File size: 3,197 Bytes
67fb341 de1733a 67fb341 de1733a 7e14579 de1733a | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 | ---
base_model: unsloth/SmolLM2-1.7b-Instruct
tags:
- text-generation-inference
- transformers
- unsloth
- llama
license: apache-2.0
language:
- en
datasets:
- madox81/mittre_severity_ds
---
# Uploaded finetuned model
- **Developed by:** madox81
- **License:** apache-2.0
- **Finetuned from model :** unsloth/SmolLM2-1.7b-Instruct
This llama model was trained 2x faster with [Unsloth](https://github.com/unslothai/unsloth) and Huggingface's TRL library.
[<img src="https://raw.githubusercontent.com/unslothai/unsloth/main/images/unsloth%20made%20with%20love.png" width="200"/>](https://github.com/unslothai/unsloth)
# Smollm2_Cyber_Insight
## Model Overview
**Smollm2_Cyber_Insight** is a lightweight domain-adapted language model fine-tuned for **cybersecurity threat analysis** tasks.
The model specializes in interpreting short textual descriptions of security incidents and producing structured (JSON) security insights.
- **Base Model:** smollm2-1.7b-instruct
- **Architecture:** SmolLM2
- **Training Method:** LoRA fine-tuning
- **Domain:** Cyber Threat Analysis
- **Model Size:** ~1.7B parameters
## Capabilities
The model supports the following tasks:
- Mapping incidents to **MITRE ATT&CK tactics**
- Identifying possible **attack techniques**
- Assessing **incident severity and potential business impact**
- Assisting in structured cybersecurity analysis
## Intended Use
This model is suitable for:
- Cyber threat intelligence experiments
- NLP research in cybersecurity
- Cybersecurity research
- Prototyping AI-assisted SOC tools
## Limitations
- Predictions are probabilistic and may require analyst validation
- Performance depends on similarity to training data
- Not intended for autonomous security decision-making
## Training Data
The model was trained on a **specialized cybersecurity dataset** [madox81/mittre_severity_ds](https://huggingface.co/datasets/madox81/mittre_severity_ds) containing incident descriptions and structured labels including:
- attack tactics
- attack techniques
- incident severity indicators.
## Example Prompt
```
Map the following security event to MITRE ATT&CK tactics and techniques.
Input: rule apt_lolbin { strings: $a = "certutil.exe" nocase; $b = "-urlfetch" nocase; condition: $a and $b }
Identify the ATT&CK tactics and techniques in this data.
Input: selection: EventName: 'UpdateDomainNameservers' AND SourceIPAddress not in ('aws-internal')
Classify this cybersecurity event into MITRE ATT&CK framework.
Input: rule apt_wasm { strings: $a = "WebAssembly.compile" nocase; $b = "fetch" nocase; condition: $a and $b }
Map the following security event to MITRE ATT&CK tactics and techniques.
Input: Incident Type: Data Breach
Target: MongoDB Instance
Vector: Weak Authentication
Assess the severity and business risk of the following incident.
Input: Incident: Phishing affecting HR Accounts.
Analyze the business risk and severity for the input below.
Input: Incident: Supply Chain Attack affecting CI/CD Pipeline.
Rate the severity (Low/Medium/High/Critical) and impact of this event.
Input: Incident: Credential Dumping affecting Windows Domain Controller.
```
## License
Refer to the base model license.
|