ramitha2002's picture
Update readme
908e92d verified
|
Raw
History Blame Contribute Delete
8.64 kB
---
base_model: fdtn-ai/Foundation-Sec-8B-Instruct
library_name: peft
pipeline_tag: text-generation
tags:
- base_model:adapter:fdtn-ai/Foundation-Sec-8B-Instruct
- lora
- transformers
- cybersecurity
- vulnerability-remediation
- cve
---
# Model Card for Model ID
LoRA adapter for `fdtn-ai/Foundation-Sec-8B-Instruct` tuned for structured CVE remediation output. The model is designed to take CVE evidence and return a fixed seven-field JSON object containing severity, affected component, root cause, and remediation guidance.
## Model Details
### Model Description
This model is a parameter-efficient fine-tuning adapter built on top of `fdtn-ai/Foundation-Sec-8B-Instruct`. It is intended for structured vulnerability remediation assistance rather than open-ended chat. Given CVE evidence such as CVE ID, description, CVSS score, CWE, and affected component context, it generates a JSON response with a fixed schema:
- `cve_id`
- `severity`
- `affected_component`
- `technical_root_cause`
- `recommended_fix`
- `developer_remediation_steps`
- `verification_steps`
The adapter was evaluated in a Colab-based external benchmark on 100 CVE examples and showed strong schema adherence and high exact-match performance on most structured fields.
- **Developed by:** Ramitha Iddamalgoda
- **Funded by [optional]:** Self-directed
- **Shared by [optional]:** Ramitha Iddamalgoda
- **Model type:** LoRA adapter for causal language modeling
- **Language(s) (NLP):** English
- **License:** Apache 2.0
- **Finetuned from model [optional]:** `fdtn-ai/Foundation-Sec-8B-Instruct`
### Model Sources [optional]
- **Paper [optional]:** Not applicable
- **Demo [optional]:** Not available
## Uses
### Direct Use
This adapter is intended for structured CVE remediation tasks where the input contains vulnerability evidence and the desired output is a constrained JSON object. Likely uses include:
- vulnerability triage experiments
- structured remediation drafting
- evaluation workflows for CVE understanding
- prototype security assistant pipelines
### Downstream Use
This adapter can be used inside larger systems that:
- collect CVE descriptions from vulnerability feeds
- normalize vulnerability information into a fixed schema
- generate remediation suggestions for analyst review
- compare structured output quality across model variants
### Out-of-Scope Use
This model should not be used as:
- a fully autonomous security remediation engine
- a guaranteed-safe patch recommendation system
- a replacement for expert review in production security operations
- a general-purpose cybersecurity assistant outside its structured CVE task
## Bias, Risks, and Limitations
This model inherits limitations from the base model and from its fine-tuning data. It may produce incomplete, incorrect, outdated, or oversimplified remediation guidance. Although it performs well on the reported benchmark, the benchmark is small and not a definitive production evaluation.
### Recommendations
Use this model as an assistive tool, not an authoritative source. All outputs should be reviewed by a human with security context before operational use. When reporting results, describe them as an initial external benchmark rather than a final research-grade evaluation.
## How to Get Started with the Model
Use the code below to get started with the model.
```python
from transformers import AutoModelForCausalLM, AutoTokenizer
from peft import PeftModel
base_model = "fdtn-ai/Foundation-Sec-8B-Instruct"
adapter_repo = "your-username/secfix-cve-remediation-lora"
tokenizer = AutoTokenizer.from_pretrained(adapter_repo)
model = AutoModelForCausalLM.from_pretrained(base_model, device_map="auto")
model = PeftModel.from_pretrained(model, adapter_repo)
model.eval()
```
Example input format:
```
CVE ID: CVE-2024-11773
Description: SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
CVSS Score: 9.8
CWE: CWE-89
Affected Component: Ivanti - Cloud Services Application
```
Expected output schema:
```
{
"cve_id": "",
"severity": "",
"affected_component": "",
"technical_root_cause": "",
"recommended_fix": "",
"developer_remediation_steps": "",
"verification_steps": ""
}
```
## Training Details
### Training Data
The adapter was trained for structured CVE remediation tasks using public CVE-oriented datasets prepared into JSONL chat-style training rows. The broader project used public CVE records with descriptions, CVSS-derived severity information, CWE information where available, and remediation-oriented text derived from source evidence.
Datasets considered in the project included:
- AlicanKiraz0/All-CVE-Records-Training-Dataset
- iamthierno/cvedataset.jsonl
The final task format used a system prompt plus a user message containing CVE evidence, with the assistant target being a structured JSON object.
### Training Procedure
The model was fine-tuned as a LoRA adapter over fdtn-ai/Foundation-Sec-8B-Instruct for causal language modeling.
#### Training Hyperparameters
- **Training regime:** bf16 when supported, otherwise fp32
- **LoRA rank:** 16
- **LoRA alpha:** 32
- **LoRA dropout:** 0.1
- **Target modules:** `q_proj`, `k_proj`, `v_proj`, `o_proj`
- **Epochs:** 2
- **Max sequence length:** 2048
- **Learning rate:** 2e-5
- **Weight decay:** 0.05
- **Gradient accumulation steps:** 4
- **Effective batch size:** 16
- **Gradient checkpointing:** enabled
#### Speeds, Sizes, Times
The adapter artifact is much smaller than the full base model because only LoRA parameters are stored. Evaluation and inference in Colab were performed using 4-bit loading for practical memory usage.
## Evaluation
### Testing Data, Factors & Metrics
#### Testing Data
The published benchmark was run on 200 examples sampled from:
- `AlicanKiraz0/All-CVE-Records-Training-Dataset`
The reported sample used a balanced severity mix:
- 25 Critical
- 25 High
- 25 Medium
- 25 Low
#### Factors
The evaluation focuses on:
- structured JSON validity
- exact-match correctness on normalized fields
- token overlap on short text spans
- overlap-based quality on longer remediation text
#### Metrics
The evaluation used:
- JSON validity rate
- required key set match rate
- field completeness
- exact match for `cve_id`
- exact match and Macro-F1 for `severity`
- exact match and Token-F1 for `affected_component`
- exact match, Token-F1, and CWE Macro-F1 for `technical_root_cause`
- ROUGE-L for:
- `recommended_fix`
- `developer_remediation_steps`
- `verification_steps`
BERTScore was not computed in the published run.
### Results
Published benchmark results:
- JSON validity: `0.9400`
- Required key match: `0.9400`
- Field completeness: `0.9400`
- CVE ID exact match: `0.9400`
- Severity exact match: `0.9400`
- Severity Macro-F1: `0.7748`
- Affected component exact match: `0.9400`
- Affected component Token-F1: `0.9400`
- Technical root cause exact match: `0.9400`
- Technical root cause Token-F1: `0.9400`
- Technical root cause CWE Macro-F1: `0.9062`
- Recommended fix ROUGE-L: `0.9367`
- Developer remediation ROUGE-L: `0.9228`
- Verification steps ROUGE-L: `0.9400`
#### Summary
On the published 100-example Colab benchmark, the adapter showed strong schema adherence and high exact-match performance across most structured fields. The weakest reported metric is severity Macro-F1, which suggests that the remaining errors are concentrated in a subset of severity classes rather than evenly distributed.
## Technical Specifications [optional]
### Model Architecture and Objective
[More Information Needed]
### Compute Infrastructure
Training used NVIDIA MI300X VRAM and Google Colab for testing.
#### Hardware
- NVIDIA MI300X VRAM for training
- Google Colab T4 GPU for evaluation
#### Software
- Transformers
- PEFT
- PyTorch
- Hugging Face Hub
- rouge-score
- scikit-learn
## Citation [optional]
**BibTeX:**
```bibtex
@misc{secfix_lora_adapter,
title={SecFix CVE Remediation LoRA Adapter},
author={Ramitha},
year={2026},
howpublished={Hugging Face model repository}
}
```
**APA:**
Iddamalgoda, I. H. R. P. (2026). *SecFix CVE Remediation LoRA Adapter* [LoRA adapter]. Hugging Face.
## Glossary
- **CVE:** Common Vulnerabilities and Exposures identifier
- **CWE:** Common Weakness Enumeration label
- **LoRA:** Low-Rank Adaptation, a parameter-efficient fine-tuning method
- **ROUGE-L:** Longest-common-subsequence overlap metric for generated text
- **Macro-F1:** Class-balanced F1 score across labels
### Framework versions
- PEFT 0.19.1