) | <1Β΅s |
| Loss prediction (uncached) | <50Β΅s |
| CWND optimization | <10Β΅s |
| Path selection | <5Β΅s |
| Flow strategy selection | <1Β΅s |
| Threat scoring | <1Β΅s |
| FEC decision | <100ns |
| Data quality validation | <1Β΅s |
Training runs asynchronously via BackgroundTrainer β never blocks the packet path.
Usage
With Oxidize (Rust)
use oxidize_common::ml_optimized::OptimizedMlEngine;
let engine = OptimizedMlEngine::new();
// Loss prediction (INT8 Transformer)
let loss_prob = engine.predict_loss(seq_num, &features);
// CWND optimization (PPO continuous)
let cwnd = engine.get_cwnd(rtt_us, &state);
// Threat scoring (INT8 MLP)
let threat_score = engine.predict_threat(&hostname_features);
// Compression decision (entropy heuristic)
let decision = engine.compression_decision(&payload);
// FEC decision with metrics recording
let fec = engine.fec_decision_with_metrics(&net_features, &metrics);
Flow Strategy Engine
use oxidize_common::flow_strategy::FlowStrategyEngine;
let mut engine = FlowStrategyEngine::new();
// Get optimal strategy for traffic class
let strategy = engine.get_strategy(TrafficClass::Gaming);
// strategy.fec_level, strategy.compression, strategy.batching
// Feed back observed quality
let reward = FlowStrategyEngine::gaming_reward(jitter_ms, loss_rate);
engine.record_reward(TrafficClass::Gaming, &strategy, reward);
Prediction-Action Agent
use oxidize_common::prediction_agent::PredictionActionAgent;
let mut agent = PredictionActionAgent::new();
// Evaluate current state β get preemptive actions
let actions = agent.evaluate(&ml_engine, &network_features);
for action in actions {
match action {
AgentAction::PreemptiveFecBoost { .. } => { /* boost FEC */ }
AgentAction::CwndTaper { .. } => { /* reduce CWND */ }
AgentAction::PathSwitch { .. } => { /* switch path */ }
AgentAction::HandoffPrep { .. } => { /* prep handoff */ }
}
}
// Record outcome for learning
agent.record_outcome(ActionOutcome::Improved);
Auto-Download Models
use oxidize_common::model_hub::ModelHub;
let hub = ModelHub::new(Default::default());
hub.download_models("/tmp/oxidize_models").await?;
engine.load_models("/tmp/oxidize_models")?;
Environment Variables
export HF_TOKEN=hf_xxxxxxxxxx # For private repos or uploads
export OXIDIZE_MODEL_DIR=/tmp/oxidize_models # Local cache
Training Pipeline
ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ ββββββββββββββ
β Servers βββββΆβ HF Hub βββββΆβ CI/CD βββββΆβ HF Hub β
β (collect) β β (storage) β β (train) β β (models) β
ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ ββββββββββββββ
β β² β β
ββββββββββββββββββββββ΄ββββββββββββββββββββ΄βββββββββββββββββββββ
Continuous Loop
- Servers auto-collect β
OptimizedMlEnginecollectsLossSample,DrlExperience, andThreatSampletraining data - Servers auto-upload β Training data pushed to HF Hub hourly
- CI trains daily β GitHub Actions aggregates and trains (3 AM UTC)
- Servers auto-download β New models fetched from HF Hub on startup
Model Files
| Model | File | Format |
|---|---|---|
| Loss Predictor | transformer_loss.safetensors |
SafeTensors |
| Congestion Controller | ppo_congestion.safetensors |
SafeTensors |
| Security Threat Scorer | Inline INT8 weights | Compiled into oxidize-common binary |
Source Code Map
| File | Contains |
|---|---|
common/src/ml_optimized.rs |
OptimizedMlEngine, MiniTransformer, PPOController, SecurityScorer, SpeculativeCache, QuantizedLinear |
common/src/prediction_agent.rs |
PredictionActionAgent, AgentAction, AgentState, autotune |
common/src/flow_strategy.rs |
FlowStrategyEngine, UCB1 bandit, 18 curated strategy arms |
common/src/threat_intel.rs |
CompositeThreatIntel, FeedProvider, MlProvider, threat class taxonomy |
common/src/advanced_ml.rs |
FederatedCoordinator, MultiAgentCoordinator, ABTestingFramework |
common/src/ml_data_quality.rs |
DataQualityValidator, validation thresholds, anomaly detection |
common/src/model_hub.rs |
ModelHub, HF Hub sync, ModelConfig |
common/src/handoff_prediction.rs |
HandoffPredictor, WiFi/LTE signal tracking |
server/src/agent_egress.rs |
AgentEgressEngine, credential detection, egress verdicts |
server/src/agent_memory.rs |
AgentMemoryService, per-entity risk memory, behavioral baselines |
server/src/mobile_threat_defense.rs |
MobileThreatDefenseEngine, mobile app risk scoring |
server/src/agentic_recommendations.rs |
AgenticRecommendationsEngine, policy/config recommendations |
License
Proprietary β All rights reserved
Citation
@software{oxidize2026,
author = {gagansuie},
title = {Oxidize ML Models},
url = {https://github.com/gagansuie/oxidize},
year = {2026}
}
Links
- Code: github.com/gagansuie/oxidize
- Website: oxd.sh
- Downloads last month
- 356
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support