stratosphere/qwen2.5-1.5b-slips-immune-unified

Overview

This model, stratosphere/qwen2.5-1.5b-slips-immune-unified, is a specialized fine-tuned version of Qwen2.5-1.5B-Instruct, developed by Stratosphere Laboratory, CTU Prague. It integrates three critical security analysis tasks for network incidents detected by Slips IDS into a single adapter. The model processes DAG-structured alert logs to provide comprehensive insights.

Key Capabilities

• Summarization: Translates technical Slips DAG alert logs into clear, human-readable incident summaries with per-event severity labels (CRITICAL/HIGH/MEDIUM/LOW/INFO).
• Cause Analysis: Identifies the likely cause of incidents (malicious activity, misconfiguration, or legitimate behavior) with structured reasoning.
• Risk Assessment: Produces calibrated risk levels, business impact, likelihood of malicious activity, and investigation priority.
• Unified Pipeline: Handles the full analyst workflow in one inference call, or through separate targeted queries.

Performance Highlights

• The fine-tuned 1.5B model outperforms untuned Qwen2.5 1.5B and 3B baselines in summarization, achieving a 19.1% win rate against other models as judged by gpt-oss-120b.
• It nearly matches GPT-4o's overall performance in cause analysis and risk assessment, and notably beats GPT-4o on cause analysis (15.58 vs 15.33 average score).

Intended Use Cases

• Automated triage of Slips IDS alerts for security analysts.
• First-pass analysis of network incident logs for downstream reporting or ticketing systems.
• Deployment on edge devices or low-resource servers (e.g., RPi5) via GGUF quantization.

Limitations

• Performance degrades on incidents exceeding the 4096-token context window (e.g., \u2265500 events).
• Stronger at cause identification than risk calibration.
• Less accurate on normal (benign) traffic summarization.
• Exclusively trained on Slips IDS logs; not suitable for other IDS formats or general security tasks.