đ ThreatDetect-C-Cpp
A fine - tuned model based on ModernBERT - base for detecting vulnerabilities in C/C++ code, achieving 86% accuracy.
đ Quick Start
ThreatDetect - C - Cpp is a derivative version of [answerdotai/ModernBERT - base](https://huggingface.co/answerdotai/ModernBERT - base). We fine - tuned ModernBERT - base to detect vulnerabilities in C/C++ code, and the current version has an accuracy of 86%.
⨠Features
- Multi - label Classification: Instead of binary classification, it classifies input C/C++ code into 7 labels, including 'safe' and six CWE weaknesses.
- Code - related Integration: Can be integrated into code - related applications, such as paired with a code generator to detect vulnerabilities in generated code.
đĻ Installation
No installation steps are provided in the original document, so this section is skipped.
đģ Usage Examples
No code examples are provided in the original document, so this section is skipped.
đ Documentation
Model Details
Model Description
ThreatDetect - C - Cpp serves as a code classifier. It classifies the input code into 7 labels: 'safe' (no vulnerability detected) and six other CWE weaknesses:
| Label |
Description |
| CWE - 119 |
Improper Restriction of Operations within the Bounds of a Memory Buffer |
| CWE - 125 |
Out - of - bounds Read |
| CWE - 20 |
Improper Input Validation |
| CWE - 416 |
Use After Free |
| CWE - 703 |
Improper Check or Handling of Exceptional Conditions |
| CWE - 787 |
Out - of - bounds Write |
| safe |
Safe code |
- Developed by: [lemon42 - ai](https://github.com/lemon42 - ai)
- Contributors: [Abdellah Oumida](https://www.linkedin.com/in/abdellah - oumida - ab9082234/) & [Mohammed Sbaihi](https://www.linkedin.com/in/mohammed - sbaihi - aa6493254/)
- Model type: ModernBERT, Encoder - only Transformer
- Supported Programming Languages: C/C++
- License: Apache 2.0 (see original License of ModernBERT - Base)
- Finetuned from model: [answerdotai/ModernBERT - base](https://huggingface.co/answerdotai/ModernBERT - base)
Model Sources [optional]
- Repository: [The official lemon42 - ai Github repository](https://github.com/lemon42 - ai/ThreatDetect - code - vulnerability - detection)
- Technical Blog Post: Coming soon.
Uses
ThreatDetect - C - Cpp can be integrated into code - related applications. For example, it can be used in conjunction with a code generator to detect vulnerabilities in the generated code.
Bias, Risks, and Limitations
ThreatDetect - C - Cpp can only detect weaknesses in C/C++ code and should not be used with other programming languages. Also, the model can only detect the six CWEs listed in the table above.
Training Details
Training Data
The model was fine - tuned on a minified, clean, and deduplicated version of [DiverseVul](https://github.com/wagner - group/diversevul) dataset. This new version can be explored on HF datasets [HERE](https://huggingface.co/datasets/lemon42 - ai/minified - diverseful - multilabels).
Training Procedure
The model was trained using LoRA applied to Q and V matrices.
Training Hyperparameters
| Hyperparameter |
Value |
| Max Sequence Length |
600 |
| Batch Size |
32 |
| Number of Epochs |
9 |
| Learning Rate |
5e - 4 |
| Weight Decay |
0.01 |
| Logging Steps |
100 |
| LoRA Rank (r) |
8 |
| LoRA Alpha |
32 |
| LoRA Dropout |
0.1 |
| LoRA Target Modules |
attn.Wqkv |
| Optimizer |
AdamW |
| LR Scheduler |
CosineAnnealingWarmRestarts |
| Scheduler T_0 |
10 |
| Scheduler T_mult |
2 |
| Scheduler eta_min |
1e - 6 |
| Training Split Ratio |
90% Train / 10% Validation |
| Seed for Splitting |
42 |
Evaluation
ThreatDetect - C - Cpp reaches an accuracy of 86% on the eval set.
Technical Specifications
Hardware
The model was fine - tuned on 4 Tesla V100 GPUs for 1 hour using torch + accelerate frameworks.
đ License
This model is licensed under the Apache 2.0 license (see the original License of ModernBERT - Base).
%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
