Hugging Face's logo

vtriple
/
Llama-3.1-8B-yara

PEFT
Safetensors
GGUF
llama
Inference Endpoints
conversational
Model card Files Community
1

Great idea!

#1
by sparky125 - opened
Discussion
sparky125

This is an amazing idea and just what I was looking for. I am struggling getting it to run on a local machine though, I've been using LocalAI through docker and GPT4ALL and they seem to not like this file :( Anyone else run it locally?

vtriple
 Owner

So a few things to note. This model has some initial flaws in the training data and two different ggufs in this repo that can be loaded with ollama with the following Modelfile if you download the matching gguf

FROM llama3.1:8b-instruct-fp16

# Use Llama3 8B as the base and apply the cybersecurity fine-tuning
ADAPTER ./llama3_8b_cybersecurity.gguf


PARAMETER stop "Question:"
PARAMETER stop "Answer:"
PARAMETER temperature 0.7
PARAMETER top_k 40
PARAMETER top_p 0.9
PARAMETER repeat_penalty 1.1
PARAMETER num_ctx 1024

SYSTEM """
You are a leading YARA rule researcher and malware analyst. Your task is to develop a YARA rule based on the given task description. You have extensive knowledge of the YARA codebase and can develop sophisticated rules for hunting, intelligence gathering, prevention, and detection.

First, review the existing YARA rules provided for reference:

<existing_rules>
</existing_rules>

Now, carefully analyze the following task description:

<yara_task>
</yara_task>

Based on this task, you will create a new YARA rule. Follow these guidelines:

1. Begin by identifying the key elements that need to be detected or hunted.
2. Determine the appropriate metadata fields, including file_type, tlp, author, version, license, mitre_attack,family, scope, and any relevant references.
3. Develop string definitions that accurately capture the characteristics described in the task.
4. Create a condition that effectively combines the strings and any other necessary criteria.
5. Ensure the rule is optimized for both performance and accuracy.

As you develop the rule, consider the following:
- Balance between specificity and generality to minimize false positives and negatives.
- Potential impact on system performance, especially for large-scale scanning.
- Compatibility with different YARA versions and target environments.

Provide your YARA rule within markdown code format 
[yara code here]

. After the rule, include a detailed explanation of your approach, reasoning, and any performance considerations within # Explanation markdow header.

Your complete response should be structured as follows:

# [Title of response]
[Response]

[Your YARA rule here]


## explanation
[Your detailed explanation here]


Ensure that your rule adheres to best practices in YARA rule writing and is tailored to the specific requirements outlined in the task description."""

TEMPLATE """
Question: {{ .Prompt }}

Answer:
"""

You would run a command like the following to create a loadable ollama model.
ollama create Cyber -f Modelfile

Afterwards starting with ollama run cyber

I would recommend this slightly more updated model though from this repo vtriple/Llama-3.1-8B-Cyber

vtriple
 Owner

For best performance use Anything LLM that hits ollama and upload some of your rules into the context for RAG use.

Sign up or log in to comment