Update README.md

README.md

@@ -13,45 +13,102 @@ base_model:
 - Qwen/Qwen2.5-0.5B
 ---
 
-# Model Card for zeltera/mcma
+# 🛡️ MCMA — Malware Cybersecurity Malware Analyzer
 
-## Model Description
+**Model:** `zeltera/mcma`  
+**Task:** Static malware analysis and interpretation  
+**Domain:** Cybersecurity & Threat Intelligence  
+**Hosted on:** Hugging Face Models
 
-**zeltera/mcma** is a machine learning model hosted on the Hugging Face Hub. Based on the file structure in the repository, this appears to be a **Transformers-compatible** model (PyTorch/Safetensors).
+---
+
+## 🧠 Model Overview
+
+**MCMA** (Malware Cybersecurity Malware Analyzer) is a custom fine-tuned language model built to analyze malware artifacts and descriptions. It was trained using parameter-efficient fine-tuning (LoRA) on top of a Qwen2.5 base model using curated cybersecurity instruction data. Its outputs are **structured JSON**, including reasoning, indicators, confidence, recommendations, and mapped MITRE ATT&CK techniques.
 
-*   **Developed by:** Zeltera
-*   **Model type:** Pre-trained / Fine-tuned Transformer
-*   **Language(s):** English
-*   **License:** Apache 2.0 (or specify your license)
-*   **Repository:** [zeltera/mcma](https://huggingface.co/zeltera/mcma)
+MCMA is optimized for **static analysis scenarios**—it interprets textual malware features, permissions, string indicators, and other static traits to produce analyst-friendly assessments.
 
-## Intended Uses & Limitations
+---
+
+## 🎯 Intended Use Cases
 
-### Intended Use
-This model is designed for tasks such as:
-*   Text generation
-*   Feature extraction
-*   *(Update this list based on the specific capabilities of your model)*
+MCMA is useful for:
+- Analyzing static malware artifacts (e.g., APK or PE strings/permissions)
+- Extracting structured threat intelligence
+- Mapping behaviors to MITRE ATT&CK
+- Integrating into analysis pipelines (SIEM, CTI platforms)
+- Supporting SOC analysts with natural language reasoning
 
-### Limitations
-*   The model may output biased or inaccurate information.
-*   Performance depends on the quality of the input prompts.
+> ⚠️ **Important:** This model does *not* execute binaries or perform dynamic analysis.
 
-## How to Use
+---
 
-You can use this model directly with the Hugging Face `transformers` library.
+## 🧪 Example Usage (Python)
 
 ```python
-from transformers import AutoModelForCausalLM, AutoTokenizer
+from transformers import AutoTokenizer, AutoModelForCausalLM
+import torch
+
+model_id = "zeltera/mcma"
+
+tokenizer = AutoTokenizer.from_pretrained(model_id, local_files_only=True)
+model = AutoModelForCausalLM.from_pretrained(
+    model_id,
+    device_map="auto",
+    dtype=torch.float16
+)
+
+prompt = """
+You are a cybersecurity malware analysis assistant.
+Respond ONLY in valid JSON with these keys:
+- reasoning
+- indicators
+- confidence
+- recommendation
+- mitre_attack
+
+Input:
+APK requests READ_SMS and communicates with api.telegram.org
+"""
+
+inputs = tokenizer(prompt, return_tensors="pt").to(model.device)
+
+outputs = model.generate(**inputs, max_new_tokens=300)
+print(tokenizer.decode(outputs[0], skip_special_tokens=True))
+
+📦 Model Details
+
+Architecture: Qwen2.5-based
+Fine-tuning: LoRA on cybersecurity datasets
+Output: Structured JSON
+Usage: Python / Transformers
+
+⚠️ Limitations
+
+Designed for static analysis only
+
+Outputs should be reviewed by trained analysts
+
+Confidence scores are heuristic, not absolute
+
+Not a sandbox, emulator, or malware execution platform
+
+🧪 Safety & Ethical Use
+
+MCMA is intended for defensive cybersecurity use, including malware forensic and threat analysis. It must not be used to assist in creating malware or harmful software. Users should operate within legal and ethical frameworks relevant to their jurisdiction.
+
+📚 Citation
+
+If you use this model in research or production:
 
-# Load model and tokenizer
-model_name = "zeltera/mcma"
-tokenizer = AutoTokenizer.from_pretrained(model_name)
-model = AutoModelForCausalLM.from_pretrained(model_name)
+@misc{mcma2025,
+  title={MCMA — Malware Cybersecurity Malware Analyzer LLM},
+  author={Zeltera},
+  year={2025},
+  howpublished={Hugging Face Model},
+  note={https://huggingface.co/zeltera/mcma}
+}
 
-# Example usage
-input_text = "Once upon a time"
-inputs = tokenizer(input_text, return_tensors="pt")
-outputs = model.generate(**inputs, max_length=50)
+🧠 About
 
-print(tokenizer.decode(outputs[0], skip_special_tokens=True))
+MCMA was developed to bridge language modeling with cybersecurity domain expertise. It combines transformer-based reasoning with structured static malware feature interpretation to assist analysts in real-world threat environments.