Dunateo
/

roberta-cwe-classifier-kelemia

@@ -1,199 +1,138 @@
 ---
-library_name: transformers
-tags: []
 ---
-# Model Card for Model ID
-<!-- Provide a quick summary of what the model is/does. -->
-## Model Details
-### Model Description
-<!-- Provide a longer summary of what this model is. -->
-This is the model card of a 🤗 transformers model that has been pushed on the Hub. This model card has been automatically generated.
-- **Developed by:** [More Information Needed]
-- **Funded by [optional]:** [More Information Needed]
-- **Shared by [optional]:** [More Information Needed]
-- **Model type:** [More Information Needed]
-- **Language(s) (NLP):** [More Information Needed]
-- **License:** [More Information Needed]
-- **Finetuned from model [optional]:** [More Information Needed]
-### Model Sources [optional]
-<!-- Provide the basic links for the model. -->
-- **Repository:** [More Information Needed]
-- **Paper [optional]:** [More Information Needed]
-- **Demo [optional]:** [More Information Needed]
-## Uses
-<!-- Address questions around how the model is intended to be used, including the foreseeable users of the model and those affected by the model. -->
-### Direct Use
-<!-- This section is for the model use without fine-tuning or plugging into a larger ecosystem/app. -->
-[More Information Needed]
-### Downstream Use [optional]
-<!-- This section is for the model use when fine-tuned for a task, or when plugged into a larger ecosystem/app -->
-[More Information Needed]
-### Out-of-Scope Use
-<!-- This section addresses misuse, malicious use, and uses that the model will not work well for. -->
-[More Information Needed]
-## Bias, Risks, and Limitations
-<!-- This section is meant to convey both technical and sociotechnical limitations. -->
-[More Information Needed]
-### Recommendations
-<!-- This section is meant to convey recommendations with respect to the bias, risk, and technical limitations. -->
-Users (both direct and downstream) should be made aware of the risks, biases and limitations of the model. More information needed for further recommendations.
-## How to Get Started with the Model
-Use the code below to get started with the model.
-[More Information Needed]
-## Training Details
-### Training Data
-<!-- This should link to a Dataset Card, perhaps with a short stub of information on what the training data is all about as well as documentation related to data pre-processing or additional filtering. -->
-[More Information Needed]
-### Training Procedure
-<!-- This relates heavily to the Technical Specifications. Content here should link to that section when it is relevant to the training procedure. -->
-#### Preprocessing [optional]
-[More Information Needed]
-#### Training Hyperparameters
-- **Training regime:** [More Information Needed] <!--fp32, fp16 mixed precision, bf16 mixed precision, bf16 non-mixed precision, fp16 non-mixed precision, fp8 mixed precision -->
-#### Speeds, Sizes, Times [optional]
-<!-- This section provides information about throughput, start/end time, checkpoint size if relevant, etc. -->
-[More Information Needed]
-## Evaluation
-<!-- This section describes the evaluation protocols and provides the results. -->
-### Testing Data, Factors & Metrics
-#### Testing Data
-<!-- This should link to a Dataset Card if possible. -->
-[More Information Needed]
-#### Factors
-<!-- These are the things the evaluation is disaggregating by, e.g., subpopulations or domains. -->
-[More Information Needed]
-#### Metrics
-<!-- These are the evaluation metrics being used, ideally with a description of why. -->
-[More Information Needed]
-### Results
-[More Information Needed]
-#### Summary
-## Model Examination [optional]
-<!-- Relevant interpretability work for the model goes here -->
-[More Information Needed]
-## Environmental Impact
-<!-- Total emissions (in grams of CO2eq) and additional considerations, such as electricity usage, go here. Edit the suggested text below accordingly -->
-Carbon emissions can be estimated using the [Machine Learning Impact calculator](https://mlco2.github.io/impact#compute) presented in [Lacoste et al. (2019)](https://arxiv.org/abs/1910.09700).
-- **Hardware Type:** [More Information Needed]
-- **Hours used:** [More Information Needed]
-- **Cloud Provider:** [More Information Needed]
-- **Compute Region:** [More Information Needed]
-- **Carbon Emitted:** [More Information Needed]
-## Technical Specifications [optional]
-### Model Architecture and Objective
-[More Information Needed]
-### Compute Infrastructure
-[More Information Needed]
-#### Hardware
-[More Information Needed]
-#### Software
-[More Information Needed]
-## Citation [optional]
-<!-- If there is a paper or blog post introducing the model, the APA and Bibtex information for that should go in this section. -->
-**BibTeX:**
-[More Information Needed]
-**APA:**
-[More Information Needed]
-## Glossary [optional]
-<!-- If relevant, include terms and calculations in this section that can help readers understand the model or model card. -->
-[More Information Needed]
-## More Information [optional]
-[More Information Needed]
-## Model Card Authors [optional]
-[More Information Needed]
-## Model Card Contact
-[More Information Needed]

 ---
+language: en
+license: mit
+tags:
+- text-classification
+- bert
+- roberta
+- CWE
+- security
+datasets:
+- Dunateo/VulnDesc_CWE_Mapping
+metrics:
+- loss
 ---
+# Kelemia for CWE Classification
+This model is a fine-tuned version of RoBERTa for classifying Common Weakness Enumeration (CWE) vulnerabilities.
+## Model description
+- **Model type:** RoBERTa
+- **Language(s):** English
+- **License:** MIT
+- **Finetuned from model:** [roberta-base](https://huggingface.co/roberta-base)
+## Intended uses & limitations
+This model is intended for classifying software vulnerabilities according to the CWE standard. It should be used as part of a broader security analysis process and not as a standalone solution for identifying vulnerabilities.
+## Training and evaluation data
+[Dunateo/VulnDesc_CWE_Mapping](https://huggingface.co/datasets/Dunateo/VulnDesc_CWE_Mapping)
+# Example Usage
+Here's an example of how to use this model for inference:
+```python
+from transformers import AutoTokenizer, AutoModelForSequenceClassification
+import torch
+# Load model and tokenizer
+model_name = "Dunateo/roberta-cwe-classifier-kelemia"
+tokenizer = AutoTokenizer.from_pretrained(model_name)
+model = AutoModelForSequenceClassification.from_pretrained(model_name)
+# Prepare input text
+text = "The application stores sensitive user data in plaintext."
+# Tokenize and prepare input
+inputs = tokenizer(text, return_tensors="pt", truncation=True, padding=True, max_length=512)
+# Perform inference
+with torch.no_grad():
+    outputs = model(**inputs)
+# Get prediction
+probabilities = torch.nn.functional.softmax(outputs.logits, dim=-1)
+predicted_class = torch.argmax(probabilities, dim=-1).item()
+print(f"Predicted CWE class: {predicted_class}")
+print(f"Confidence: {probabilities[predicted_class].item():.4f}")
+```
+## Label Dictionary
+This model uses the following mapping for CWE classes:
+```json
+{
+  "0": "CWE-79",
+  "1": "CWE-89",
+  ...
+}
+```python
+import json
+from transformers import AutoTokenizer
+tokenizer = AutoTokenizer.from_pretrained("Dunateo/roberta-cwe-classifier-kelemia")
+with open(tokenizer.vocab_files_names['label_dict_file'], 'r') as f:
+    label_dict = json.load(f)
+```
+# Now you can use label_dict to map prediction indices to CWE classes
+## Training procedure
+### Training hyperparameters
+- **Number of epochs:** 3
+- **Learning rate:** Scheduled from 1e-06 to 3.9e-05
+- **Batch size:** 8
+- **Weight decay:** 0.01
+- **Learning rate scheduler:** 5e-5
+### Training results
+- **Training Loss:** 4.201853184822278 (final)
+- **Validation Loss:** 2.821094036102295 (final)
+- **Training Time:** 5893.2502 seconds (approximately 1 hour 38 minutes)
+- **Samples per Second:** 1.059
+- **Steps per Second:** 0.066
+#### Loss progression
+| Epoch | Training Loss | Validation Loss |
+|-------|---------------|-----------------|
+| 1.0   | 4.822         | 4.639444828     |
+| 2.0   | 3.6549        | 3.355055332     |
+| 3.0   | 3.0617        | 2.821094036     |
+## Evaluation results
+The model shows consistent improvement over the training period:
+- **Initial Training Loss:** 5.5987
+- **Final Training Loss:** 3.0617
+- **Initial Validation Loss:** 4.639444828
+- **Final Validation Loss:** 2.821094036
+### Performance analysis
+- The model demonstrates a steady decrease in both training and validation loss, indicating good learning progress.
+- The final validation loss (2.82) being lower than the final training loss (3.06) suggests that the model generalizes well to unseen data.
+- There were two instances of gradient explosion (grad_norm of 603089.0625 and 68246.296875) early in training, but the model recovered and stabilized.
+## Ethical considerations
+This model should be used responsibly as part of a comprehensive security strategy. It should not be relied upon as the sole method for identifying or classifying vulnerabilities. False positives and negatives are possible, and results should be verified by security professionals.
+## Additional information
+For more details on the CWE standard, please visit [Common Weakness Enumeration](https://cwe.mitre.org/).
+To use this model or for more information, please contact [Your Contact Information].