Hugging Face's logo

zeltera
/
SMITH

Token Classification
Transformers
Safetensors
PyTorch
English
qwen2
text-generation
custom-model
text-generation-inference
Model card Files
xet
Community
zeltera commited on
Commit
a3fc0d4
Β·
verified Β·
1 Parent(s): f2bd51b

Update README.md

Browse files
Files changed (1) hide show
  1. README.md +42 -40
README.md CHANGED
@@ -13,33 +13,36 @@ base_model:
13
  - Qwen/Qwen2.5-0.5B
14
  ---
15
 
16
- # πŸ›‘οΈ MCMA β€” Malware Cybersecurity Malware Analyzer
17
 
18
- **Model:** `zeltera/mcma`
19
- **Task:** Static malware analysis and interpretation
20
- **Domain:** Cybersecurity & Threat Intelligence
21
- **Hosted on:** Hugging Face Models
22
 
23
  ---
24
 
25
- ## 🧠 Model Overview
26
 
27
- **MCMA** (Malware Cybersecurity Malware Analyzer) is a custom fine-tuned language model built to analyze malware artifacts and descriptions. It was trained using parameter-efficient fine-tuning (LoRA) on top of a Qwen2.5 base model using curated cybersecurity instruction data. Its outputs are **structured JSON**, including reasoning, indicators, confidence, recommendations, and mapped MITRE ATT&CK techniques.
28
 
29
- MCMA is optimized for **static analysis scenarios**β€”it interprets textual malware features, permissions, string indicators, and other static traits to produce analyst-friendly assessments.
 
 
 
 
 
30
 
31
  ---
32
 
33
  ## 🎯 Intended Use Cases
34
 
35
- MCMA is useful for:
36
- - Analyzing static malware artifacts (e.g., APK or PE strings/permissions)
37
- - Extracting structured threat intelligence
38
- - Mapping behaviors to MITRE ATT&CK
39
- - Integrating into analysis pipelines (SIEM, CTI platforms)
40
- - Supporting SOC analysts with natural language reasoning
 
41
 
42
- > ⚠️ **Important:** This model does *not* execute binaries or perform dynamic analysis.
43
 
44
  ---
45
 
@@ -49,9 +52,9 @@ MCMA is useful for:
49
  from transformers import AutoTokenizer, AutoModelForCausalLM
50
  import torch
51
 
52
- model_id = "zeltera/mcma"
53
 
54
- tokenizer = AutoTokenizer.from_pretrained(model_id, local_files_only=True)
55
  model = AutoModelForCausalLM.from_pretrained(
56
  model_id,
57
  device_map="auto",
@@ -60,7 +63,7 @@ model = AutoModelForCausalLM.from_pretrained(
60
 
61
  prompt = """
62
  You are a cybersecurity malware analysis assistant.
63
- Respond ONLY in valid JSON with these keys:
64
  - reasoning
65
  - indicators
66
  - confidence
@@ -72,43 +75,42 @@ APK requests READ_SMS and communicates with api.telegram.org
72
  """
73
 
74
  inputs = tokenizer(prompt, return_tensors="pt").to(model.device)
75
-
76
  outputs = model.generate(**inputs, max_new_tokens=300)
 
77
  print(tokenizer.decode(outputs[0], skip_special_tokens=True))
 
 
78
 
79
- πŸ“¦ Model Details
80
 
81
- Architecture: Qwen2.5-based
82
- Fine-tuning: LoRA on cybersecurity datasets
83
- Output: Structured JSON
84
- Usage: Python / Transformers
 
85
 
86
  ⚠️ Limitations
87
 
88
- Designed for static analysis only
89
 
90
- Outputs should be reviewed by trained analysts
91
 
92
- Confidence scores are heuristic, not absolute
93
 
94
- Not a sandbox, emulator, or malware execution platform
95
 
96
- πŸ§ͺ Safety & Ethical Use
97
 
98
- MCMA is intended for defensive cybersecurity use, including malware forensic and threat analysis. It must not be used to assist in creating malware or harmful software. Users should operate within legal and ethical frameworks relevant to their jurisdiction.
99
 
100
- πŸ“š Citation
101
 
102
- If you use this model in research or production:
103
 
104
- @misc{mcma2025,
105
- title={MCMA β€” Malware Cybersecurity Malware Analyzer LLM},
106
  author={Zeltera},
107
  year={2025},
108
  howpublished={Hugging Face Model},
109
- note={https://huggingface.co/zeltera/mcma}
110
- }
111
-
112
- 🧠 About
113
-
114
- MCMA was developed to bridge language modeling with cybersecurity domain expertise. It combines transformer-based reasoning with structured static malware feature interpretation to assist analysts in real-world threat environments.
 
13
  - Qwen/Qwen2.5-0.5B
14
  ---
15
 
16
+ # πŸ“Š SMITH β€” Static Malware Interpreter & Threat Heuristic
17
 
18
+ **SMITH (Static Malware Interpreter & Threat Heuristic)** is a transformer-based artificial intelligence model designed for structured and interpretable static malware analysis. Built through parameter-efficient fine-tuning (LoRA) on top of a Qwen2.5 backbone and augmented with retrieval-based threat context, SMITH generates JSON-formatted output that includes reasoning, identified indicators, confidence scores, actionable recommendations, and MITRE ATT&CK technique mappings. This makes SMITH a valuable tool for cybersecurity analysts, automation systems, and threat intelligence pipelines.
 
 
 
19
 
20
  ---
21
 
22
+ ## 🧠 Model Description
23
 
24
+ SMITH is a domain-specialized large language model tailored for static analysis of malware artifacts and descriptions. It interprets features such as permissions, API calls, imported functions, and known Indicators of Compromise (IoC), and produces structured, machine-readable assessments that can be integrated into analysis workflows or SOC automation.
25
 
26
+ The model combines:
27
+ - **Fine-tuned transformer intelligence** for reasoning over static features
28
+ - **Retrieval-augmented context** from a curated threat corpus
29
+ - **Structured output** for easy integration with tools and scripts
30
+
31
+ SMITH is optimized to run on practical hardware while delivering interpretable cybersecurity insights.
32
 
33
  ---
34
 
35
  ## 🎯 Intended Use Cases
36
 
37
+ SMITH is intended for **defensive cybersecurity applications**, including:
38
+
39
+ - Interpreting static malware artifacts (e.g., APK metadata, PE strings)
40
+ - Producing structured JSON analysis suitable for automation
41
+ - Mapping malware behavior to MITRE ATT&CK techniques
42
+ - Assisting security analysts with context-aware reasoning
43
+ - Generating YARA rules based on detected indicators
44
 
45
+ > ⚠️ **Static analysis only β€” SMITH does NOT execute malware or perform dynamic analysis.**
46
 
47
  ---
48
 
 
52
  from transformers import AutoTokenizer, AutoModelForCausalLM
53
  import torch
54
 
55
+ model_id = "zeltera/mcma" # or "zeltera/smith" if renamed
56
 
57
+ tokenizer = AutoTokenizer.from_pretrained(model_id)
58
  model = AutoModelForCausalLM.from_pretrained(
59
  model_id,
60
  device_map="auto",
 
63
 
64
  prompt = """
65
  You are a cybersecurity malware analysis assistant.
66
+ Respond ONLY in valid JSON with these fields:
67
  - reasoning
68
  - indicators
69
  - confidence
 
75
  """
76
 
77
  inputs = tokenizer(prompt, return_tensors="pt").to(model.device)
 
78
  outputs = model.generate(**inputs, max_new_tokens=300)
79
+
80
  print(tokenizer.decode(outputs[0], skip_special_tokens=True))
81
+ ```
82
+ 🧠 Model Architecture and Training
83
 
84
+ Base Model: Qwen2.5 family (compact, efficient)
85
 
86
+ Fine-Tuning: LoRA with domain-specific malware analysis examples
87
+
88
+ Output Format: Structured JSON
89
+
90
+ Hardware: Designed for inference on commodity GPUs and CPU environments
91
 
92
  ⚠️ Limitations
93
 
94
+ SMITH is strictly for static analysis of malware descriptions.
95
 
96
+ Does not execute or sandbox any executable or mobile binary.
97
 
98
+ Analysis should be reviewed by qualified security staff.
99
 
100
+ Confidence scores are heuristic and not absolute.
101
 
102
+ πŸ“š Ethical and Safe Use
103
 
104
+ SMITH is intended for defensive cybersecurity and threat intelligence purposes. It should not be used to generate or assist in creating malware, malicious code, or harmful artifacts. Users should comply with all relevant laws and organizational policies.
105
 
106
+ πŸ“œ Citation
107
 
108
+ If you use this model in research or deployment:
109
 
110
+ @misc{smith2025,
111
+ title={SMITH β€” Static Malware Interpreter & Threat Heuristic},
112
  author={Zeltera},
113
  year={2025},
114
  howpublished={Hugging Face Model},
115
+ note={\url{https://huggingface.co/zeltera/SMITH}}
116
+ }