README.md

---
base_model: meta-llama/Meta-Llama-3-8B
library_name: peft
license: mit
language:
- en
metrics:
- accuracy
- precision
- recall
- f1
datasets:
- AbuSayed1/DGA-DATASET
---

## Llama3 8B Fine-Tuned for Domain Generation Algorithm Detection

This model is a fine-tuned adaptation of Meta's Llama3 8B, tailored for detecting **Domain Generation Algorithms (DGAs)**. DGAs, commonly employed by malware, generate dynamic domain names for **command-and-control (C&C)** servers, posing a significant challenge in cybersecurity.

## Model Description

- **Base Model**: Llama3 8B
- **Task**: DGA Detection
- **Fine-Tuning Approach**: Qlora based supervised Fine-Tuning (SFT) with domain-specific data.
- **Dataset**: A combined dataset comprising 59 malware families and legitimate domains consisting of three different sources: one dataset for benign domains, which includes the Alexa Top 1 Million Sites collection of reputable domains; and two datasets for DGA domains, sourced from Bambenek Consulting’s malicious algorithmically-generated domains and the 360 Lab DGA Domains.
- **Performance**:
  - **Accuracy**: Known domain 98.6%, Unknown domain 80-99.5%
  - Excels in detecting unknown DGAs.

This model leverages the extensive semantic understanding of Llama3 to classify domains as either **malicious (DGA-generated)** or **legitimate** with high precision and recall.

## Data

The model was trained with 2.5 million domains, split between 1.5 million DGA domains and 1 million normal domains. 

Dataset Link: https://huggingface.co/datasets/AbuSayed1/DGA-DATASET

The GitHub repository https://github.com/MDABUSAYED/StratosphereLinuxIPS/tree/LLM/modules/flowalerts/LLM describe how the model was trained and evaluated.


## Citation


**APA:**

Sayed, M. A., Rahman, A., Kiekintveld, C., & Garcia, S. (2024). Fine-tuning Large Language Models for DGA and DNS Exfiltration Detection. arXiv preprint arXiv:2410.21723.