Update README.md

README.md

@@ -1,199 +1,165 @@
 ---
 library_name: transformers
-tags: []
+tags:
+- cybersecurity
+- mpnet
+- classification
+- fine-tuned
 ---
 
-# Model Card for Model ID
-
-<!-- Provide a quick summary of what the model is/does. -->
-
+# Model Card for MPNet Cybersecurity Classifier
 
+This is a fine-tuned MPNet model specialized for classifying cybersecurity threat groups based on textual descriptions of their tactics and techniques.
 
 ## Model Details
 
 ### Model Description
 
-<!-- Provide a longer summary of what this model is. -->
-
-This is the model card of a 🤗 transformers model that has been pushed on the Hub. This model card has been automatically generated.
+This model is a fine-tuned MPNet classifier specialized in categorizing cybersecurity threat groups based on textual descriptions of their tactics, techniques, and procedures (TTPs).
 
-- **Developed by:** [More Information Needed]
-- **Funded by [optional]:** [More Information Needed]
-- **Shared by [optional]:** [More Information Needed]
-- **Model type:** [More Information Needed]
-- **Language(s) (NLP):** [More Information Needed]
-- **License:** [More Information Needed]
-- **Finetuned from model [optional]:** [More Information Needed]
+- **Developed by:** Dženan Hamzić
+- **Model type:** Transformer-based classification model (MPNet)
+- **Language(s) (NLP):** English
+- **License:** Apache-2.0
+- **Finetuned from model:** microsoft/mpnet-base (with intermediate MLM fine-tuning)
 
-### Model Sources [optional]
+### Model Sources
 
-<!-- Provide the basic links for the model. -->
-
-- **Repository:** [More Information Needed]
-- **Paper [optional]:** [More Information Needed]
-- **Demo [optional]:** [More Information Needed]
+- **Base Model:** [microsoft/mpnet-base](https://huggingface.co/microsoft/mpnet-base)
 
 ## Uses
 
-<!-- Address questions around how the model is intended to be used, including the foreseeable users of the model and those affected by the model. -->
-
 ### Direct Use
 
-<!-- This section is for the model use without fine-tuning or plugging into a larger ecosystem/app. -->
-
-[More Information Needed]
+This model classifies textual cybersecurity descriptions into known cybersecurity threat groups.
 
-### Downstream Use [optional]
+### Downstream Use
 
-<!-- This section is for the model use when fine-tuned for a task, or when plugged into a larger ecosystem/app -->
-
-[More Information Needed]
+Integration into Cyber Threat Intelligence platforms, SOC incident analysis tools, and automated threat detection systems.
 
 ### Out-of-Scope Use
 
-<!-- This section addresses misuse, malicious use, and uses that the model will not work well for. -->
-
-[More Information Needed]
+- General language tasks unrelated to cybersecurity
+- Tasks outside the cybersecurity domain
 
 ## Bias, Risks, and Limitations
 
-<!-- This section is meant to convey both technical and sociotechnical limitations. -->
-
-[More Information Needed]
+This model specializes in cybersecurity contexts. Predictions for unrelated contexts may be inaccurate.
 
 ### Recommendations
 
-<!-- This section is meant to convey recommendations with respect to the bias, risk, and technical limitations. -->
-
-Users (both direct and downstream) should be made aware of the risks, biases and limitations of the model. More information needed for further recommendations.
+Always verify predictions with cybersecurity analysts before using in critical decision-making scenarios.
 
 ## How to Get Started with the Model
 
-Use the code below to get started with the model.
-
-[More Information Needed]
-
-## Training Details
-
-### Training Data
+```python
+from transformers import AutoTokenizer, MPNetModel
+import torch
 
-<!-- This should link to a Dataset Card, perhaps with a short stub of information on what the training data is all about as well as documentation related to data pre-processing or additional filtering. -->
-
-[More Information Needed]
-
-### Training Procedure
+model_name = "mpnet_classification_finetuned_v2"
+tokenizer = AutoTokenizer.from_pretrained(model_name)
+model = MPNetModel.from_pretrained(model_name)
 
-<!-- This relates heavily to the Technical Specifications. Content here should link to that section when it is relevant to the training procedure. -->
+device = torch.device("cuda" if torch.cuda.is_available() else "cpu")
+model.to(device)
 
-#### Preprocessing [optional]
+# Example inference
+sentence = "APT38 has used phishing emails with malicious links to distribute malware."
+inputs = tokenizer(sentence, return_tensors="pt", truncation=True, padding="max_length", max_length=128).to(device)
 
-[More Information Needed]
+with torch.no_grad():
+    outputs = model(**inputs)
+    cls_embedding = outputs.last_hidden_state[:, 0, :]
+    predicted_class = classifier_model.classifier(cls_embedding).argmax(dim=1).cpu().item()
 
+print(f"Predicted GroupID: {predicted_class}")
+```
 
-#### Training Hyperparameters
+## Training Details
 
-- **Training regime:** [More Information Needed] <!--fp32, fp16 mixed precision, bf16 mixed precision, bf16 non-mixed precision, fp16 non-mixed precision, fp8 mixed precision -->
+### Training Data
 
-#### Speeds, Sizes, Times [optional]
+The training dataset comprises balanced textual descriptions of various cybersecurity threat groups' TTPs, augmented through synonym replacement to increase diversity.
 
-<!-- This section provides information about throughput, start/end time, checkpoint size if relevant, etc. -->
+### Training Procedure
 
-[More Information Needed]
+- Fine-tuned from: MLM fine-tuned MPNet ("mpnet_mlm_cyber_finetuned-v2")
+- Epochs: 20
+- Learning rate: 5e-6
+- Batch size: 16
 
 ## Evaluation
 
-<!-- This section describes the evaluation protocols and provides the results. -->
-
 ### Testing Data, Factors & Metrics
 
-#### Testing Data
-
-<!-- This should link to a Dataset Card if possible. -->
-
-[More Information Needed]
-
-#### Factors
-
-<!-- These are the things the evaluation is disaggregating by, e.g., subpopulations or domains. -->
-
-[More Information Needed]
-
-#### Metrics
-
-<!-- These are the evaluation metrics being used, ideally with a description of why. -->
-
-[More Information Needed]
+- **Testing Data:** Stratified sample from original dataset.
+- **Metrics:** Accuracy, Weighted F1 Score
 
 ### Results
 
-[More Information Needed]
+| Metric                 | Value   |
+|------------------------|---------|
+| Classification Accuracy (Test) | 0.7161 |
+| Weighted F1 Score      | [More Information Needed] |
 
-#### Summary
+### Single Prediction Example
 
+```python
 
+# Create explicit mapping from numeric labels to original GroupIDs
+label_to_groupid = dict(enumerate(train_df["GroupID"].astype("category").cat.categories))
 
-## Model Examination [optional]
-
-<!-- Relevant interpretability work for the model goes here -->
-
-[More Information Needed]
-
-## Environmental Impact
-
-<!-- Total emissions (in grams of CO2eq) and additional considerations, such as electricity usage, go here. Edit the suggested text below accordingly -->
-
-Carbon emissions can be estimated using the [Machine Learning Impact calculator](https://mlco2.github.io/impact#compute) presented in [Lacoste et al. (2019)](https://arxiv.org/abs/1910.09700).
+def predict_group(sentence):
+    classifier_model.eval()
+    encoding = tokenizer(
+        sentence,
+        truncation=True,
+        padding="max_length",
+        max_length=128,
+        return_tensors="pt"
+    )
+    input_ids = encoding["input_ids"].to(device)
+    attention_mask = encoding["attention_mask"].to(device)
 
-- **Hardware Type:** [More Information Needed]
-- **Hours used:** [More Information Needed]
-- **Cloud Provider:** [More Information Needed]
-- **Compute Region:** [More Information Needed]
-- **Carbon Emitted:** [More Information Needed]
+    with torch.no_grad():
+        logits = classifier_model(input_ids, attention_mask)
+        predicted_label = torch.argmax(logits, dim=1).cpu().item()
 
-## Technical Specifications [optional]
 
-### Model Architecture and Objective
+    # Explicitly convert numeric label to original GroupID
+    predicted_groupid = label_to_groupid[predicted_label]
+    return predicted_groupid
 
-[More Information Needed]
+sentence = "APT38 has used phishing emails with malicious links to distribute malware."
+predicted_class = predict_group(sentence)
+print(f"Predicted GroupID: {predicted_class}")  # e.g., Predicted GroupID: G0081
+```
 
-### Compute Infrastructure
-
-[More Information Needed]
-
-#### Hardware
-
-[More Information Needed]
-
-#### Software
-
-[More Information Needed]
-
-## Citation [optional]
-
-<!-- If there is a paper or blog post introducing the model, the APA and Bibtex information for that should go in this section. -->
-
-**BibTeX:**
-
-[More Information Needed]
+## Environmental Impact
 
-**APA:**
+Carbon emissions can be estimated using the [Machine Learning Impact calculator](https://mlco2.github.io/impact#compute).
 
-[More Information Needed]
+- **Hardware Type:** [To be filled by user]
+- **Hours used:** [To be filled by user]
+- **Cloud Provider:** [To be filled by user]
+- **Compute Region:** [To be filled by user]
+- **Carbon Emitted:** [To be filled by user]
 
-## Glossary [optional]
+## Technical Specifications
 
-<!-- If relevant, include terms and calculations in this section that can help readers understand the model or model card. -->
+### Model Architecture
 
-[More Information Needed]
+- MPNet architecture with classification head (768 -> 512 -> num_labels)
+- Last 10 transformer layers fine-tuned explicitly
 
-## More Information [optional]
+## Environmental Impact
 
-[More Information Needed]
+Carbon emissions should be estimated using the [Machine Learning Impact calculator](https://mlco2.github.io/impact#compute).
 
-## Model Card Authors [optional]
+## Model Card Authors
 
-[More Information Needed]
+- Dženan Hamzić
 
 ## Model Card Contact
 
-[More Information Needed]
+- [More Information Needed]