README.md

---
license: mit
language:
- en
auto_detected: true
datasets:
- Canstralian/pentesting_dataset
- Canstralian/Wordlists
- Canstralian/ShellCommands
- Canstralian/CyberExploitDB
- Chemically-motivated/CyberSecurityDataset
- Chemically-motivated/AI-Agent-Generating-Tool-Debugging-Prompt-Library
metrics:
- accuracy
- precision
- f1
- code_eval
base_model:
- WhiteRabbitNeo/WhiteRabbitNeo-33B-v1.5
library_name: transformers
tags:
- code
---

# CyberAttackDetection

## Overview

The **CyberAttackDetection** model is a fine-tuned BERT-based sequence classification model designed to identify cyberattacks in textual descriptions. It classifies input data into two categories:  
- **Attack (1)**: The text describes a cybersecurity threat or attack.  
- **Non-Attack (0)**: The text does not describe a cybersecurity threat.

---

## Model Details

- **License**: [MIT License](LICENSE)
- **Datasets**:  
  - Custom cybersecurity datasets:  
    - `Canstralian/pentesting_dataset`  
    - `Canstralian/Wordlists`  
    - `Canstralian/ShellCommands`  
    - `Canstralian/CyberExploitDB`  
    - `Chemically-motivated/CyberSecurityDataset`  
    - `Chemically-motivated/AI-Agent-Generating-Tool-Debugging-Prompt-Library`  
- **Language**: English  
- **Metrics**:  
  - **Accuracy**: 85%  
  - **F1 Score**: 0.83  
  - **Precision**: 0.80  
  - **Recall**: 0.87  
- **Base Model**: `WhiteRabbitNeo/WhiteRabbitNeo-33B-v1.5`  
- **Pipeline Tag**: `text-classification`  
- **Library Name**: `transformers`  
- **Tags**: `cybersecurity`, `text-classification`, `attack-detection`, `BERT`  
- **New Version**: `v1.0.0`  
- **Auto-Detected Features**: True  

---

## Model Usage

### Installation
Before using the model, ensure the necessary dependencies are installed:  
```bash
pip install transformers torch
```

### Example Code
Use the following Python code to load the model and classify a sample text:

```python
from transformers import AutoModelForSequenceClassification, AutoTokenizer

# Load the fine-tuned model and tokenizer
model = AutoModelForSequenceClassification.from_pretrained("Canstralian/CyberAttackDetection")
tokenizer = AutoTokenizer.from_pretrained("Canstralian/CyberAttackDetection")

# Example input: Cyberattack description
text = "A vulnerability was discovered in the server software."

# Tokenize the input
inputs = tokenizer(text, return_tensors="pt")

# Get model predictions
outputs = model(**inputs)

# Predict the label (1 = attack, 0 = non-attack)
prediction = outputs.logits.argmax(dim=-1)
print(f"Prediction: {'Attack' if prediction.item() == 1 else 'Non-Attack'}")
```

## Prompts:
- Open Ports: "Analyze the following network scan report and identify open ports and their associated vulnerabilities. Suggest best practices to secure these ports: [Insert network scan report]."
- Outdated Software or Services: "Given this list of installed software and services, identify outdated versions and known vulnerabilities. Provide recommendations for updates or patches to mitigate risks: [Insert software and service list]."
- Default Credentials: "Scan the following system configurations for any use of default credentials. Provide a list of affected services and recommendations for securing these credentials: [Insert system configuration details]."
- Misconfigurations: "Evaluate the provided system configuration for potential misconfigurations. Highlight risks and provide recommendations for secure setup: [Insert system configuration details]."
- Injection Flaws: "Review the given web application code or request logs and identify potential injection vulnerabilities such as SQL injection, command injection, or XSS. Provide remediation steps: [Insert code or logs]."
- Unencrypted Services: "Analyze the following network configuration and identify services that are transmitting data without encryption. Suggest strategies to enforce secure transmission: [Insert network configuration details]."
- Known Software Vulnerabilities: "Review the provided software inventory and cross-reference it with known vulnerabilities in the National Vulnerability Database (NVD). Recommend patches or workarounds: [Insert software inventory]."
- Cross-Site Request Forgery (CSRF): "Examine the provided web application code for potential CSRF vulnerabilities. Suggest specific coding or configuration techniques to prevent these attacks: [Insert code]."
- Insecure Direct Object References (IDOR): "Analyze the provided API endpoints and their associated access controls. Identify any IDOR vulnerabilities and suggest secure implementation strategies: [Insert API endpoint details]."
- Security Misconfigurations in Web Servers/Applications: "Assess the given web server configuration for security misconfigurations, such as improper HTTP headers or verbose error messages. Recommend changes to harden the server: [Insert server configuration]."
- Broken Authentication and Session Management: "Review the provided authentication and session management implementation. Identify weaknesses and recommend strategies to prevent compromise: [Insert authentication/session management details]."
- Sensitive Data Exposure: "Analyze the system's data handling processes and storage practices to identify potential sensitive data exposure. Recommend measures to protect sensitive information: [Insert system details]."
- API Vulnerabilities: "Examine the following API documentation and implementation for vulnerabilities, including insecure endpoints and data leakage. Provide recommendations for securing the API: [Insert API documentation]."
- Denial of Service (DoS) Vulnerabilities: "Review the system's architecture and configuration for potential vulnerabilities to DoS attacks. Suggest mitigation strategies such as rate limiting and load balancing: [Insert system architecture]."
- Buffer Overflows: "Analyze the provided code or application for buffer overflow vulnerabilities. Highlight potential weak points and recommend secure coding practices to prevent exploitation: [Insert code]."


## Model Training Details

### Training Objective
The model was fine-tuned to classify descriptive text as either an attack or non-attack event. It uses a **binary classification** approach.

### Training Data
- The training data includes cybersecurity-related attack descriptions and non-attack examples from curated datasets.

---

## Evaluation

The model was evaluated on a balanced test set using the following metrics:  
- **Accuracy**: 85%  
- **F1 Score**: 0.83  
- **Precision**: 0.80  
- **Recall**: 0.87  

These results indicate strong performance in detecting cyberattacks from text.

---

## License

This project is licensed under the **MIT License**. Refer to the [LICENSE](LICENSE) file for details.

---

## How to Contribute

We welcome contributions!  
- **Submit Issues**: If you encounter problems, open an issue on the repository.  
- **Pull Requests**: Feel free to contribute code improvements or documentation updates.

---

## Contact

For further information or inquiries, contact: **canstralian@cybersecurity.com**