abhaybhargav/PWNISMS-Threat-Model-Structured
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity
Files
main
PWNISMS-Threat-Model-Struct…/README.md

133 lines
5.0 KiB
Markdown
Raw Permalink Normal View History

初始化项目,由ModelHub XC社区提供模型 Model: abhaybhargav/PWNISMS-Threat-Model-Structured Source: Original Platform
2026-06-19 06:52:16 +08:00
---
license: apache-2.0
license_link: https://huggingface.co/Qwen/Qwen2.5-1.5B-Instruct/blob/main/LICENSE
language:
- en
pipeline_tag: text-generation
base_model: Qwen/Qwen2.5-1.5B-Instruct
tags:
- chat
- mlx
- gguf
- llama.cpp
- ollama
- security
- threat-modeling
- structured-output
- json
library_name: mlx
---
# PWNISMS-Threat-Model-Structured
Fused [MLX](https://github.com/ml-explore/mlx) and GGUF releases of **Qwen2.5-1.5B-Instruct** fine-tuned to emit **valid JSON** matching a **PWNISMS** structured threat model (seven domains: Product, Workload, Network, IAM, Secrets, Monitoring, SupplyChain), with optional STRIDE cross-tags and concrete mitigations.
## Base Model And License
- **Base:** [`Qwen/Qwen2.5-1.5B-Instruct`](https://huggingface.co/Qwen/Qwen2.5-1.5B-Instruct) (Apache-2.0).
- This release is a **derivative work** of the base model. The base license applies; retain notices and state modifications as required by Apache-2.0. See [`LICENSE`](LICENSE).
## Training Summary
- **Method:** LoRA fine-tuning on MLX (`mlx_lm`), then fused into a single checkpoint.
- **Base:** `Qwen/Qwen2.5-1.5B-Instruct`
- **LoRA:** rank 8, scale 20, 16 layers, max sequence length 10240, 1200 iterations.
- **GGUF conversion:** llama.cpp `convert_hf_to_gguf.py`, plus Q4_K_M quantization with `llama-quantize`.
## Output Contract
The model is trained to answer with **JSON only** for a chat shaped as:
- **System:** PWNISMS architect instructions requiring all seven domains, concrete mitigations, and scenario-grounded components.
- **User:** Markdown system description.
The expected object is defined by the included [`threat_model_schema.json`](threat_model_schema.json).
**Minimum bar:** at least **5** threats, exactly **7** `pwnisms_coverage` entries, and each threat id must appear under its domains `threat_ids`.
## Limitations And Evaluation
Internal pulse check (n=20 held-out style samples, local script): **16/20** parse as JSON, **12/20** pass full Pydantic validation, and **12/20** cover all seven domains with the schema. Real deployments should validate outputs with Pydantic or JSON Schema and never treat this model as a substitute for expert review.
Long scenarios can need **up to ~12k output tokens**; lower caps may truncate JSON.
## Load And Generate (MLX)
```python
from mlx_lm import load, generate
model, tokenizer = load("abhaybhargav/PWNISMS-Threat-Model-Structured")
system = """You are a senior security architect. Produce a PWNISMS threat model for the described system.
Address all seven PWNISMS domains: Product, Workload, Network, IAM, Secrets, Monitoring, SupplyChain.
Mitigations must reference concrete technologies, configurations, or processes.
Return only valid JSON matching the required schema."""
user = open("scenario.md").read()
messages = [{"role": "system", "content": system}, {"role": "user", "content": user}]
prompt = tokenizer.apply_chat_template(messages, add_generation_prompt=True, tokenize=False)
text = generate(model, tokenizer, prompt=prompt, max_tokens=12000, verbose=False)
print(text)
```
## Load And Generate (GGUF / llama.cpp)
Recommended default:
- `PWNISMS-Threat-Model-Structured-Q4_K_M.gguf` (~940MB): broad local compatibility, much smaller than F16.
Reference precision:
- `PWNISMS-Threat-Model-Structured-F16.gguf` (~2.9GB): F16 GGUF export.
Example with llama.cpp:
```bash
llama-cli \
-m PWNISMS-Threat-Model-Structured-Q4_K_M.gguf \
--ctx-size 12000 \
--temp 0.2 \
-p '<|im_start|>system
You are a senior security architect. Produce a PWNISMS threat model for the described system.
Address all seven PWNISMS domains: Product, Workload, Network, IAM, Secrets, Monitoring, SupplyChain.
Mitigations must reference concrete technologies, configurations, or processes.
Return only valid JSON matching the required schema.<|im_end|>
<|im_start|>user
<paste the system scenario markdown here><|im_end|>
<|im_start|>assistant
'
```
## Ollama
Create a `Modelfile` next to the downloaded GGUF:
```text
FROM ./PWNISMS-Threat-Model-Structured-Q4_K_M.gguf
PARAMETER temperature 0.2
PARAMETER num_ctx 12000
TEMPLATE """{{ .Prompt }}"""
```
Then run:
```bash
ollama create pwnisms-threat-model-structured -f Modelfile
ollama run pwnisms-threat-model-structured
```
## Files
| File | Purpose |
|------|---------|
| `model.safetensors` | Fused MLX/HF-format weights |
| `PWNISMS-Threat-Model-Structured-Q4_K_M.gguf` | Quantized GGUF for llama.cpp/Ollama/local tools |
| `PWNISMS-Threat-Model-Structured-F16.gguf` | F16 GGUF reference export |
| `config.json`, `tokenizer.json`, `tokenizer_config.json`, `chat_template.jinja` | Model + tokenizer |
| `threat_model_schema.json` | JSON Schema for outputs |
| `examples/sample_scenario.md` | Tiny example input shape |
## Intended Use
This model is intended to assist application and security architects in drafting structured PWNISMS threat models from system descriptions. It is not a formal risk decision engine and should be reviewed by humans before use in production assurance, audit, or compliance workflows.
Reference in New Issue Copy Permalink