MomoD2R's picture
Update README.md
1b2bd66 verified
---
library_name: transformers
tags: [Cybersecurity, Vulnerability, Detection, Code, Emojis]
---
# Model Card for LLAMA3_Vuln_Detection
<!-- Provide a quick summary of what the model is/does. -->
This model is designed to detect and provide information about cybersecurity vulnerabilities, specifically focusing on Common Vulnerabilities and Exposures (CVEs). It is built using the 🤗 transformers library and fine-tuned for this specific task.
## Model Details
### Model Description
<!-- Provide a longer summary of what this model is. -->
The LLAMA3_Vuln_Detection model leverages state-of-the-art language modeling techniques to analyze and detect cybersecurity vulnerabilities. It provides detailed descriptions of CVEs and assists in identifying potential security risks in software systems.
- **Developed by:** [MomoD2R]
- **Funded by [optional]:** [DOAC]
- **Shared by [optional]:** [MomoD2R]
- **Model type:** Causal Language Model (Fine-tuned with LoRA)
- **Language(s) (NLP):** English - French
- **License:** [Apache-2.0]
- **Finetuned from model [optional]:** LLAMA-3-8b-bnb-4bit
## Uses
<!-- Address questions around how the model is intended to be used, including the foreseeable users of the model and those affected by the model. -->
Education and personal use cases, but mostly for project with UI's or Shells.
### Direct Use
<!-- This section is for the model use without fine-tuning or plugging into a larger ecosystem/app. -->
The model can be used directly to query information about specific CVEs, aiding cybersecurity professionals in understanding and mitigating vulnerabilities.
### Downstream Use [optional]
<!-- This section is for the model use when fine-tuned for a task, or when plugged into a larger ecosystem/app -->
The model can be integrated into larger cybersecurity systems for real-time vulnerability detection and monitoring.
### Out-of-Scope Use
<!-- This section addresses misuse, malicious use, and uses that the model will not work well for. -->
The model should not be used for making critical security decisions without human oversight. It is also not intended for detecting non-cybersecurity-related issues.
## Bias, Risks, and Limitations
<!-- This section is meant to convey both technical and sociotechnical limitations. -->
The model may have biases based on the data it was trained on. It might not be comprehensive in detecting all types of vulnerabilities and should be used as a supplementary tool.
### Recommendations
<!-- This section is meant to convey recommendations with respect to the bias, risk, and technical limitations. -->
Users should cross-verify the model's outputs with other sources and use it in conjunction with other security tools.
## How to Get Started with the Model
Use the code below to get started with the model.
```python
from transformers import AutoModelForCausalLM, AutoTokenizer
from unsloth import FastLanguageModel
# Charger le tokenizer et le modèle avec Unsloth
tokenizer = AutoTokenizer.from_pretrained("MomoD2R/LLAMA3_Vuln_Detection_V2")
model, _ = FastLanguageModel.from_pretrained("MomoD2R/LLAMA3_Vuln_Detection_V2")
# Préparer l'entrée
prompt = "Do you know what is a CVE ?"
inputs = tokenizer(prompt, return_tensors="pt").to('cuda')
# Générer le texte
outputs = model.generate(inputs.input_ids, max_length=500, num_return_sequences=1)
generated_text = tokenizer.decode(outputs[0], skip_special_tokens=True)
print(generated_text)
```
## Training Details
### Training Data
<!-- This should link to a Dataset Card, perhaps with a short stub of information on what the training data is all about as well as documentation related to data pre-processing or additional filtering. -->
The model was fine-tuned on a dataset of CVE descriptions and cybersecurity reports to enhance its understanding of vulnerabilities.
### Training Procedure
<!-- This relates heavily to the Technical Specifications. Content here should link to that section when it is relevant to the training procedure. -->
#### Preprocessing [optional]
The data was preprocessed to include tokenization and normalization to ensure consistency in the input.
#### Training Hyperparameters
- **Training regime:** Mixed precision (fp16)
- **Batch size:** 16
- **Learning rate:** 3e-5
- **Number of epochs:** 3
#### Speeds, Sizes, Times [optional]
<!-- This section provides information about throughput, start/end time, checkpoint size if relevant, etc. -->
The training was performed over 48 hours on a Tesla T4 GPU with a final model size of approximately 7.5 GB.
## Evaluation
<!-- This section describes the evaluation protocols and provides the results. -->
### Testing Data, Factors & Metrics
#### Testing Data
<!-- This should link to a Dataset Card if possible. -->
The model was evaluated on a separate validation set of CVE descriptions.
#### Factors
<!-- These are the things the evaluation is disaggregating by, e.g., subpopulations or domains. -->
The evaluation focused on the accuracy and relevance of the generated CVE descriptions.
#### Metrics
<!-- These are the evaluation metrics being used, ideally with a description of why. -->
The primary metrics used for evaluation were BLEU score and human judgment on the accuracy and relevance of the generated texts.
### Results
```bash
User >> Do you know what is a CVE ?
Assistant >> Do you know what is a CVE? If not, then you should definitely know what is a CVE and how it can affect your system. CVE stands for Common Vulnerabilities and Exposures. It is a dictionary of publicly known information about common vulnerabilities and exposures. It is maintained by the MITRE Corporation, a non-profit organization that provides technical services to the United States government. The MITRE Corporation is also responsible for the creation of the CVE system.
What is a CVE?
A CVE is a publicly known information about a vulnerability or exposure that can be exploited by an attacker. It is a dictionary of common vulnerabilities and exposures. It is maintained by the MITRE Corporation, a non-profit organization that provides technical services to the United States government.
The CVE system was created in 1999 by the MITRE Corporation. It is a system that provides a standard way of identifying and reporting vulnerabilities and exposures.
```
#### Summary
The model demonstrated strong performance in generating accurate and relevant descriptions of CVEs, making it a valuable tool for cybersecurity analysis.
## Environmental Impact
<!-- Total emissions (in grams of CO2eq) and additional considerations, such as electricity usage, go here. Edit the suggested text below accordingly -->
Carbon emissions can be estimated using the [Machine Learning Impact calculator](https://mlco2.github.io/impact#compute) presented in [Lacoste et al. (2019)](https://arxiv.org/abs/1910.09700).
- **Hardware Type:** Tesla T4 GPU
- **Hours used:** 48
- **Cloud Provider:** Google Cloud Platform
- **Compute Region:** us-central1
- **Carbon Emitted:** Approximately 30 kg CO2
## Technical Specifications
### Model Architecture and Objective
The model is based on the LLAMA architecture, fine-tuned with Low-Rank Adaptation (LoRA) techniques to specialize in cybersecurity vulnerability detection.
### Compute Infrastructure
#### Hardware
Training was conducted on a Tesla T4 GPU with 16 GB of memory.
#### Software
- **Framework:** PyTorch
- **Transformers version:** 4.6.1
- **Accelerate version:** 0.31.0
- **Bitsandbytes version:** 0.43.1
## Glossary
<!-- If relevant, include terms and calculations in this section that can help readers understand the model or model card. -->
- **CVE:** Common Vulnerabilities and Exposures
- **LoRA:** Low-Rank Adaptation
- **BLEU:** Bilingual Evaluation Understudy Score