abhaybhargav/PWNISMS-Threat-Model-Structured
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity
Files
main
PWNISMS-Threat-Model-Struct…/README.md
ModelHub XC 5317ba3ed0 初始化项目,由ModelHub XC社区提供模型 
Model: abhaybhargav/PWNISMS-Threat-Model-Structured
Source: Original Platform
2026-06-19 06:52:16 +08:00

133 lines
5.0 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
license: apache-2.0
license_link: https://huggingface.co/Qwen/Qwen2.5-1.5B-Instruct/blob/main/LICENSE
language:
- en
pipeline_tag: text-generation
base_model: Qwen/Qwen2.5-1.5B-Instruct
tags:
- chat
- mlx
- gguf
- llama.cpp
- ollama
- security
- threat-modeling
- structured-output
- json
library_name: mlx
---
# PWNISMS-Threat-Model-Structured
Fused [MLX](https://github.com/ml-explore/mlx) and GGUF releases of **Qwen2.5-1.5B-Instruct** fine-tuned to emit **valid JSON** matching a **PWNISMS** structured threat model (seven domains: Product, Workload, Network, IAM, Secrets, Monitoring, SupplyChain), with optional STRIDE cross-tags and concrete mitigations.
## Base Model And License
- **Base:** [`Qwen/Qwen2.5-1.5B-Instruct`](https://huggingface.co/Qwen/Qwen2.5-1.5B-Instruct) (Apache-2.0).
- This release is a **derivative work** of the base model. The base license applies; retain notices and state modifications as required by Apache-2.0. See [`LICENSE`](LICENSE).
## Training Summary
- **Method:** LoRA fine-tuning on MLX (`mlx_lm`), then fused into a single checkpoint.
- **Base:** `Qwen/Qwen2.5-1.5B-Instruct`
- **LoRA:** rank 8, scale 20, 16 layers, max sequence length 10240, 1200 iterations.
- **GGUF conversion:** llama.cpp `convert_hf_to_gguf.py`, plus Q4_K_M quantization with `llama-quantize`.
## Output Contract
The model is trained to answer with **JSON only** for a chat shaped as:
- **System:** PWNISMS architect instructions requiring all seven domains, concrete mitigations, and scenario-grounded components.
- **User:** Markdown system description.
The expected object is defined by the included [`threat_model_schema.json`](threat_model_schema.json).
**Minimum bar:** at least **5** threats, exactly **7** `pwnisms_coverage` entries, and each threat id must appear under its domains `threat_ids`.
## Limitations And Evaluation
Internal pulse check (n=20 held-out style samples, local script): **16/20** parse as JSON, **12/20** pass full Pydantic validation, and **12/20** cover all seven domains with the schema. Real deployments should validate outputs with Pydantic or JSON Schema and never treat this model as a substitute for expert review.
Long scenarios can need **up to ~12k output tokens**; lower caps may truncate JSON.
## Load And Generate (MLX)
```python
from mlx_lm import load, generate
model, tokenizer = load("abhaybhargav/PWNISMS-Threat-Model-Structured")
system = """You are a senior security architect. Produce a PWNISMS threat model for the described system.
Address all seven PWNISMS domains: Product, Workload, Network, IAM, Secrets, Monitoring, SupplyChain.
Mitigations must reference concrete technologies, configurations, or processes.
Return only valid JSON matching the required schema."""
user = open("scenario.md").read()
messages = [{"role": "system", "content": system}, {"role": "user", "content": user}]
prompt = tokenizer.apply_chat_template(messages, add_generation_prompt=True, tokenize=False)
text = generate(model, tokenizer, prompt=prompt, max_tokens=12000, verbose=False)
print(text)
```
## Load And Generate (GGUF / llama.cpp)
Recommended default:
- `PWNISMS-Threat-Model-Structured-Q4_K_M.gguf` (~940MB): broad local compatibility, much smaller than F16.
Reference precision:
- `PWNISMS-Threat-Model-Structured-F16.gguf` (~2.9GB): F16 GGUF export.
Example with llama.cpp:
```bash
llama-cli \
-m PWNISMS-Threat-Model-Structured-Q4_K_M.gguf \
--ctx-size 12000 \
--temp 0.2 \
-p '<|im_start|>system
You are a senior security architect. Produce a PWNISMS threat model for the described system.
Address all seven PWNISMS domains: Product, Workload, Network, IAM, Secrets, Monitoring, SupplyChain.
Mitigations must reference concrete technologies, configurations, or processes.
Return only valid JSON matching the required schema.<|im_end|>
<|im_start|>user
<paste the system scenario markdown here><|im_end|>
<|im_start|>assistant
'
```
## Ollama
Create a `Modelfile` next to the downloaded GGUF:
```text
FROM ./PWNISMS-Threat-Model-Structured-Q4_K_M.gguf
PARAMETER temperature 0.2
PARAMETER num_ctx 12000
TEMPLATE """{{ .Prompt }}"""
```
Then run:
```bash
ollama create pwnisms-threat-model-structured -f Modelfile
ollama run pwnisms-threat-model-structured
```
## Files
| File | Purpose |
|------|---------|
| `model.safetensors` | Fused MLX/HF-format weights |
| `PWNISMS-Threat-Model-Structured-Q4_K_M.gguf` | Quantized GGUF for llama.cpp/Ollama/local tools |
| `PWNISMS-Threat-Model-Structured-F16.gguf` | F16 GGUF reference export |
| `config.json`, `tokenizer.json`, `tokenizer_config.json`, `chat_template.jinja` | Model + tokenizer |
| `threat_model_schema.json` | JSON Schema for outputs |
| `examples/sample_scenario.md` | Tiny example input shape |
## Intended Use
This model is intended to assist application and security architects in drafting structured PWNISMS threat models from system descriptions. It is not a formal risk decision engine and should be reviewed by humans before use in production assurance, audit, or compliance workflows.
Reference in New Issue View Git Blame Copy Permalink