| | --- |
| | base_model: unsloth/SmolLM2-1.7b-Instruct |
| | tags: |
| | - text-generation-inference |
| | - transformers |
| | - unsloth |
| | - llama |
| | license: apache-2.0 |
| | language: |
| | - en |
| | datasets: |
| | - madox81/mittre_severity_ds |
| | --- |
| | |
| | # Uploaded finetuned model |
| |
|
| | - **Developed by:** madox81 |
| | - **License:** apache-2.0 |
| | - **Finetuned from model :** unsloth/SmolLM2-1.7b-Instruct |
| |
|
| | This llama model was trained 2x faster with [Unsloth](https://github.com/unslothai/unsloth) and Huggingface's TRL library. |
| |
|
| | [<img src="https://raw.githubusercontent.com/unslothai/unsloth/main/images/unsloth%20made%20with%20love.png" width="200"/>](https://github.com/unslothai/unsloth) |
| |
|
| |
|
| | # Smollm2_Cyber_Insight |
| |
|
| | ## Model Overview |
| |
|
| | **Smollm2_Cyber_Insight** is a lightweight domain-adapted language model fine-tuned for **cybersecurity threat analysis** tasks. |
| | The model specializes in interpreting short textual descriptions of security incidents and producing structured (JSON) security insights. |
| |
|
| | - **Base Model:** smollm2-1.7b-instruct |
| | - **Architecture:** SmolLM2 |
| | - **Training Method:** LoRA fine-tuning |
| | - **Domain:** Cyber Threat Analysis |
| | - **Model Size:** ~1.7B parameters |
| |
|
| | ## Capabilities |
| |
|
| | The model supports the following tasks: |
| |
|
| | - Mapping incidents to **MITRE ATT&CK tactics** |
| | - Identifying possible **attack techniques** |
| | - Assessing **incident severity and potential business impact** |
| | - Assisting in structured cybersecurity analysis |
| |
|
| | ## Intended Use |
| |
|
| | This model is suitable for: |
| |
|
| | - Cyber threat intelligence experiments |
| | - NLP research in cybersecurity |
| | - Cybersecurity research |
| | - Prototyping AI-assisted SOC tools |
| |
|
| | ## Limitations |
| |
|
| | - Predictions are probabilistic and may require analyst validation |
| | - Performance depends on similarity to training data |
| | - Not intended for autonomous security decision-making |
| |
|
| | ## Training Data |
| |
|
| | The model was trained on a **specialized cybersecurity dataset** [madox81/mittre_severity_ds](https://huggingface.co/datasets/madox81/mittre_severity_ds) containing incident descriptions and structured labels including: |
| |
|
| | - attack tactics |
| | - attack techniques |
| | - incident severity indicators. |
| |
|
| | ## Example Prompt |
| |
|
| |
|
| | ``` |
| | Map the following security event to MITRE ATT&CK tactics and techniques. |
| | Input: rule apt_lolbin { strings: $a = "certutil.exe" nocase; $b = "-urlfetch" nocase; condition: $a and $b } |
| | |
| | Identify the ATT&CK tactics and techniques in this data. |
| | Input: selection: EventName: 'UpdateDomainNameservers' AND SourceIPAddress not in ('aws-internal') |
| | |
| | Classify this cybersecurity event into MITRE ATT&CK framework. |
| | Input: rule apt_wasm { strings: $a = "WebAssembly.compile" nocase; $b = "fetch" nocase; condition: $a and $b } |
| | |
| | Map the following security event to MITRE ATT&CK tactics and techniques. |
| | Input: Incident Type: Data Breach |
| | Target: MongoDB Instance |
| | Vector: Weak Authentication |
| | |
| | Assess the severity and business risk of the following incident. |
| | Input: Incident: Phishing affecting HR Accounts. |
| | |
| | Analyze the business risk and severity for the input below. |
| | Input: Incident: Supply Chain Attack affecting CI/CD Pipeline. |
| | |
| | Rate the severity (Low/Medium/High/Critical) and impact of this event. |
| | Input: Incident: Credential Dumping affecting Windows Domain Controller. |
| | ``` |
| |
|
| | ## License |
| |
|
| | Refer to the base model license. |
| |
|
