|
|
--- |
|
|
library_name: transformers |
|
|
tags: |
|
|
- cybersecurity |
|
|
- mpnet |
|
|
- classification |
|
|
- fine-tuned |
|
|
--- |
|
|
|
|
|
# Model Card for MPNet Cybersecurity Classifier |
|
|
|
|
|
This is a fine-tuned MPNet model specialized for classifying cybersecurity threat groups based on textual descriptions of their tactics and techniques. |
|
|
|
|
|
## Model Details |
|
|
|
|
|
### Model Description |
|
|
|
|
|
This model is a fine-tuned MPNet classifier specialized in categorizing cybersecurity threat groups based on textual descriptions of their tactics, techniques, and procedures (TTPs). |
|
|
|
|
|
- **Developed by:** Dženan Hamzić |
|
|
- **Model type:** Transformer-based classification model (MPNet) |
|
|
- **Language(s) (NLP):** English |
|
|
- **License:** Apache-2.0 |
|
|
- **Finetuned from model:** microsoft/mpnet-base (with intermediate MLM fine-tuning) |
|
|
|
|
|
### Model Sources |
|
|
|
|
|
- **Base Model:** [microsoft/mpnet-base](https://huggingface.co/microsoft/mpnet-base) |
|
|
|
|
|
## Uses |
|
|
|
|
|
### Direct Use |
|
|
|
|
|
This model classifies textual cybersecurity descriptions into known cybersecurity threat groups. |
|
|
|
|
|
### Downstream Use |
|
|
|
|
|
Integration into Cyber Threat Intelligence platforms, SOC incident analysis tools, and automated threat detection systems. |
|
|
|
|
|
### Out-of-Scope Use |
|
|
|
|
|
- General language tasks unrelated to cybersecurity |
|
|
- Tasks outside the cybersecurity domain |
|
|
|
|
|
## Bias, Risks, and Limitations |
|
|
|
|
|
This model specializes in cybersecurity contexts. Predictions for unrelated contexts may be inaccurate. |
|
|
|
|
|
### Recommendations |
|
|
|
|
|
Always verify predictions with cybersecurity analysts before using in critical decision-making scenarios. |
|
|
|
|
|
## How to Get Started with the Model |
|
|
|
|
|
```python |
|
|
from transformers import AutoTokenizer, MPNetModel |
|
|
import torch |
|
|
|
|
|
model_name = "mpnet_classification_finetuned_v2" |
|
|
tokenizer = AutoTokenizer.from_pretrained(model_name) |
|
|
model = MPNetModel.from_pretrained(model_name) |
|
|
|
|
|
device = torch.device("cuda" if torch.cuda.is_available() else "cpu") |
|
|
model.to(device) |
|
|
|
|
|
# Example inference |
|
|
sentence = "APT38 has used phishing emails with malicious links to distribute malware." |
|
|
inputs = tokenizer(sentence, return_tensors="pt", truncation=True, padding="max_length", max_length=128).to(device) |
|
|
|
|
|
with torch.no_grad(): |
|
|
outputs = model(**inputs) |
|
|
cls_embedding = outputs.last_hidden_state[:, 0, :] |
|
|
predicted_class = classifier_model.classifier(cls_embedding).argmax(dim=1).cpu().item() |
|
|
|
|
|
print(f"Predicted GroupID: {predicted_class}") |
|
|
``` |
|
|
|
|
|
## Training Details |
|
|
|
|
|
### Training Data |
|
|
|
|
|
The training dataset comprises balanced textual descriptions of various cybersecurity threat groups' TTPs, augmented through synonym replacement to increase diversity. |
|
|
|
|
|
### Training Procedure |
|
|
|
|
|
- Fine-tuned from: MLM fine-tuned MPNet ("mpnet_mlm_cyber_finetuned-v2") |
|
|
- Epochs: 20 |
|
|
- Learning rate: 5e-6 |
|
|
- Batch size: 16 |
|
|
|
|
|
## Evaluation |
|
|
|
|
|
### Testing Data, Factors & Metrics |
|
|
|
|
|
- **Testing Data:** Stratified sample from original dataset. |
|
|
- **Metrics:** Accuracy, Weighted F1 Score |
|
|
|
|
|
### Results |
|
|
|
|
|
| Metric | Value | |
|
|
|------------------------|---------| |
|
|
| Classification Accuracy (Test) | 0.7161 | |
|
|
| Weighted F1 Score | [More Information Needed] | |
|
|
|
|
|
### Single Prediction Example |
|
|
|
|
|
```python |
|
|
|
|
|
# Create explicit mapping from numeric labels to original GroupIDs |
|
|
label_to_groupid = dict(enumerate(train_df["GroupID"].astype("category").cat.categories)) |
|
|
|
|
|
def predict_group(sentence): |
|
|
classifier_model.eval() |
|
|
encoding = tokenizer( |
|
|
sentence, |
|
|
truncation=True, |
|
|
padding="max_length", |
|
|
max_length=128, |
|
|
return_tensors="pt" |
|
|
) |
|
|
input_ids = encoding["input_ids"].to(device) |
|
|
attention_mask = encoding["attention_mask"].to(device) |
|
|
|
|
|
with torch.no_grad(): |
|
|
logits = classifier_model(input_ids, attention_mask) |
|
|
predicted_label = torch.argmax(logits, dim=1).cpu().item() |
|
|
|
|
|
|
|
|
# Explicitly convert numeric label to original GroupID |
|
|
predicted_groupid = label_to_groupid[predicted_label] |
|
|
return predicted_groupid |
|
|
|
|
|
sentence = "APT38 has used phishing emails with malicious links to distribute malware." |
|
|
predicted_class = predict_group(sentence) |
|
|
print(f"Predicted GroupID: {predicted_class}") # e.g., Predicted GroupID: G0081 |
|
|
``` |
|
|
|
|
|
## Environmental Impact |
|
|
|
|
|
Carbon emissions can be estimated using the [Machine Learning Impact calculator](https://mlco2.github.io/impact#compute). |
|
|
|
|
|
- **Hardware Type:** [To be filled by user] |
|
|
- **Hours used:** [To be filled by user] |
|
|
- **Cloud Provider:** [To be filled by user] |
|
|
- **Compute Region:** [To be filled by user] |
|
|
- **Carbon Emitted:** [To be filled by user] |
|
|
|
|
|
## Technical Specifications |
|
|
|
|
|
### Model Architecture |
|
|
|
|
|
- MPNet architecture with classification head (768 -> 512 -> num_labels) |
|
|
- Last 10 transformer layers fine-tuned explicitly |
|
|
|
|
|
## Environmental Impact |
|
|
|
|
|
Carbon emissions should be estimated using the [Machine Learning Impact calculator](https://mlco2.github.io/impact#compute). |
|
|
|
|
|
## Model Card Authors |
|
|
|
|
|
- Dženan Hamzić |
|
|
|
|
|
## Model Card Contact |
|
|
|
|
|
- [More Information Needed] |
