--- license: apache-2.0 --- # Fine-Tuned model for threat and intrusion detection rules generation This model is a fine-tune of [Mistral-7B-Instruct-v0.2](https://huggingface.co/mistralai/Mistral-7B-Instruct-v0.2), via Knowledge Distillation of [0dAI-7.5B](https://huggingface.co/0dAI/0dAI-7.5B-v2). The fine-tuning was conducted using a curated corpus of 950 cybersecurity rules from SIGMA, YARA, and Suricata repositories for threat and intrusion detection. Instruct the model to craft a SIGMA rule for detecting potentially malicious commands such as `msfvenom` and `netcat` in Audit system logs, or a Suricata rule to spot SSH brute-force attacks, or even a YARA rule to identify obfuscated strings in files — and watch the magic happen! Automate the creation of rules in your cybersecurity systems with this model. For an in-depth understanding of how this model has been fine-tuned, refer to the associated paper here: [available soon]. ## Key Features - Fine-tuned on a corpus of cybersecurity threat and intrusion detection rules. - Expert in generating YARA, Suricata, and SIGMA rules. - Based on Mistral-7B-Instruct-v0.2, with a 32K context window. ## Quantization You can easily quantize your model for local use on your computer with the help of the `llama.cpp` or `ollama` libraries. This process converts your model into a format that is optimized for performance, particularly useful for deployment on devices with limited computational resources. To perform this quantization using the `llama.cpp` library ([link to llama.cpp](https://github.com/ggerganov/llama.cpp)), follow the steps below: ### Step 1: Convert Vocabulary First, convert your model's vocabulary to a format suitable for quantization. Use the following command, replacing `/path/to/` with the actual path to your model files: ```bash python convert.py /path/to/Mistral-7B-cybersecurity-rules \ --vocab-only \ --outfile /path/to/Mistral-7B-cybersecurity-rules/tokenizer.model \ --vocab-type bpe ``` This command extracts and converts the vocabulary using the byte pair encoding (BPE) method, saving it to a new file. ### Step 2: Prepare Model for Quantization Next, prepare the model for quantization by converting it to a half-precision floating-point format (FP16). This step reduces the model size and prepares it for the final quantization to 8-bit integers. Execute the following command: ```bash python convert.py \ --outtype f16 \ --vocab-type bpe \ # Add this line only if you encounter issues with the vocabulary type --outfile /path/to/Mistral-7B-cybersecurity-rules/ggml-model-f16.gguf ``` This command outputs a file that has been converted to FP16, which is an intermediary step before applying 8-bit quantization. ### Step 3: Quantize to 8-bits Finally, apply 8-bit quantization to the FP16 model file. This step significantly reduces the model's memory footprint, making it suitable for deployment in resource-constrained environments: ```bash quantize /path/to/Mistral-7B-cybersecurity-rules/ggml-model-f16.gguf \ /path/to/Mistral-7B-cybersecurity-rules/mistral-7b-rules-q8_0.gguf \ q8_0 ``` Here, the `quantize` command converts the FP16 model into an 8-bit quantized model, further compressing the model while retaining its capability to perform its tasks effectively. ## License This repository is licensed under the Apache License, Version 2.0. You can obtain a copy of the license at [Apache License 2.0](http://www.apache.org/licenses/LICENSE-2.0). ## Warranty Disclaimer This software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ## Changes This model has been fine-tuned based on the original Mistral-7B-Instruct-v0.2. Significant modifications were made to train it on a cybersecurity corpus for threat and intrusion detection.