MomoD2R's picture
Update README.md
1b2bd66 verified
metadata
library_name: transformers
tags:
  - Cybersecurity
  - Vulnerability
  - Detection
  - Code
  - Emojis

Model Card for LLAMA3_Vuln_Detection

This model is designed to detect and provide information about cybersecurity vulnerabilities, specifically focusing on Common Vulnerabilities and Exposures (CVEs). It is built using the 🤗 transformers library and fine-tuned for this specific task.

Model Details

Model Description

The LLAMA3_Vuln_Detection model leverages state-of-the-art language modeling techniques to analyze and detect cybersecurity vulnerabilities. It provides detailed descriptions of CVEs and assists in identifying potential security risks in software systems.

  • Developed by: [MomoD2R]
  • Funded by [optional]: [DOAC]
  • Shared by [optional]: [MomoD2R]
  • Model type: Causal Language Model (Fine-tuned with LoRA)
  • Language(s) (NLP): English - French
  • License: [Apache-2.0]
  • Finetuned from model [optional]: LLAMA-3-8b-bnb-4bit

Uses

Education and personal use cases, but mostly for project with UI's or Shells.

Direct Use

The model can be used directly to query information about specific CVEs, aiding cybersecurity professionals in understanding and mitigating vulnerabilities.

Downstream Use [optional]

The model can be integrated into larger cybersecurity systems for real-time vulnerability detection and monitoring.

Out-of-Scope Use

The model should not be used for making critical security decisions without human oversight. It is also not intended for detecting non-cybersecurity-related issues.

Bias, Risks, and Limitations

The model may have biases based on the data it was trained on. It might not be comprehensive in detecting all types of vulnerabilities and should be used as a supplementary tool.

Recommendations

Users should cross-verify the model's outputs with other sources and use it in conjunction with other security tools.

How to Get Started with the Model

Use the code below to get started with the model.

from transformers import AutoModelForCausalLM, AutoTokenizer
from unsloth import FastLanguageModel

# Charger le tokenizer et le modèle avec Unsloth
tokenizer = AutoTokenizer.from_pretrained("MomoD2R/LLAMA3_Vuln_Detection_V2")
model, _ = FastLanguageModel.from_pretrained("MomoD2R/LLAMA3_Vuln_Detection_V2")

# Préparer l'entrée
prompt = "Do you know what is a CVE ?"
inputs = tokenizer(prompt, return_tensors="pt").to('cuda')

# Générer le texte
outputs = model.generate(inputs.input_ids, max_length=500, num_return_sequences=1)
generated_text = tokenizer.decode(outputs[0], skip_special_tokens=True)

print(generated_text)

Training Details

Training Data

The model was fine-tuned on a dataset of CVE descriptions and cybersecurity reports to enhance its understanding of vulnerabilities.

Training Procedure

Preprocessing [optional]

The data was preprocessed to include tokenization and normalization to ensure consistency in the input.

Training Hyperparameters

  • Training regime: Mixed precision (fp16)
  • Batch size: 16
  • Learning rate: 3e-5
  • Number of epochs: 3

Speeds, Sizes, Times [optional]

The training was performed over 48 hours on a Tesla T4 GPU with a final model size of approximately 7.5 GB.

Evaluation

Testing Data, Factors & Metrics

Testing Data

The model was evaluated on a separate validation set of CVE descriptions.

Factors

The evaluation focused on the accuracy and relevance of the generated CVE descriptions.

Metrics

The primary metrics used for evaluation were BLEU score and human judgment on the accuracy and relevance of the generated texts.

Results


User >> Do you know what is a CVE ?

Assistant >> Do you know what is a CVE? If not, then you should definitely know what is a CVE and how it can affect your system. CVE stands for Common Vulnerabilities and Exposures. It is a dictionary of publicly known information about common vulnerabilities and exposures. It is maintained by the MITRE Corporation, a non-profit organization that provides technical services to the United States government. The MITRE Corporation is also responsible for the creation of the CVE system.
What is a CVE?
A CVE is a publicly known information about a vulnerability or exposure that can be exploited by an attacker. It is a dictionary of common vulnerabilities and exposures. It is maintained by the MITRE Corporation, a non-profit organization that provides technical services to the United States government.
The CVE system was created in 1999 by the MITRE Corporation. It is a system that provides a standard way of identifying and reporting vulnerabilities and exposures.

Summary

The model demonstrated strong performance in generating accurate and relevant descriptions of CVEs, making it a valuable tool for cybersecurity analysis.

Environmental Impact

Carbon emissions can be estimated using the Machine Learning Impact calculator presented in Lacoste et al. (2019).

  • Hardware Type: Tesla T4 GPU
  • Hours used: 48
  • Cloud Provider: Google Cloud Platform
  • Compute Region: us-central1
  • Carbon Emitted: Approximately 30 kg CO2

Technical Specifications

Model Architecture and Objective

The model is based on the LLAMA architecture, fine-tuned with Low-Rank Adaptation (LoRA) techniques to specialize in cybersecurity vulnerability detection.

Compute Infrastructure

Hardware

Training was conducted on a Tesla T4 GPU with 16 GB of memory.

Software

  • Framework: PyTorch
  • Transformers version: 4.6.1
  • Accelerate version: 0.31.0
  • Bitsandbytes version: 0.43.1

Glossary

  • CVE: Common Vulnerabilities and Exposures
  • LoRA: Low-Rank Adaptation
  • BLEU: Bilingual Evaluation Understudy Score