Instructions to use JustinYuann/CSC4006-CyberSecAnnotation with libraries, inference providers, notebooks, and local apps. Follow these links to get started.

Libraries

How to use JustinYuann/CSC4006-CyberSecAnnotation with Transformers:

# Use a pipeline as a high-level helper
from transformers import pipeline

pipe = pipeline("text-generation", model="JustinYuann/CSC4006-CyberSecAnnotation")
messages = [
    {"role": "user", "content": "Who are you?"},
]
pipe(messages)

# Load model directly
from transformers import AutoModel
model = AutoModel.from_pretrained("JustinYuann/CSC4006-CyberSecAnnotation", dtype="auto")

Notebooks
Google Colab
Kaggle
Local Apps

vLLM

How to use JustinYuann/CSC4006-CyberSecAnnotation with vLLM:

Install from pip and serve model

# Install vLLM from pip:
pip install vllm
# Start the vLLM server:
vllm serve "JustinYuann/CSC4006-CyberSecAnnotation"
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:8000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "JustinYuann/CSC4006-CyberSecAnnotation",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Use Docker

docker model run hf.co/JustinYuann/CSC4006-CyberSecAnnotation

SGLang

How to use JustinYuann/CSC4006-CyberSecAnnotation with SGLang:

Install from pip and serve model

# Install SGLang from pip:
pip install sglang
# Start the SGLang server:
python3 -m sglang.launch_server \
    --model-path "JustinYuann/CSC4006-CyberSecAnnotation" \
    --host 0.0.0.0 \
    --port 30000
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:30000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "JustinYuann/CSC4006-CyberSecAnnotation",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Use Docker images

docker run --gpus all \
    --shm-size 32g \
    -p 30000:30000 \
    -v ~/.cache/huggingface:/root/.cache/huggingface \
    --env "HF_TOKEN=<secret>" \
    --ipc=host \
    lmsysorg/sglang:latest \
    python3 -m sglang.launch_server \
        --model-path "JustinYuann/CSC4006-CyberSecAnnotation" \
        --host 0.0.0.0 \
        --port 30000
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:30000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "JustinYuann/CSC4006-CyberSecAnnotation",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Docker Model Runner
How to use JustinYuann/CSC4006-CyberSecAnnotation with Docker Model Runner:
```
docker model run hf.co/JustinYuann/CSC4006-CyberSecAnnotation
```

CSC4006-CyberSecAnnotation / README.md

JustinYuann

Update README.md

e3ebdec verified 11 months ago

preview code

raw

history blame contribute delete

4.62 kB

	---
	license: mit
	base_model: unsloth/Meta-Llama-3.1-8B-Instruct-unsloth-bnb-4bit
	tags:
	- cybersecurity
	- mitre-attack
	- honeypot
	- log-analysis
	- llama
	- lora
	- security
	- threat-detection
	language:
	- en
	datasets:
	- custom
	library_name: transformers
	pipeline_tag: text-generation
	---

	# LLM-Enhanced Honeypot Log Analysis Model

	## Model Description

	This model is a fine-tuned version of Llama 3.1 8B Instruct, specialized for analyzing honeypot logs and generating MITRE ATT&CK framework annotations. It was developed as part of a research project at Queen's University Belfast investigating automated security log analysis using Large Language Models.

	## Key Features

	- MITRE ATT&CK Annotation: Automatically generates structured annotations for security events
	- Honeypot Log Analysis: Specialized in analyzing Unix terminal logs from honeypot systems
	- LoRA Fine-tuning: Uses Low-Rank Adaptation for efficient parameter updates
	- Research-Grade: Developed for academic research in cybersecurity and AI

	## Model Details

	### Base Model
	- Base Model: unsloth/Meta-Llama-3.1-8B-Instruct-unsloth-bnb-4bit
	- Model Size: 8B parameters
	- Architecture: Llama 3.1 with Instruct tuning
	- Quantization: 4-bit quantization for efficiency

	### Fine-tuning Details
	- Method: LoRA (Low-Rank Adaptation)
	- LoRA Rank: 32
	- LoRA Alpha: 32
	- LoRA Dropout: 0
	- Learning Rate: 0.00012
	- Batch Size: 2
	- Gradient Accumulation: 4
	- Max Steps: 100
	- Optimizer: adamw_8bit

	## Training Data

	The model was trained on a curated dataset of honeypot logs with human-annotated MITRE ATT&CK framework labels. The training data includes:

	- Unix terminal command logs from honeypot systems
	- Structured annotations for 6 key MITRE ATT&CK fields
	- Balanced representation of different attack tactics and techniques

	## Usage

	### Installation

	```bash
	pip install transformers torch unsloth
	```

	### Loading the Model

	```python
	from unsloth import FastLanguageModel

	model, tokenizer = FastLanguageModel.from_pretrained(
	model_name="your-username/model-name",
	max_seq_length=2048,
	dtype=None,
	load_in_4bit=True,
	)
	```

	### Inference

	```python
	# Enable inference mode
	FastLanguageModel.for_inference(model)

	# Format your input
	prompt = '''Below is a Unix terminal command log from a honeypot system. Please analyze it and provide MITRE ATT&CK framework annotations.

	Command: {command}
	Timestamp: {timestamp}
	Source IP: {source_ip}

	Please provide:
	1. Tactic
	2. Technique
	3. Sub-technique
	4. Description'

	inputs = tokenizer(prompt, return_tensors="pt")
	outputs = model.generate(**inputs, max_new_tokens=1024, temperature=0.7)
	response = tokenizer.decode(outputs[0], skip_special_tokens=True)
	```

	## Evaluation

	The model has been evaluated on multiple metrics:

	- Overall MITRE Accuracy: Novel composite metric combining all 6 MITRE ATT&CK field accuracies
	- Confusion Matrix Analysis: Visual analysis of tactics classification performance
	- Field-level Accuracy: Individual accuracy for each MITRE ATT&CK field
	- Human Evaluation: Expert validation of generated annotations

	## Limitations

	- Specialized for honeypot log analysis - may not generalize to other security contexts
	- Requires structured input format for optimal performance
	- Training data limited to specific honeypot configurations
	- May exhibit biases present in training data

	## Ethical Considerations

	This model is designed for defensive cybersecurity research and should be used responsibly:

	- Intended for legitimate security research and defense applications
	- Should not be used for malicious purposes or unauthorized access
	- Users should validate outputs before making security decisions
	- Consider privacy implications when analyzing logs

	## Citation

	If you use this model in your research, please cite:

	```bibtex
	@misc{llm_honeypot_analysis_2025,
	title={LLM-Enhanced Honeypot Log Analysis System},
	author={[Student Name]},
	year={2025},
	institution={Queen's University Belfast},
	course={CSC4003 - Research Project},
	url={https://gitlab.eeecs.qub.ac.uk/[student-id]/CSC4003}
	}
	```

	## License

	This model is released under the MIT License. See the LICENSE file for details.

	## Contact

	For questions or issues:
	- Repository: https://gitlab.eeecs.qub.ac.uk/40285272/CSC4006
	- Institution: Queen's University Belfast
	- Course: CSC4006 - Research Project

	## Acknowledgments

	- Built using the Unsloth library for efficient training
	- Based on Meta's Llama 3.1 model
	- Developed as part of cybersecurity research at Queen's University Belfast