Instruction-Level Fine-Tuning of Gemma-2B for Cybersecurity and Synthetic Log Generation Aligned with MITRE Adversarial Tactics, Techniques, and Common Knowledge
Book Chapter
Iyer, V, Challa, V, Mohanty, P et al. (2026). Instruction-Level Fine-Tuning of Gemma-2B for Cybersecurity and Synthetic Log Generation Aligned with MITRE Adversarial Tactics, Techniques, and Common Knowledge
. Part F1934 131-144. 10.1007/978-3-031-98036-7_7
Iyer, V, Challa, V, Mohanty, P et al. (2026). Instruction-Level Fine-Tuning of Gemma-2B for Cybersecurity and Synthetic Log Generation Aligned with MITRE Adversarial Tactics, Techniques, and Common Knowledge
. Part F1934 131-144. 10.1007/978-3-031-98036-7_7
This research presents a novel approach to enhancing cybersecurity automation through instruction-level fine-tuning of the Gemma-2B language model, tailored specifically for cybersecurity operations and adversarial log generation. By aligning model behavior with the MITRE ATT&CK framework, the fine-tuned model learns to simulate and respond to a wide range of adversarial tactics, techniques, and procedures (TTPs). Our methodology involves curating a domain-specific instruction set focused on threat detection, log synthesis, and adversarial behavior emulation. The goal is to enable realistic, context-aware log generation and proactive threat simulation that improves security system robustness and analyst preparedness. Evaluation metrics include accuracy in tactic alignment, log realism, and detection efficacy in red team-blue team simulations. The results demonstrate that fine-tuned Gemma-2B significantly augments the fidelity of synthetic cybersecurity logs and enhances the automation of threat-informed defense strategies.
