lemon42-ai
/

ThreatDetect-C-Cpp

@@ -25,7 +25,7 @@ The actual version has an accuracy of 82% <br>
 ### Model Description
-ThreatDetect-C-Cpp can be used as a code classifier. It classify the input code into 7 labels: 'safe' (no vulnerability detected) and six other CWE weaknesses:
 | Label  | Description                                         |
 |---------|-------------------------------------------------------|
 | CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
@@ -38,7 +38,7 @@ ThreatDetect-C-Cpp can be used as a code classifier. It classify the input code
 - **Developed by:** [lemon42-ai](https://github.com/lemon42-ai)
-- **Contributers** [Abdellah Oumida](https://www.linkedin.com/in/abdellah-oumida-ab9082234/) & [Mohamed Sbaihi](https://www.linkedin.com/in/mohammed-sbaihi-aa6493254/)
 - **Model type:** [ModernBERT, Encoder-only Transformer](https://arxiv.org/abs/2412.13663)
 - **Supported Programming Languages:** C/C++
 - **License:** Apache 2.0 (see original License of ModernBERT-Base)
@@ -58,142 +58,63 @@ ThreadDetect-C-Cpp can be integrated in code-related applications. For example,
 ## Bias, Risks, and Limitations
-[More Information Needed]
-### Recommendations
-<!-- This section is meant to convey recommendations with respect to the bias, risk, and technical limitations. -->
-Users (both direct and downstream) should be made aware of the risks, biases and limitations of the model. More information needed for further recommendations.
-## How to Get Started with the Model
-Use the code below to get started with the model.
-[More Information Needed]
 ## Training Details
 ### Training Data
-<!-- This should link to a Dataset Card, perhaps with a short stub of information on what the training data is all about as well as documentation related to data pre-processing or additional filtering. -->
-[More Information Needed]
 ### Training Procedure
-<!-- This relates heavily to the Technical Specifications. Content here should link to that section when it is relevant to the training procedure. -->
-#### Preprocessing [optional]
-[More Information Needed]
 #### Training Hyperparameters
-- **Training regime:** [More Information Needed] <!--fp32, fp16 mixed precision, bf16 mixed precision, bf16 non-mixed precision, fp16 non-mixed precision, fp8 mixed precision -->
-#### Speeds, Sizes, Times [optional]
-<!-- This section provides information about throughput, start/end time, checkpoint size if relevant, etc. -->
-[More Information Needed]
 ## Evaluation
-<!-- This section describes the evaluation protocols and provides the results. -->
-### Testing Data, Factors & Metrics
-#### Testing Data
-<!-- This should link to a Dataset Card if possible. -->
-[More Information Needed]
-#### Factors
-<!-- These are the things the evaluation is disaggregating by, e.g., subpopulations or domains. -->
-[More Information Needed]
-#### Metrics
-<!-- These are the evaluation metrics being used, ideally with a description of why. -->
-[More Information Needed]
-### Results
-[More Information Needed]
-#### Summary
-## Model Examination [optional]
-<!-- Relevant interpretability work for the model goes here -->
-[More Information Needed]
-## Environmental Impact
-<!-- Total emissions (in grams of CO2eq) and additional considerations, such as electricity usage, go here. Edit the suggested text below accordingly -->
-Carbon emissions can be estimated using the [Machine Learning Impact calculator](https://mlco2.github.io/impact#compute) presented in [Lacoste et al. (2019)](https://arxiv.org/abs/1910.09700).
-- **Hardware Type:** [More Information Needed]
-- **Hours used:** [More Information Needed]
-- **Cloud Provider:** [More Information Needed]
-- **Compute Region:** [More Information Needed]
-- **Carbon Emitted:** [More Information Needed]
-## Technical Specifications [optional]
-### Model Architecture and Objective
-[More Information Needed]
-### Compute Infrastructure
-[More Information Needed]
 #### Hardware
-[More Information Needed]
-#### Software
-[More Information Needed]
-## Citation [optional]
-<!-- If there is a paper or blog post introducing the model, the APA and Bibtex information for that should go in this section. -->
-**BibTeX:**
-[More Information Needed]
-**APA:**
-[More Information Needed]
-## Glossary [optional]
-<!-- If relevant, include terms and calculations in this section that can help readers understand the model or model card. -->
-[More Information Needed]
-## More Information [optional]
-[More Information Needed]
-## Model Card Authors [optional]
-[More Information Needed]
-## Model Card Contact
-[More Information Needed]

 ### Model Description
+ThreatDetect-C-Cpp can be used as a code classifier. Instead of binary classification ("safe", "unsafe"), it classify the input code into 7 labels: 'safe' (no vulnerability detected) and six other CWE weaknesses:
 | Label  | Description                                         |
 |---------|-------------------------------------------------------|
 | CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
 - **Developed by:** [lemon42-ai](https://github.com/lemon42-ai)
+- **Contributers** [Abdellah Oumida](https://www.linkedin.com/in/abdellah-oumida-ab9082234/) & [Mohammed Sbaihi](https://www.linkedin.com/in/mohammed-sbaihi-aa6493254/)
 - **Model type:** [ModernBERT, Encoder-only Transformer](https://arxiv.org/abs/2412.13663)
 - **Supported Programming Languages:** C/C++
 - **License:** Apache 2.0 (see original License of ModernBERT-Base)
 ## Bias, Risks, and Limitations
+ThreadDetect-C-Cpp can detect weaknesses in C/C++ code only. It should not be used with other programming languages.<br>
+The model can only detect the six CWEs in the table above.
 ## Training Details
 ### Training Data
+The model was fine-tuned on a minified, clean and deduplicated version of [DiverseVul](https://github.com/wagner-group/diversevul) dataset. <br>
+This new version can be explored on HF datasets [HERE](https://huggingface.co/datasets/lemon42-ai/minified-diverseful-multilabels)
 ### Training Procedure
+The model was trained using LoRA applied to Q and V matrices.
 #### Training Hyperparameters
+| Hyperparameter          | Value                      |
+|-------------------------|---------------------------|
+| Max Sequence Length    | 600                         |
+| Batch Size            | 48                          |
+| Number of Epochs       | 20                          |
+| Learning Rate         | 5e-4                        |
+| Weight Decay          | 0.01                        |
+| Logging Steps         | 100                         |
+| LoRA Rank (r)         | 8                           |
+| LoRA Alpha            | 32                          |
+| LoRA Dropout          | 0.1                         |
+| LoRA Target Modules   | attn.Wqkv                   |
+| Optimizer             | AdamW                       |
+| LR Scheduler          | CosineAnnealingWarmRestarts |
+| Scheduler T_0         | 10                          |
+| Scheduler T_mult      | 2                           |
+| Scheduler eta_min     | 1e-6                        |
+| Training Split Ratio  | 90% Train / 10% Validation  |
+| Seed for Splitting    | 42                          |
 ## Evaluation
+ThreatDetect-C-Cpp reaches an accruacy of 82%.
+## Technical Specifications
 #### Hardware
+The model was fine-tuned on 4 GPUs using torch + accelerate frameworks.