Model Card for DER-SecAgent-LLama3.2-3B-Inst-SFT

DER-SecAgent-LLama3.2-3B-Inst-SFT is a LoRA adapter for
meta-llama/Llama-3.2-3B-Instruct specialized in:

Distributed Energy Resources (DER) cybersecurity
Power system OT/ICS & SCADA security

It is designed as a copilot for security engineers and researchers to help with assessments, threat analysis, and report/checklist drafting — not as an autonomous controller for real power systems.

Model Details

Model Description

Developed by:
MyeongHa Hwang (KEPCO Research Institute)
Funded by:
KEPCO Research Institute (KEPRI)
Model type:
LoRA / PEFT adapter on top of an instruction-tuned LLM (Llama 3.2 3B, decoder-only, text-only)
Language(s) (NLP):
- English
License:
Inherits the Llama 3.2 Community License from meta-llama/Llama-3.2-3B-Instruct.
Users must comply with Meta’s license and acceptable use policy.
Finetuned from model:
meta-llama/Llama-3.2-3B-Instruct

Model Sources

Repository:
https://huggingface.co/MyeongHaHwang/DER-SecAgent-LLama3.2-3B-Inst-SFT
Paper:
[TBD] DER-SecAgent: A Multi-Agent based Cybersecurity Framework for Distributed Energy Resources (Applied Energy, SCIE)
Demo:
https://github.com/KEPSOAR/DER-SecAgent

Uses

Direct Use

This model is a LoRA adapter; it must be loaded on top of
meta-llama/Llama-3.2-3B-Instruct.

Typical direct uses:

🔐 DER / OT security Q&A
- Risks and mitigations for solar PV, ESS, inverters, EV chargers, gateways, EMS/DERMS, etc.
- OT network segmentation, DMZ/firewall design considerations
📋 Security checklist & guideline drafting
- Drafting checklists (accounts, ports/services, logging, patching…)
- Summarizing security docs and extracting key recommendations
🧠 Threat / risk analysis assistance
- Brainstorming attack scenarios and mitigation options for given architectures
🧾 Report / email / memo drafting
- Security assessment summaries and action plan skeletons

Intended users: security engineers, researchers, and OT/DER operators who already have domain knowledge and want a text-generation copilot.

Downstream Use

Possible downstream adaptations:

Further SFT with organization-specific internal security policies/manuals
Specialized copilots for specific protocols (e.g., Modbus, DNP3, IEC 60870-5-104, IEC 61850)
Integration as a “report / analysis agent” inside multi-agent security orchestration frameworks (e.g., LangGraph-based DER-SecAgent system)

Out-of-Scope Use

The model must not be used for:

Directly generating and deploying control/protection logic to live power systems without expert review
Generating exploit code, malware, or detailed attack instructions for real-world systems
Unauthorised penetration testing or any activity that violates laws, regulations, or contracts
Making final regulatory / compliance / legal decisions
Fully automated operation of critical infrastructure based solely on model outputs

Bias, Risks, and Limitations

Hallucinations:
May invent standards IDs, configuration values, or recommendations that look plausible but are not actually in any referenced document.
Staleness:
Does not reliably reflect the latest vulnerabilities, patches, or regulatory changes.
Legal / regulatory gaps:
Not a substitute for legal advice or formal interpretation of standards (e.g., NERC CIP, NIS2, local regulations).
Domain scope:
Optimized for DER / power OT; less benefit for generic IT/web security or other sectors.

Recommendations

Always keep a human expert in the loop for any real decisions or design changes.
Cross-check important numbers, standard IDs, and regulatory content against original sources.
In production settings, place the model behind policy engines / rule-based filters and approval workflows, especially in any semi-automated pipeline.

Glossary

DER: Distributed Energy Resources (solar, wind, ESS, EV chargers, etc.).
OT: Operational Technology – systems that monitor/control physical equipment.
ICS: Industrial Control Systems – SCADA, PLCs, RTUs, etc.
LoRA: Low-Rank Adaptation; parameter-efficient finetuning technique.
SFT: Supervised Fine-Tuning on instruction–response pairs.

Model Card Contact

Myeong-Ha Hwang: raphael9290@gmail.com

@misc{dersecagent2025, title = {DER-SecAgent: A Multi-Agent based Cybersecurity Framework for Distributed Energy Resources}, author = {Hwang, MyeongHa}, year = {2025}, howpublished = {\url{https://huggingface.co/MyeongHaHwang/DER-SecAgent-LLama3.2-3B-Inst-SFT}}, note = {Fine-tuned from meta-llama/Llama-3.2-3B-Instruct} }

How to Get Started with the Model

import torch
from transformers import AutoModelForCausalLM, AutoTokenizer
from peft import PeftModel

base_model_id = "meta-llama/Llama-3.2-3B-Instruct"
adapter_id    = "MyeongHaHwang/DER-SecAgent-LLama3.2-3B-Inst-SFT"

tokenizer = AutoTokenizer.from_pretrained(base_model_id)
model = AutoModelForCausalLM.from_pretrained(
    base_model_id,
    torch_dtype=torch.bfloat16,
    device_map="auto",
)

model = PeftModel.from_pretrained(model, adapter_id)
model.eval()

messages = [
    {
        "role": "system",
        "content": "You are DER-SecAgent, a cybersecurity copilot for distributed energy resources (DER)."
    },
    {
        "role": "user",
        "content": "Explain the security risks and mitigations when a solar inverter exposes Modbus TCP directly to the internet."
    },
]

input_ids = tokenizer.apply_chat_template(
    messages,
    add_generation_prompt=True,
    return_tensors="pt",
).to(model.device)

with torch.no_grad():
    outputs = model.generate(
        input_ids,
        max_new_tokens=512,
        do_sample=True,
        top_p=0.9,
        temperature=0.3,
    )

print(tokenizer.decode(outputs[0], skip_special_tokens=True))

Downloads last month: 31

Model tree for MyeongHaHwang/DER-SecAgent-LLama3.2-3B-Inst-SFT

Base model

meta-llama/Llama-3.2-3B-Instruct

Adapter

(570)

this model