abhaybhargav/PWNISMS-Threat-Model-Structured
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity
Files
5317ba3ed0c01b6de012a84da6c97ea0ea1d56d1
PWNISMS-Threat-Model-Struct…/README.md
ModelHub XC 5317ba3ed0 初始化项目,由ModelHub XC社区提供模型 
Model: abhaybhargav/PWNISMS-Threat-Model-Structured
Source: Original Platform
2026-06-19 06:52:16 +08:00

5.0 KiB
Raw Blame History

license, license_link, language, pipeline_tag, base_model, tags, library_name
license license_link language pipeline_tag base_model tags library_name
apache-2.0 https://huggingface.co/Qwen/Qwen2.5-1.5B-Instruct/blob/main/LICENSE
en
text-generation Qwen/Qwen2.5-1.5B-Instruct
chat
mlx
gguf
llama.cpp
ollama
security
threat-modeling
structured-output
json
mlx

PWNISMS-Threat-Model-Structured

Fused MLX and GGUF releases of Qwen2.5-1.5B-Instruct fine-tuned to emit valid JSON matching a PWNISMS structured threat model (seven domains: Product, Workload, Network, IAM, Secrets, Monitoring, SupplyChain), with optional STRIDE cross-tags and concrete mitigations.

Base Model And License

  • Base: Qwen/Qwen2.5-1.5B-Instruct (Apache-2.0).
  • This release is a derivative work of the base model. The base license applies; retain notices and state modifications as required by Apache-2.0. See LICENSE.

Training Summary

  • Method: LoRA fine-tuning on MLX (mlx_lm), then fused into a single checkpoint.
  • Base: Qwen/Qwen2.5-1.5B-Instruct
  • LoRA: rank 8, scale 20, 16 layers, max sequence length 10240, 1200 iterations.
  • GGUF conversion: llama.cpp convert_hf_to_gguf.py, plus Q4_K_M quantization with llama-quantize.

Output Contract

The model is trained to answer with JSON only for a chat shaped as:

  • System: PWNISMS architect instructions requiring all seven domains, concrete mitigations, and scenario-grounded components.
  • User: Markdown system description.

The expected object is defined by the included threat_model_schema.json.

Minimum bar: at least 5 threats, exactly 7 pwnisms_coverage entries, and each threat id must appear under its domains threat_ids.

Limitations And Evaluation

Internal pulse check (n=20 held-out style samples, local script): 16/20 parse as JSON, 12/20 pass full Pydantic validation, and 12/20 cover all seven domains with the schema. Real deployments should validate outputs with Pydantic or JSON Schema and never treat this model as a substitute for expert review.

Long scenarios can need up to ~12k output tokens; lower caps may truncate JSON.

Load And Generate (MLX)

from mlx_lm import load, generate

model, tokenizer = load("abhaybhargav/PWNISMS-Threat-Model-Structured")

system = """You are a senior security architect. Produce a PWNISMS threat model for the described system.
Address all seven PWNISMS domains: Product, Workload, Network, IAM, Secrets, Monitoring, SupplyChain.
Mitigations must reference concrete technologies, configurations, or processes.
Return only valid JSON matching the required schema."""

user = open("scenario.md").read()
messages = [{"role": "system", "content": system}, {"role": "user", "content": user}]
prompt = tokenizer.apply_chat_template(messages, add_generation_prompt=True, tokenize=False)
text = generate(model, tokenizer, prompt=prompt, max_tokens=12000, verbose=False)
print(text)

Load And Generate (GGUF / llama.cpp)

Recommended default:

  • PWNISMS-Threat-Model-Structured-Q4_K_M.gguf (~940MB): broad local compatibility, much smaller than F16.

Reference precision:

  • PWNISMS-Threat-Model-Structured-F16.gguf (~2.9GB): F16 GGUF export.

Example with llama.cpp:

llama-cli \
  -m PWNISMS-Threat-Model-Structured-Q4_K_M.gguf \
  --ctx-size 12000 \
  --temp 0.2 \
  -p '<|im_start|>system
You are a senior security architect. Produce a PWNISMS threat model for the described system.
Address all seven PWNISMS domains: Product, Workload, Network, IAM, Secrets, Monitoring, SupplyChain.
Mitigations must reference concrete technologies, configurations, or processes.
Return only valid JSON matching the required schema.<|im_end|>
<|im_start|>user
<paste the system scenario markdown here><|im_end|>
<|im_start|>assistant
'

Ollama

Create a Modelfile next to the downloaded GGUF:

FROM ./PWNISMS-Threat-Model-Structured-Q4_K_M.gguf
PARAMETER temperature 0.2
PARAMETER num_ctx 12000
TEMPLATE """{{ .Prompt }}"""

Then run:

ollama create pwnisms-threat-model-structured -f Modelfile
ollama run pwnisms-threat-model-structured

Files

File Purpose
model.safetensors Fused MLX/HF-format weights
PWNISMS-Threat-Model-Structured-Q4_K_M.gguf Quantized GGUF for llama.cpp/Ollama/local tools
PWNISMS-Threat-Model-Structured-F16.gguf F16 GGUF reference export
config.json, tokenizer.json, tokenizer_config.json, chat_template.jinja Model + tokenizer
threat_model_schema.json JSON Schema for outputs
examples/sample_scenario.md Tiny example input shape

Intended Use

This model is intended to assist application and security architects in drafting structured PWNISMS threat models from system descriptions. It is not a formal risk decision engine and should be reviewed by humans before use in production assurance, audit, or compliance workflows.