Research

DEMIST-2: Darktrace Embedding Model for Investigation of Security Threats

DEMIST-2 is Darktrace’s latest language model tailored for the cybersecurity domain. With just 95 million parameters, it delivers powerful text analysis for threat detection and classification, while remaining lightweight enough for local deployment. Trained on both natural language and security-specific data, DEMIST-2 excels in embedded environments using custom LoRA adapters to specialize in diverse tasks with minimal memory and compute overhead. This report details its architecture, training process, and performance evaluations. It also highlights DEMIST-2’s improvements over earlier models and its role in enhancing the accuracy and speed of cybersecurity operations within Darktrace’s product ecosystem.

Download this research paper

In this report, we detail our latest research in developing language models specialized for the cyber security domain. We present our latest model, DEMIST-2, a sub-100 million parameter model that is capable of analyzing a vast range of cyber security-related text. We describe the training process including training data, model architecture and optimization choices before evaluating DEMIST-2 against comparable models. By using DEMIST-2 in combination with a custom LoRA swapping architecture, we can specialize DEMIST-2 into a range of tasks, whilst minimizing computational overhead and memory usage. We overview several unique tasks and evaluate our performance.

Researcher
Miguel Neves Fonseca
Specialist Machine Learning Researcher
Philip Sellars
Machine Learning Research Lead
Tim Bazalgette
Chief AI Officer
Research Abstracts
Rapid Process-Chain Anomaly Detection Using a Multistage Classifier
Sorting long lists of file names by relevance and sensitive content
A system for analyzing network activity to detect stealthy cryptocurrency mining
Autonomous detection of the intended function of a corporate inbox through meta-scoring
Using epidemiology theory to identify the most damaging network devices
Automatic Identification of Scanned IP Ranges
A real-time, self-correcting similarity classifier for emails
Using graph theory to identify critical nodes within computer networks
Analyzing network activity to detect compromised devices sending spam emails
Detecting and preventing misdirected emails with correspondence semantics
AI Research Centre

Backed in Research.

In existence since Darktrace’s inception in 2013, the Darktrace AI Research Centre is foundational to our continued innovation. Rather than a defined product roadmap, the Centre looks at how AI can be applied to real-world challenges, to find solutions that cannot be achieved by humans alone.

Visit our AI Research Centre