Search papers, labs, and topics across Lattice.
OpenSOC-AI leverages parameter-efficient fine-tuning (LoRA) of TinyLlama-1.1B to automate threat classification, MITRE ATT&CK mapping, and severity assessment of security logs, addressing the cybersecurity resource gap for SMBs. Fine-tuning with only 1.13% trainable parameters on 450 SOC examples achieved significant accuracy gains: 68% for threat classification and 30% for severity assessment. The release of the codebase, adapter weights, and datasets promotes community-driven security solutions.
SMBs drowning in security logs can now achieve enterprise-grade threat detection with a lightweight, open-source framework fine-tuned on a tiny LLM.
Small and medium sized businesses (SMBs) face an escalating cybersecurity threat landscape, yet most lack the resources to staff full Security Operations Centers (SOCs) or deploy enterprise grade detection platforms. This paper presents OpenSOC-AI, a lightweight log analysis framework that uses parameter efficient fine tuning of a 1.1-billion parameter language model (TinyLlama-1.1B) to perform automated threat classification, MITRE ATT&CK technique mapping, and severity assessment on raw security log entries. Using Low-Rank Adaptation (LoRA) with only 12.6 million trainable parameters (roughly 1.13% of the base model), we fine tuned on 450 domain specific SOC examples in under five minutes on a single NVIDIA T4 GPU. Testing on a heldout set of 50 examples showed a 68% point gain in threat classification accuracy (from 0% to 68%), a 30% point gain in severity accuracy (from 28% to 58%), and an F1 score of 0.68 compared to the untuned baseline. Full codebase, adapter weights, and datasets are publicly released to support reproducibility and community extension.
