RISys-Lab/RedSage-Qwen3-8B-Ins
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

初始化项目,由ModelHub XC社区提供模型

Browse Source 
Model: RISys-Lab/RedSage-Qwen3-8B-Ins
Source: Original Platform
This commit is contained in:
ModelHub XC
2026-05-02 20:19:03 +08:00
commit e34e336781
17 changed files with 152419 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

182
README.md Normal file
View File

@@ -0,0 +1,182 @@
---
language:
- en
library_name: transformers
tags:
- cybersecurity
- qwen
- sft
- redsage
- agentic-augmentation
base_model: RISys-Lab/RedSage-Qwen3-8B-Base
model-index:
- name: RedSage-Qwen3-8B-Ins
results: []
pipeline_tag: text-generation
---
# RedSage-Qwen3-8B-Ins
<div align="center">
<img src="https://img.shields.io/badge/Task-Cybersecurity-red" alt="Cybersecurity">
<img src="https://img.shields.io/badge/Stage-Supervised_Fine_Tuning-blue" alt="SFT">
</div>
<!-- datasets:
- naufalso/redsage_conv
- naufalso/smoltalk2_non_thinking -->
## Model Summary
**RedSage-Qwen3-8B-Ins** is the instruction-tuned variant of the RedSage cybersecurity LLM series. Unlike the base models, this model is optimized for **chat interaction**, **question answering**, and **tool use**.
It is fine-tuned on **RedSage-Conv**, a dataset of ~266K multi-turn cybersecurity dialogues generated via an agentic augmentation pipeline, alongside general instruction data to maintain broad capabilities.
- **Paper:** [RedSage: A Cybersecurity Generalist LLM](https://openreview.net/forum?id=W4FAenIrQ2) ([Arxiv](https://arxiv.org/abs/2601.22159))
- **Repository:** [GitHub](https://github.com/RISys-Lab/RedSage)
- **Base Model:** [RedSage-Qwen3-8B-Base](https://huggingface.co/RISys-Lab/RedSage-Qwen3-8B-Base) (Pre-trained on CyberFineWeb + RedSage-Seed)
- **Training Stage:** Supervised Fine-Tuning (SFT)
## Intended Use
This model is designed for:
* **Interactive Cybersecurity Assistance:** Answering questions about frameworks (MITRE, OWASP), offensive techniques, and defense strategies.
* **Tool Usage & Explanation:** Generating and explaining commands for tools like `nmap`, `sqlmap`, and `metasploit`.
* **Educational Support:** Providing detailed explanations of vulnerabilities and remediation steps.
**Note:** While this model is instruction-tuned, it has **not** yet undergone Direct Preference Optimization (DPO). For the final aligned version, please see [RedSage-Qwen3-8B-DPO](https://huggingface.co/RISys-Lab/RedSage-Qwen3-8B-DPO).
## Training Lineage
RedSage employs a multi-stage training pipeline. This model represents the output of **Stage 3**.
1. Stage 1: Continual Pre-Training (CPT) -> [RedSage-Qwen3-8B-CFW](https://huggingface.co/RISys-Lab/RedSage-Qwen3-8B-CFW)
2. Stage 2: Targeted Pre-Training -> [RedSage-Qwen3-8B-Base](https://huggingface.co/RISys-Lab/RedSage-Qwen3-8B-Base)
3. **Stage 3: Supervised Fine-Tuning (SFT)** -> **`RedSage-Qwen3-8B-Ins`** (Current Model)
* *Data:* RedSage-Conv (266K samples) + General SFT Data (SmolTalk2)
5. Stage 4: Direct Preference Optimization (DPO) -> [RedSage-Qwen3-8B-DPO](https://huggingface.co/RISys-Lab/RedSage-Qwen3-8B-DPO)
## Training Data
The model was trained on a mix of domain-specific and general instruction data:
1. **RedSage-Conv (~266K samples):** A high-quality dataset generated using an **Agentic Augmentation Pipeline**.
* **Source:** Derived from the curated `RedSage-Seed` (MITRE, Write-ups, Manuals).
* **Method:** A Planner Agent and Augmenter Agent transformed static knowledge into realistic, multi-turn roleplay scenarios (e.g., Junior Analyst vs. Senior Mentor, Red Team planning).
* **Coverage:** Includes Knowledge (General/Frameworks), Skills (Offensive), and Tools (CLI/Kali).
2. **SmolTalk2 (General Instructions):** A curated subset (non-reasoning) of [SmolTalk2](https://huggingface.co/datasets/HuggingFaceTB/smoltalk) to ensure the model retains general instruction-following abilities (summarization, creative writing, etc.).
## Performance
**RedSage-Qwen3-8B-Ins** achieves state-of-the-art results among 8B cybersecurity models, significantly outperforming general instruct models and prior domain-specific models.
### RedSage-MCQ (0-shot Accuracy)
| Category | Qwen3-8B (Non-reasoning) | **RedSage-8B-Ins** |
| :--- | :---: | :---: |
| **Macro Average** | 81.85 | **85.73** |
| Knowledge (Gen) | 80.46 | **84.20** |
| Knowledge (Frameworks) | 78.82 | **84.98** |
| Skill (Offensive) | 86.16 | **89.06** |
| Tools (CLI) | 83.92 | **86.80** |
| Tools (Kali) | 75.56 | **80.30** |
### External Cybersecurity Benchmarks (0-shot)
| Benchmark | Qwen3-8B (Non-reasoning) | **RedSage-8B-Ins** |
| :--------------- | :----------------------: | :----------------: |
| **Mean** | 75.71 | **81.30** |
| CTI-Bench (MCQ) | 62.76 | **70.56** |
| CTI-Bench (RCM) | 54.00 | **76.70** |
| CyberMetric (500)| 88.60 | **89.80** |
| MMLU (Security) | 76.00 | **78.00** |
| SecBench (En) | 73.26 | **79.91** |
| SecEval (MCQ) | 65.46 | **72.48** |
| SECURE (CWET) | 88.11 | **91.45** |
| SECURE (KCV) | 87.42 | **81.34** |
| SECURE (MEAT) | 85.75 | **91.47** |
### OpenLLM Leaderboard (General Benchmark)
| Benchmark | Qwen3-8B (Non-reasoning) | **RedSage-8B-Ins** |
| :--- | :---: | :---: |
| **Mean** | 65.92 | **73.34** |
| MMLU | 73.59 | **77.38** |
| ARC-C | 62.54 | **69.62** |
| GSM8K | 75.66 | **86.05** |
| HellaSwag | 56.70 | **79.00** |
| TruthfulQA | 45.23 | **47.75** |
| WinoGrande | 62.51 | **73.64** |
| IFEval | **85.21** | 79.97 |
## Usage
This model uses a standard ChatML-like format.
### Prompt Template
```
<|im_start|>system
You are REDSAGE, a cybersecurity-tuned model developed by RISys-Lab. You are a helpful assistant.<|im_end|>
<|im_start|>user
{user_message}<|im_end|>
<|im_start|>assistant
````
### Inference Code
```python
from transformers import AutoTokenizer, AutoModelForCausalLM
model_id = "RISys-Lab/RedSage-Qwen3-8B-Ins"
tokenizer = AutoTokenizer.from_pretrained(model_id)
model = AutoModelForCausalLM.from_pretrained(model_id, device_map="auto")
messages = [
{"role": "system", "content": "You are REDSAGE, a cybersecurity-tuned model developed by RISys-Lab. You are a helpful assistant."},
{"role": "user", "content": "Explain how an SQL injection attack works and how to prevent it."},
]
text = tokenizer.apply_chat_template(
messages,
tokenize=False,
add_generation_prompt=True
)
inputs = tokenizer(text, return_tensors="pt").to("cuda")
outputs = model.generate(**inputs, max_new_tokens=512)
print(tokenizer.decode(outputs[0], skip_special_tokens=True))
````
## Training Procedure
The model was fine-tuned using [Axolotl](https://github.com/axolotl-ai-cloud/axolotl).
- **Epochs:** 2
- **Learning Rate:** 2.5e-5 (Cosine schedule)
- **Warmup Ratio:** 0.01
- **Optimizer:** AdamW
- **Chat Template:** Jinja (ChatML format)
## Ethics and Limitations
- **Offensive Content:** This model has been trained on offensive security materials (exploits, attack vectors). It is provided for educational and defensive purposes (e.g., vulnerability assessment).
- **Accuracy:** While highly capable, the model may still produce hallucinations or inaccurate commands. Always verify commands in a safe, isolated environment (sandbox) before execution.
- **Safety:** Developers should implement additional safety layers (e.g., Guardrails) if deploying this model in user-facing applications to prevent misuse.
## Citation
```bibtex
@inproceedings{suryanto2026redsage,
title={RedSage: A Cybersecurity Generalist LLM},
author={Naufal Suryanto and Muzammal Naseer and Pengfei Li and Syed Talal Wasim and Jinhui Yi and Juergen Gall and Paolo Ceravolo and Ernesto Damiani},
booktitle={The Fourteenth International Conference on Learning Representations},
year={2026},
url={[https://openreview.net/forum?id=W4FAenIrQ2](https://openreview.net/forum?id=W4FAenIrQ2)}
}
```