File size: 5,087 Bytes
d68a778 db6117d d68a778 db6117d d68a778 db6117d d68a778 db6117d d68a778 db6117d d68a778 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 |
---
license: apache-2.0
library_name: peft
tags:
- generated_from_trainer
base_model: mistralai/Mistral-7B-v0.1
model-index:
- name: qlora-out
results: []
---
<!-- This model card has been generated automatically according to the information the Trainer had access to. You
should probably proofread and complete it, then remove this comment. -->
[<img src="https://raw.githubusercontent.com/OpenAccess-AI-Collective/axolotl/main/image/axolotl-badge-web.png" alt="Built with Axolotl" width="200" height="32"/>](https://github.com/OpenAccess-AI-Collective/axolotl)
<details><summary>See axolotl config</summary>
axolotl version: `0.4.0`
```yaml
base_model: mistralai/Mistral-7B-v0.1
model_type: MistralForCausalLM
tokenizer_type: LlamaTokenizer
load_in_8bit: false
load_in_4bit: true
strict: false
datasets:
- path: caffeinatedcherrychic/cidds-agg-balanced
type: alpaca
dataset_prepared_path: last_run_prepared
val_set_size: 0.1
output_dir: ./qlora-out
adapter: qlora
lora_model_dir:
sequence_len: 256
sample_packing: false
pad_to_sequence_len: true
lora_r: 32
lora_alpha: 64
lora_dropout: 0.05
lora_target_linear: true
lora_fan_in_fan_out:
lora_target_modules:
- gate_proj
- down_proj
- up_proj
- q_proj
- v_proj
- k_proj
- o_proj
wandb_project:
wandb_entity:
wandb_watch:
wandb_name:
wandb_log_model:
gradient_accumulation_steps: 4
micro_batch_size: 2
num_epochs: 5
optimizer: adamw_bnb_8bit
lr_scheduler: cosine
learning_rate: 0.0002
train_on_inputs: false
group_by_length: false
bf16: true
fp16: false
tf32: false
gradient_checkpointing: true
early_stopping_patience:
resume_from_checkpoint:
local_rank:
logging_steps: 1
xformers_attention:
flash_attention: true
loss_watchdog_threshold: 5.0
loss_watchdog_patience: 3
max_steps: 500
warmup_steps: 10
evals_per_epoch: 4
eval_table_size:
eval_max_new_tokens: 1
saves_per_epoch: 1
debug:
deepspeed:
weight_decay: 0.001
fsdp:
fsdp_config:
special_tokens:
```
</details><br>
# qlora-out
This model is a fine-tuned version of [mistralai/Mistral-7B-v0.1](https://huggingface.co/mistralai/Mistral-7B-v0.1) on the CIDDS dataset.
It achieves the following results on the evaluation set:
- Loss: 0.1465
# Mistral based NIDS
This repository contains an implementation of a Network Intrusion Detection System (NIDS) based on the Mistral Large Language Model (LLM). The system is designed to detect and classify network attacks using natural language processing techniques.
## Overview
- **LLM**:
- The NIDS is built using the Mistral LLM, a powerful language model that enables the system to understand and analyze network traffic logs.
- Another LLM, Llama2, was fine-tuned and the performance of the two were compared. The link to my implementation of Llama2-based can be found [here](https://huggingface.co/caffeinatedcherrychic/Llama2-based-NIDS).
- **Dataset**: The system is trained and evaluated on the CIDDS dataset, which includes various types of network attacks such as DoS, PortScan, Brute Force, and PingScan.
- **Training**: The LLM is fine-tuned on the CIDDS dataset after it was pre-processed using the [NTFA tool](https://github.com/KayvanKarim/ntfa) to learn the patterns and characteristics of different network attacks.
- **Inference**: The trained model is used to classify network traffic logs in real-time, identifying potential attacks and generating alerts.
## Results
The mistral-based NIDS achieves a higher detection rate with lower false positives, demonstrating the effectiveness of using LLMs for network intrusion detection. With access to computational resources for longer periods, It's performance could further be improved.
### Training hyperparameters
The following hyperparameters were used during training:
- learning_rate: 0.0002
- train_batch_size: 2
- eval_batch_size: 2
- seed: 42
- gradient_accumulation_steps: 4
- total_train_batch_size: 8
- optimizer: Adam with betas=(0.9,0.999) and epsilon=1e-08
- lr_scheduler_type: cosine
- lr_scheduler_warmup_steps: 10
- training_steps: 62
### Training results
| Training Loss | Epoch | Step | Validation Loss |
|:-------------:|:-----:|:----:|:---------------:|
| 6.6367 | 0.08 | 1 | 7.3009 |
| 2.3866 | 0.32 | 4 | 0.7138 |
| 0.948 | 0.64 | 8 | 1.0446 |
| 0.6822 | 0.96 | 12 | 1.3960 |
| 0.5222 | 1.28 | 16 | 0.9023 |
| 0.534 | 1.6 | 20 | 0.4847 |
| 0.4624 | 1.92 | 24 | 0.5740 |
| 0.7753 | 2.24 | 28 | 0.3772 |
| 0.3324 | 2.56 | 32 | 0.2937 |
| 0.1973 | 2.88 | 36 | 0.5675 |
| 0.0843 | 3.2 | 40 | 0.2360 |
| 0.3836 | 3.52 | 44 | 0.1397 |
| 0.0449 | 3.84 | 48 | 0.2801 |
| 0.2246 | 4.16 | 52 | 0.1946 |
| 0.229 | 4.48 | 56 | 0.1618 |
| 0.3073 | 4.8 | 60 | 0.1465 |
### Framework versions
- PEFT 0.10.1.dev0
- Transformers 4.39.0.dev0
- Pytorch 2.1.2
- Datasets 2.18.0
- Tokenizers 0.15.0 |