---
tags:
- sentence-transformers
- sentence-similarity
- feature-extraction
- dense
- generated_from_trainer
- dataset_size:54320
- loss:MultipleNegativesRankingLoss
base_model: BAAI/bge-base-en-v1.5
widget:
- source_sentence: The ransomware injected malicious.dll into svchost.exe to execute
its encryption routines under a trusted process.
sentences:
- A rootkit modified UEFI runtime services to maintain control over the system.
- ZxxZ has relied on victims to open a malicious attachment delivered via email.
- FIN7 has used random junk code to obfuscate malware code.
- source_sentence: OnionDuke has the capability to use a Denial of Service module.
sentences:
- The attacker exploited a denial-of-service vulnerability in the WordPress plugin.
- Before activating, the ransomware used 'net share' to enumerate shared folders
across the corporate network.
- Akira engages in double-extortion ransomware, exfiltrating files then encrypting
them, in order to prompt victims to pay a ransom.
- source_sentence: The threat actor increased the storage quota limit to accommodate
large-scale data exfiltration operations.
sentences:
- The payload of CozyCar is encrypted with simple XOR with a rotating key. The CozyCar
configuration file has been encrypted with RC4 keys.
- An adversary changed the Google Cloud organization policy constraints to allow
unrestricted resource deployment across all projects.
- The malware queried professional networking sites to collect branch office physical
addresses.
- source_sentence: The threat actor altered DNS SRV records to redirect service authentication
requests to compromised servers.
sentences:
- The malware altered local DNS settings to redirect traffic from banking websites
to phishing servers.
- The compromised system ran 'c2_client.exe' to reconnect to the command and control
infrastructure.
- The malware leveraged MailSniper to find emails with employee personal identifiable
information.
- source_sentence: APT28 has exploited open Wi-Fi access points for initial access
to target devices using the network.
sentences:
- The spyware stored collected data in hidden disk areas reserved for firmware updates
and system recovery.
- DarkComet gathers the username from the victim’s machine.
- A script was deployed to search for and connect to unsecured guest Wi-Fi networks
in the area.
pipeline_tag: sentence-similarity
library_name: sentence-transformers
---
# SentenceTransformer based on BAAI/bge-base-en-v1.5
This is a [sentence-transformers](https://www.SBERT.net) model finetuned from [BAAI/bge-base-en-v1.5](https://huggingface.co/BAAI/bge-base-en-v1.5). It maps sentences & paragraphs to a 768-dimensional dense vector space and can be used for semantic textual similarity, semantic search, paraphrase mining, text classification, clustering, and more.
## Model Details
### Model Description
- **Model Type:** Sentence Transformer
- **Base model:** [BAAI/bge-base-en-v1.5](https://huggingface.co/BAAI/bge-base-en-v1.5)
- **Maximum Sequence Length:** 512 tokens
- **Output Dimensionality:** 768 dimensions
- **Similarity Function:** Cosine Similarity
### Model Sources
- **Documentation:** [Sentence Transformers Documentation](https://sbert.net)
- **Repository:** [Sentence Transformers on GitHub](https://github.com/huggingface/sentence-transformers)
- **Hugging Face:** [Sentence Transformers on Hugging Face](https://huggingface.co/models?library=sentence-transformers)
### Full Model Architecture
```
SentenceTransformer(
(0): Transformer({'max_seq_length': 512, 'do_lower_case': True, 'architecture': 'BertModel'})
(1): Pooling({'word_embedding_dimension': 768, 'pooling_mode_cls_token': True, 'pooling_mode_mean_tokens': False, 'pooling_mode_max_tokens': False, 'pooling_mode_mean_sqrt_len_tokens': False, 'pooling_mode_weightedmean_tokens': False, 'pooling_mode_lasttoken': False, 'include_prompt': True})
(2): Normalize()
)
```
## Usage
### Direct Usage (Sentence Transformers)
First install the Sentence Transformers library:
```bash
pip install -U sentence-transformers
```
Then you can load this model and run inference.
```python
from sentence_transformers import SentenceTransformer
# Download from the 🤗 Hub
model = SentenceTransformer("sentence_transformers_model_id")
# Run inference
sentences = [
'APT28 has exploited open Wi-Fi access points for initial access to target devices using the network.',
'A script was deployed to search for and connect to unsecured guest Wi-Fi networks in the area.',
'The spyware stored collected data in hidden disk areas reserved for firmware updates and system recovery.',
]
embeddings = model.encode(sentences)
print(embeddings.shape)
# [3, 768]
# Get the similarity scores for the embeddings
similarities = model.similarity(embeddings, embeddings)
print(similarities)
# tensor([[ 1.0000, 0.9010, -0.0563],
# [ 0.9010, 1.0000, 0.0412],
# [-0.0563, 0.0412, 1.0000]])
```
## Training Details
### Training Dataset
#### Unnamed Dataset
* Size: 54,320 training samples
* Columns: sentence_0 and sentence_1
* Approximate statistics based on the first 1000 samples:
| | sentence_0 | sentence_1 |
|:--------|:----------------------------------------------------------------------------------|:----------------------------------------------------------------------------------|
| type | string | string |
| details |
ICMP timestamp requests were sent to gather information about network device availability. | The malware executed ping commands to map the victim's internal network structure. |
| Using Azure Resource Manager API calls, the threat actor listed all virtual machines across multiple subscriptions. | The adversary used a service principal to query the Microsoft Graph API and enumerate all service principals. |
| A malicious DLL was written to the Office application's startup folder for persistence. | The persistence mechanism modified Office registry settings to execute malicious code. |
* Loss: [MultipleNegativesRankingLoss](https://sbert.net/docs/package_reference/sentence_transformer/losses.html#multiplenegativesrankingloss) with these parameters:
```json
{
"scale": 20.0,
"similarity_fct": "cos_sim",
"gather_across_devices": false
}
```
### Training Hyperparameters
#### Non-Default Hyperparameters
- `per_device_train_batch_size`: 16
- `per_device_eval_batch_size`: 16
- `num_train_epochs`: 4
- `multi_dataset_batch_sampler`: round_robin
#### All Hyperparameters