Text Classification
Transformers
Safetensors
English
roberta
vulnerability
cybersecurity
security
cve
mitre-attack
attack-techniques
Generated from Trainer
text-embeddings-inference
Instructions to use CIRCL/vulnerability-attack-technique-classification-roberta-base with libraries, inference providers, notebooks, and local apps. Follow these links to get started.
- Libraries
- Transformers
How to use CIRCL/vulnerability-attack-technique-classification-roberta-base with Transformers:
# Use a pipeline as a high-level helper from transformers import pipeline pipe = pipeline("text-classification", model="CIRCL/vulnerability-attack-technique-classification-roberta-base")# Load model directly from transformers import AutoTokenizer, AutoModelForSequenceClassification tokenizer = AutoTokenizer.from_pretrained("CIRCL/vulnerability-attack-technique-classification-roberta-base") model = AutoModelForSequenceClassification.from_pretrained("CIRCL/vulnerability-attack-technique-classification-roberta-base") - Notebooks
- Google Colab
- Kaggle
Complete the model card: evaluation vs zero-shot baseline, intended use, next steps
4bd1d03 verified | library_name: transformers | |
| license: mit | |
| base_model: roberta-base | |
| pipeline_tag: text-classification | |
| language: | |
| - en | |
| datasets: | |
| - CIRCL/vulnerability-attack-techniques | |
| tags: | |
| - vulnerability | |
| - cybersecurity | |
| - security | |
| - cve | |
| - mitre-attack | |
| - attack-techniques | |
| - generated_from_trainer | |
| model-index: | |
| - name: vulnerability-attack-technique-classification-roberta-base | |
| results: [] | |
| # vulnerability-attack-technique-classification-roberta-base | |
| This model suggests **MITRE ATT&CK (Enterprise) techniques** from a vulnerability | |
| description. It is a fine-tuned version of | |
| [roberta-base](https://huggingface.co/roberta-base) trained on | |
| [CIRCL/vulnerability-attack-techniques](https://huggingface.co/datasets/CIRCL/vulnerability-attack-techniques), | |
| a dataset of ~1,200 CVEs with analyst-curated technique mappings from the | |
| [MITRE Center for Threat-Informed Defense (CTID)](https://ctid.mitre.org/) projects, | |
| following the "Mapping ATT&CK to CVE for Impact" methodology. | |
| CVSS tells you *how bad* a vulnerability is, CWE *what kind of flaw* it is — | |
| ATT&CK tells defenders *what adversary behavior to expect and detect*. | |
| This is a **multi-label** classifier (sigmoid head, binary cross-entropy with | |
| per-label positive weights): a CVE legitimately maps to several techniques — | |
| an exploitation technique (e.g. T1190 *Exploit Public-Facing Application*) | |
| plus one or more impacts (e.g. T1059 *Command and Scripting Interpreter*). | |
| ## Intended uses & limitations | |
| The model **suggests candidate techniques for analyst review**. It must not be | |
| treated as an authoritative mapping: a CVE description describes a flaw, while | |
| ATT&CK describes attacker behavior around it, and even human annotators | |
| disagree on such mappings. Use the top-k suggestions as a triage aid. | |
| - **Label space**: 57 parent techniques (sub-techniques collapsed, only | |
| techniques with ≥ 5 training examples), enterprise ATT&CK v19.1. Techniques | |
| outside this vocabulary can never be suggested. | |
| - **Selection bias**: the training data over-represents exploited-in-the-wild | |
| vulnerabilities (a large part comes from CISA KEV mappings). | |
| - **Small training set** (~1,100 examples): rare-technique performance is | |
| weak, as the macro-F1 shows. | |
| ## Evaluation | |
| Evaluated with `vulntrain-validate-attack-classification` on the dataset's | |
| test split, against the zero-shot SMET-style baseline (rank techniques by | |
| cosine similarity between the description embedding — | |
| `all-MiniLM-L6-v2` — and the official ATT&CK technique descriptions), using | |
| the same label vocabulary and metrics: | |
| | Metric | Zero-shot similarity baseline | This model | | |
| |--------|------------------------------|------------| | |
| | recall@1 | 0.118 | **0.220** | | |
| | recall@3 | 0.257 | **0.482** | | |
| | recall@5 | 0.322 | **0.686** | | |
| | recall@10 | 0.491 | **0.842** | | |
| | MRR | 0.397 | **0.620** | | |
| At the 0.5 threshold: F1 micro 0.417, F1 macro 0.203, precision micro 0.301, | |
| recall micro 0.682. The balanced positive weights deliberately favor recall; | |
| for the suggestion use case, ranking metrics (recall@k) are the ones that | |
| matter — in ~69% of cases the correct techniques appear among the top 5 | |
| suggestions, out of 57 candidates. | |
| ## Usage | |
| ```python | |
| import torch | |
| from transformers import AutoModelForSequenceClassification, AutoTokenizer | |
| model_id = "CIRCL/vulnerability-attack-technique-classification-roberta-base" | |
| tokenizer = AutoTokenizer.from_pretrained(model_id) | |
| model = AutoModelForSequenceClassification.from_pretrained(model_id) | |
| description = ( | |
| "A Missing Authentication for Critical Function vulnerability in J-Web " | |
| "allows an unauthenticated, network-based attacker to upload and " | |
| "download arbitrary files and execute commands." | |
| ) | |
| inputs = tokenizer(description, return_tensors="pt", truncation=True) | |
| with torch.no_grad(): | |
| probabilities = torch.sigmoid(model(**inputs).logits)[0] | |
| top = torch.topk(probabilities, k=5) | |
| for probability, index in zip(top.values, top.indices): | |
| print(f"{model.config.id2label[index.item()]}: {probability:.2f}") | |
| ``` | |
| ## Training and evaluation data | |
| Trained with [VulnTrain](https://github.com/vulnerability-lookup/VulnTrain): | |
| ```bash | |
| vulntrain-train-attack-classification \ | |
| --base-model roberta-base \ | |
| --repo-id CIRCL/vulnerability-attack-technique-classification-roberta-base | |
| ``` | |
| The dataset provenance (why the labels come from the hand-curated CTID | |
| mappings rather than automatically derived CVE→CWE→CAPEC→ATT&CK chains) is | |
| documented in the | |
| [methodology page](https://github.com/vulnerability-lookup/VulnTrain/blob/main/docs/attack-techniques-dataset.md) | |
| and on the [dataset card](https://huggingface.co/datasets/CIRCL/vulnerability-attack-techniques). | |
| ## Next steps | |
| - **LLM-assisted label expansion**: grow the training set beyond ~1,200 | |
| examples by labeling a CWE-stratified CVE sample with the CTID methodology, | |
| validated against the analyst gold set before use. This targets the main | |
| weakness (rare-technique recall / macro-F1). | |
| - Stronger encoders (e.g. security-domain sentence models) as both baseline | |
| and base model. | |
| - Sub-technique-level labels once the per-label support allows it | |
| (`--keep-subtechniques`). | |
| - Integration into [Vulnerability-Lookup](https://vulnerability.circl.lu) via | |
| [ML-Gateway](https://github.com/vulnerability-lookup/ML-Gateway). | |
| ## Training procedure | |
| ### Training hyperparameters | |
| The following hyperparameters were used during training: | |
| - learning_rate: 1e-05 | |
| - train_batch_size: 64 | |
| - eval_batch_size: 64 | |
| - seed: 42 | |
| - optimizer: Use OptimizerNames.ADAMW_TORCH_FUSED with betas=(0.9,0.999) and epsilon=1e-08 and optimizer_args=No additional optimizer arguments | |
| - lr_scheduler_type: linear | |
| - num_epochs: 40 | |
| The best checkpoint was selected on validation macro-F1 (epoch 33). | |
| ### Training results | |
| | Training Loss | Epoch | Step | Validation Loss | F1 Micro | F1 Macro | Precision Micro | Recall Micro | Recall At 3 | Recall At 5 | | |
| |:-------------:|:-----:|:----:|:---------------:|:--------:|:--------:|:---------------:|:------------:|:-----------:|:-----------:| | |
| | No log | 1.0 | 17 | 0.9141 | 0.1161 | 0.0311 | 0.0672 | 0.4280 | 0.2637 | 0.2959 | | |
| | 0.9279 | 2.0 | 34 | 0.8081 | 0.2057 | 0.0305 | 0.1473 | 0.3409 | 0.3201 | 0.3587 | | |
| | 0.8472 | 3.0 | 51 | 0.7795 | 0.2369 | 0.0429 | 0.1649 | 0.4205 | 0.3212 | 0.3859 | | |
| | 0.7976 | 4.0 | 68 | 0.7677 | 0.2418 | 0.0375 | 0.1752 | 0.3902 | 0.3415 | 0.3950 | | |
| | 0.7776 | 5.0 | 85 | 0.7555 | 0.2945 | 0.0616 | 0.2137 | 0.4735 | 0.3449 | 0.4593 | | |
| | 0.7742 | 6.0 | 102 | 0.7483 | 0.2943 | 0.0702 | 0.2085 | 0.5 | 0.3530 | 0.4845 | | |
| | 0.7742 | 7.0 | 119 | 0.7393 | 0.3159 | 0.0800 | 0.2199 | 0.5606 | 0.3599 | 0.5048 | | |
| | 0.7523 | 8.0 | 136 | 0.7281 | 0.3246 | 0.0992 | 0.2212 | 0.6098 | 0.3553 | 0.5116 | | |
| | 0.7418 | 9.0 | 153 | 0.7172 | 0.336 | 0.1068 | 0.2283 | 0.6364 | 0.4342 | 0.5668 | | |
| | 0.7328 | 10.0 | 170 | 0.7078 | 0.3431 | 0.1230 | 0.2338 | 0.6439 | 0.4063 | 0.5864 | | |
| | 0.7166 | 11.0 | 187 | 0.6942 | 0.3546 | 0.1306 | 0.2420 | 0.6629 | 0.4405 | 0.6021 | | |
| | 0.6951 | 12.0 | 204 | 0.6858 | 0.3746 | 0.1355 | 0.2635 | 0.6477 | 0.4650 | 0.6256 | | |
| | 0.6778 | 13.0 | 221 | 0.6750 | 0.3603 | 0.1339 | 0.2468 | 0.6667 | 0.4252 | 0.6116 | | |
| | 0.6778 | 14.0 | 238 | 0.6698 | 0.3661 | 0.1390 | 0.2529 | 0.6629 | 0.4311 | 0.6200 | | |
| | 0.6692 | 15.0 | 255 | 0.6623 | 0.3845 | 0.1412 | 0.2684 | 0.6780 | 0.4805 | 0.6796 | | |
| | 0.6465 | 16.0 | 272 | 0.6591 | 0.3700 | 0.1510 | 0.2539 | 0.6818 | 0.4287 | 0.6547 | | |
| | 0.6499 | 17.0 | 289 | 0.6528 | 0.4036 | 0.1567 | 0.2859 | 0.6856 | 0.4577 | 0.6653 | | |
| | 0.6229 | 18.0 | 306 | 0.6505 | 0.4088 | 0.1634 | 0.2886 | 0.7008 | 0.4962 | 0.6785 | | |
| | 0.6214 | 19.0 | 323 | 0.6489 | 0.3913 | 0.1485 | 0.2803 | 0.6477 | 0.4661 | 0.6453 | | |
| | 0.6092 | 20.0 | 340 | 0.6484 | 0.3825 | 0.1475 | 0.2688 | 0.6629 | 0.4577 | 0.6627 | | |
| | 0.6092 | 21.0 | 357 | 0.6409 | 0.4118 | 0.1652 | 0.2935 | 0.6894 | 0.5011 | 0.6852 | | |
| | 0.5973 | 22.0 | 374 | 0.6419 | 0.3982 | 0.1585 | 0.2812 | 0.6818 | 0.4647 | 0.6502 | | |
| | 0.6046 | 23.0 | 391 | 0.6368 | 0.4095 | 0.1664 | 0.2919 | 0.6856 | 0.4864 | 0.6670 | | |
| | 0.5811 | 24.0 | 408 | 0.6395 | 0.3895 | 0.1560 | 0.2785 | 0.6477 | 0.4556 | 0.6572 | | |
| | 0.5741 | 25.0 | 425 | 0.6310 | 0.4241 | 0.1740 | 0.3110 | 0.6667 | 0.5179 | 0.6775 | | |
| | 0.5697 | 26.0 | 442 | 0.6309 | 0.4014 | 0.1657 | 0.2864 | 0.6705 | 0.4815 | 0.6642 | | |
| | 0.5697 | 27.0 | 459 | 0.6292 | 0.4151 | 0.1680 | 0.3014 | 0.6667 | 0.4934 | 0.6880 | | |
| | 0.5656 | 28.0 | 476 | 0.6289 | 0.4 | 0.1616 | 0.2901 | 0.6439 | 0.4579 | 0.6607 | | |
| | 0.5540 | 29.0 | 493 | 0.6257 | 0.4009 | 0.1798 | 0.2874 | 0.6629 | 0.4710 | 0.6565 | | |
| | 0.5506 | 30.0 | 510 | 0.6227 | 0.4110 | 0.1809 | 0.2941 | 0.6818 | 0.4815 | 0.6873 | | |
| | 0.5547 | 31.0 | 527 | 0.6242 | 0.4164 | 0.1850 | 0.3012 | 0.6742 | 0.4773 | 0.6747 | | |
| | 0.5395 | 32.0 | 544 | 0.6228 | 0.4182 | 0.1844 | 0.3024 | 0.6780 | 0.4661 | 0.6754 | | |
| | 0.5407 | 33.0 | 561 | 0.6205 | 0.4171 | 0.2027 | 0.3005 | 0.6818 | 0.4822 | 0.6859 | | |
| | 0.5407 | 34.0 | 578 | 0.6187 | 0.4218 | 0.2007 | 0.3038 | 0.6894 | 0.5274 | 0.6971 | | |
| | 0.5368 | 35.0 | 595 | 0.6192 | 0.4162 | 0.2018 | 0.2995 | 0.6818 | 0.5025 | 0.6831 | | |
| | 0.5342 | 36.0 | 612 | 0.6192 | 0.4176 | 0.1833 | 0.3010 | 0.6818 | 0.5134 | 0.6936 | | |
| | 0.5339 | 37.0 | 629 | 0.6205 | 0.4126 | 0.1832 | 0.2980 | 0.6705 | 0.4775 | 0.6859 | | |
| | 0.5254 | 38.0 | 646 | 0.6198 | 0.4175 | 0.1851 | 0.3031 | 0.6705 | 0.4817 | 0.6901 | | |
| | 0.5318 | 39.0 | 663 | 0.6193 | 0.4159 | 0.1846 | 0.3007 | 0.6742 | 0.4859 | 0.6901 | | |
| | 0.5279 | 40.0 | 680 | 0.6191 | 0.4159 | 0.1843 | 0.3007 | 0.6742 | 0.4831 | 0.6859 | | |
| ### Framework versions | |
| - Transformers 5.13.0 | |
| - Pytorch 2.12.1+cu130 | |
| - Datasets 4.8.5 | |
| - Tokenizers 0.22.2 | |
| ## References | |
| - [Vulnerability-Lookup](https://vulnerability.circl.lu) — the vulnerability data source | |
| - [VulnTrain](https://github.com/vulnerability-lookup/VulnTrain) — training pipeline | |
| - [MITRE CTID attack_to_cve](https://github.com/center-for-threat-informed-defense/attack_to_cve) and [Mappings Explorer](https://center-for-threat-informed-defense.github.io/mappings-explorer/) — label sources | |
| - MITRE ATT&CK® is a registered trademark of The MITRE Corporation; content used per the [terms of use](https://attack.mitre.org/resources/legal-and-branding/terms-of-use/) | |