Hugging Face's logo

madox81
/
SmolLM2-Cyber

Text Generation
Transformers
Safetensors
English
llama
text-generation-inference
unsloth
conversational
Model card Files
xet
Community

Uploaded finetuned model

  • Developed by: madox81
  • License: apache-2.0
  • Finetuned from model : unsloth/SmolLM2-135M-Instruct

This llama model was trained 2x faster with Unsloth and Huggingface's TRL library.

SmolLM2_Cyber

Model Overview

smollm2_cyber is a lightweight domain-adapted language model fine-tuned for cybersecurity threat analysis tasks.
The model specializes in interpreting short textual descriptions of security incidents and producing structured (JSON) security insights.

  • Base Model: unsloth/smollm2-135m-instruct
  • Architecture: SmolLM2
  • Training Method: LoRA fine-tuning
  • Domain: Cyber Threat Analysis
  • Model Size: ~135M parameters

Capabilities

The model is trained to assist with:

  • Mapping incident descriptions to MITRE ATT&CK tactics and techniques
  • Estimating incident severity
  • Extracting structured insights from security event descriptions

Intended Use

Primary use cases include:

  • Cybersecurity research

Limitations

  • Small model capacity may limit reasoning in complex scenarios
  • Performance depends strongly on input clarity
  • Not intended to replace professional security analysis

Training Data

The model was trained on a curated cybersecurity dataset madox81/mittre_severity_ds containing incident descriptions and structured labels including:

  • attack tactics
  • attack techniques
  • incident severity indicators

Example Prompts 

Map the following security event to MITRE ATT&CK tactics and techniques.
Input: rule apt_lolbin { strings: $a = "certutil.exe" nocase; $b = "-urlfetch" nocase; condition: $a and $b }

Identify the ATT&CK tactics and techniques in this data.
Input: selection: EventName: 'UpdateDomainNameservers' AND SourceIPAddress not in ('aws-internal')

Classify this cybersecurity event into MITRE ATT&CK framework.
Input: rule apt_wasm { strings: $a = "WebAssembly.compile" nocase; $b = "fetch" nocase; condition: $a and $b }

Map the following security event to MITRE ATT&CK tactics and techniques.
Input: Incident Type: Data Breach
Target: MongoDB Instance
Vector: Weak Authentication

Assess the severity and business risk of the following incident.
Input: Incident: Phishing affecting HR Accounts.

Analyze the business risk and severity for the input below.
Input: Incident: Supply Chain Attack affecting CI/CD Pipeline.

Rate the severity (Low/Medium/High/Critical) and impact of this event.
Input: Incident: Credential Dumping affecting Windows Domain Controller.

License

Refer to the base model license.

Downloads last month
94
Safetensors
Model size
0.1B params
Tensor type
BF16
·
Inference Providers NEW
Text Generation
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support

Model tree for madox81/SmolLM2-Cyber

Base model

HuggingFaceTB/SmolLM2-135M
Quantized
HuggingFaceTB/SmolLM2-135M-Instruct
Finetuned
unsloth/SmolLM2-135M-Instruct
Finetuned
(14)
this model

Dataset used to train madox81/SmolLM2-Cyber