jprtr
/

gemma-2-2b-it-CyberAgent

@@ -1,211 +1,208 @@
 ---
-base_model: unsloth/gemma-2-2b-it-bnb-4bit
-library_name: peft
-pipeline_tag: text-generation
-tags:
-- base_model:adapter:unsloth/gemma-2-2b-it-bnb-4bit
-- dpo
-- lora
-- sft
-- transformers
-- trl
-- unsloth
 ---
-# Model Card for Model ID
-<!-- Provide a quick summary of what the model is/does. -->
-## Model Details
-### Model Description
-<!-- Provide a longer summary of what this model is. -->
-- **Developed by:** [More Information Needed]
-- **Funded by [optional]:** [More Information Needed]
-- **Shared by [optional]:** [More Information Needed]
-- **Model type:** [More Information Needed]
-- **Language(s) (NLP):** [More Information Needed]
-- **License:** [More Information Needed]
-- **Finetuned from model [optional]:** [More Information Needed]
-### Model Sources [optional]
-<!-- Provide the basic links for the model. -->
-- **Repository:** [More Information Needed]
-- **Paper [optional]:** [More Information Needed]
-- **Demo [optional]:** [More Information Needed]
-## Uses
-<!-- Address questions around how the model is intended to be used, including the foreseeable users of the model and those affected by the model. -->
-### Direct Use
-<!-- This section is for the model use without fine-tuning or plugging into a larger ecosystem/app. -->
-[More Information Needed]
-### Downstream Use [optional]
-<!-- This section is for the model use when fine-tuned for a task, or when plugged into a larger ecosystem/app -->
-[More Information Needed]
-### Out-of-Scope Use
-<!-- This section addresses misuse, malicious use, and uses that the model will not work well for. -->
-[More Information Needed]
-## Bias, Risks, and Limitations
-<!-- This section is meant to convey both technical and sociotechnical limitations. -->
-[More Information Needed]
-### Recommendations
-<!-- This section is meant to convey recommendations with respect to the bias, risk, and technical limitations. -->
-Users (both direct and downstream) should be made aware of the risks, biases and limitations of the model. More information needed for further recommendations.
-## How to Get Started with the Model
-Use the code below to get started with the model.
-[More Information Needed]
-## Training Details
-### Training Data
-<!-- This should link to a Dataset Card, perhaps with a short stub of information on what the training data is all about as well as documentation related to data pre-processing or additional filtering. -->
-[More Information Needed]
-### Training Procedure
-<!-- This relates heavily to the Technical Specifications. Content here should link to that section when it is relevant to the training procedure. -->
-#### Preprocessing [optional]
-[More Information Needed]
-#### Training Hyperparameters
-- **Training regime:** [More Information Needed] <!--fp32, fp16 mixed precision, bf16 mixed precision, bf16 non-mixed precision, fp16 non-mixed precision, fp8 mixed precision -->
-#### Speeds, Sizes, Times [optional]
-<!-- This section provides information about throughput, start/end time, checkpoint size if relevant, etc. -->
-[More Information Needed]
-## Evaluation
-<!-- This section describes the evaluation protocols and provides the results. -->
-### Testing Data, Factors & Metrics
-#### Testing Data
-<!-- This should link to a Dataset Card if possible. -->
-[More Information Needed]
-#### Factors
-<!-- These are the things the evaluation is disaggregating by, e.g., subpopulations or domains. -->
-[More Information Needed]
-#### Metrics
-<!-- These are the evaluation metrics being used, ideally with a description of why. -->
-[More Information Needed]
-### Results
-[More Information Needed]
-#### Summary
-## Model Examination [optional]
-<!-- Relevant interpretability work for the model goes here -->
-[More Information Needed]
-## Environmental Impact
-<!-- Total emissions (in grams of CO2eq) and additional considerations, such as electricity usage, go here. Edit the suggested text below accordingly -->
-Carbon emissions can be estimated using the [Machine Learning Impact calculator](https://mlco2.github.io/impact#compute) presented in [Lacoste et al. (2019)](https://arxiv.org/abs/1910.09700).
-- **Hardware Type:** [More Information Needed]
-- **Hours used:** [More Information Needed]
-- **Cloud Provider:** [More Information Needed]
-- **Compute Region:** [More Information Needed]
-- **Carbon Emitted:** [More Information Needed]
-## Technical Specifications [optional]
-### Model Architecture and Objective
-[More Information Needed]
-### Compute Infrastructure
-[More Information Needed]
-#### Hardware
-[More Information Needed]
-#### Software
-[More Information Needed]
-## Citation [optional]
-<!-- If there is a paper or blog post introducing the model, the APA and Bibtex information for that should go in this section. -->
-**BibTeX:**
-[More Information Needed]
-**APA:**
-[More Information Needed]
-## Glossary [optional]
-<!-- If relevant, include terms and calculations in this section that can help readers understand the model or model card. -->
-[More Information Needed]
-## More Information [optional]
-[More Information Needed]
-## Model Card Authors [optional]
-[More Information Needed]
-## Model Card Contact
-[More Information Needed]
-### Framework versions
-- PEFT 0.18.0

 ---
+{}
 ---
+# Gemma-2-2B-IT-CyberAgent
+## Model Description
+This is a fine-tuned version of google/gemma-2-2b-it, optimized for **on-device cybersecurity applications** for mobile devices. Unlike standard chatbots, this model is trained to output structured **JSON actions** (e.g., `scan_url`, `isolate_network`) that can be executed by an Android app or Edge AI Service.
+The model has been adapted using **Supervised Fine-Tuning (SFT)** and **DPO (Direct Preference Optimization)** with **LoRA (Low-Rank Adaptation)** techniques to maintain high performance while remaining efficient for mobile and edge devices.
+## Key Technologies
+- **Unsloth**: Used for ultra-fast, memory-efficient fine-tuning (2x faster, 70% less memory)
+- **LiteRT (formerly TFLite)**: Model format compatible with Google AI Edge Gallery for on-device inference
+- **LoRA (Low-Rank Adaptation)**: Parameter-efficient fine-tuning to keep the model lightweight
+## Model Details
+- **Base Model**: google/gemma-2-2b-it
+- **Model Size**: 2 billion parameters (~2GB)
+- **Model Type**: Causal Language Model (Gemma2ForCausalLM)
+- **Fine-tuning Method**: LoRA + SFT + DPO
+- **Optimization**: Mobile-first deployment
+- **Precision**: bfloat16 / 4-bit quantization
+- **Context Length**: 2048 tokens (training) / 8192 tokens (max)
+- **Hardware Requirements**: GPU (L4/T4 recommended for training)
+## Training
+This model was fine-tuned with the following techniques:
+### Supervised Fine-Tuning (SFT)
+- **Training Steps**: 600 steps
+- **Dataset**: Custom cybersecurity dataset with 2000+ threat examples
+- **Focus**: Task-specific instruction tuning for security actions
+- **Learning Rate**: 5e-5 (stable convergence)
+- **Batch Size**: 2 with gradient accumulation (4 steps)
+### DPO Training (Refining the Agent)
+- **Training Steps**: 150 steps
+- **Purpose**: Refine model responses for better alignment
+- **Technique**: Direct Preference Optimization
+### Data Preparation
+- Clean synthetic dataset with EOS tokens
+- Hard negatives for improved discrimination
+- Structured JSON output format training
+## Available Security Actions
+The model can output these security actions:
+- `scan_url(url)`: Check a link for phishing
+- `kill_process(pid)`: Stop a suspicious app
+- `isolate_network()`: Cut off internet access
+- `ignore()`: No threat detected
+## Input/Output Format
+**Input**: Natural language threat description
+**Output**: JSON action block
+```json
+{
+  "thought": "Suspicious URL detected",
+  "action": "scan_url",
+  "params": {"url": "bit.ly/malware-site"}
+}
+```
+## Implementation Workflow
+This model outputs JSON action blocks that your application must parse and execute. Here's the complete workflow:
+### 1. Model Generates JSON Instructions
+When you send user input to the model (e.g., "Check this suspicious link: bit.ly/malware-site"), it analyzes the threat and outputs structured JSON:
+```json
+{
+  "thought": "Suspicious URL detected",
+  "action": "scan_url",
+  "params": {"url": "bit.ly/malware-site"}
+}
+```
+### 2. Application Parses JSON
+Your Android app or Edge AI Service must:
+- Parse the JSON response from the model
+- Extract the `action` field to determine what security action to take
+- Extract the `params` object to get necessary parameters (URL, process ID, etc.)
+- Extract the `thought` field for logging/debugging
+### 3. Execute Security Actions
+Based on the action specified, your application implements the actual security function:
+- **`scan_url(url)`**: Integrate with a URL scanning service (e.g., Google Safe Browsing API, VirusTotal) to check if the link is malicious
+- **`kill_process(pid)`**: Use Android's `ActivityManager` or system APIs to terminate the suspicious application process
+- **`isolate_network()`**: Disable network connectivity using `ConnectivityManager` or firewall APIs to prevent data exfiltration
+- **`ignore()`**: No action needed - log the event and continue normal operation
+**Important**: The model does NOT perform these actions itself. It only generates the instructions. Your application must implement the actual security mechanisms.
+## Usage
+### Python
+```python
+from transformers import AutoTokenizer, AutoModelForCausalLM
+import torch
+model_id = "jprtr/gemma-2-2b-it-CyberAgent"
+tokenizer = AutoTokenizer.from_pretrained(model_id)
+model = AutoModelForCausalLM.from_pretrained(
+    model_id,
+    device_map="auto",
+    torch_dtype=torch.bfloat16,
+)
+# Security agent prompt
+agent_prompt = """You are an autonomous security agent on a Pixel device.
+Analyze the user's input. If a threat is detected, output a JSON action block.
+Available Actions:
+- scan_url(url): Check a link for phishing.
+- kill_process(pid): Stop a suspicious app.
+- isolate_network(): Cut off internet access.
+- ignore(): No threat found.
+### Instruction:
+{}
+### Input:
+{}
+### Response:
+{}"""
+input_text = "Check this suspicious link: bit.ly/malware-site"
+prompt = agent_prompt.format(input_text, "", "")
+inputs = tokenizer([prompt], return_tensors="pt").to("cuda")
+outputs = model.generate(**inputs, max_new_tokens=128, use_cache=True)
+response = tokenizer.batch_decode(outputs)[0].split("### Response:")[1].strip()
+print(response)
+```
+## Training Notebook
+The complete training pipeline is available on GitHub:
+- **Repository**: [cyber-agent-gemma-2-2b-mobile](https://github.com/jprtr/cyber-agent-gemma-2-2b-mobile)
+- **Notebook**: Production-ready Google Colab notebook with full training workflow
+- **Open in Colab**: [![Open In Colab](https://colab.research.google.com/assets/colab-badge.svg)](https://github.com/jprtr/cyber-agent-gemma-2-2b-mobile/blob/main/Gemma_2_2B_Cybersecurity_Agent_Mobile.ipynb)
+## Intended Use
+- Mobile and edge device cybersecurity
+- On-device AI security applications
+- Autonomous threat detection and response
+- Resource-constrained environments
+- Android security agents
+- Privacy-focused local inference
+## Performance
+- **Training Time**: ~1-2 hours on L4 GPU
+- **Model Size**: ~2GB (suitable for modern Android devices with 6GB+ RAM)
+- **Inference Speed**: Optimized for on-device execution
+- **Memory Efficiency**: 70% less memory usage with Unsloth optimization
+## Limitations
+- This model inherits the limitations of the base Gemma 2-2B model
+- Optimized for mobile deployment, performance may vary on different hardware
+- As with all language models, outputs should be verified for accuracy
+- AI Edge Torch conversion had compatibility issues - use PyTorch Mobile or ONNX Runtime instead
+- Trained specifically for cybersecurity actions - not a general-purpose chatbot
+## Deployment Options
+1. **PyTorch Mobile** (recommended for Android)
+2. **ONNX Runtime Mobile**
+3. **TensorFlow Lite** (via ONNX conversion)
+## Citation
+If you use this model, please cite both the original Gemma model and this fine-tuned version:
+```bibtex
+@misc{gemma-2-2b-it-cyberagent,
+  author = {CyberAgent},
+  title = {Gemma-2-2B-IT-CyberAgent: Mobile Cybersecurity Agent},
+  year = {2025},
+  publisher = {HuggingFace},
+  url = {https://huggingface.co/jprtr/gemma-2-2b-it-CyberAgent}
+}
+```
+## License
+This model is released under the Gemma license. See the [Gemma Terms of Use](https://ai.google.dev/gemma/terms) for more details.