# security-llama2-lora

A fine-tuned LoRA (Low-Rank Adaptation) model based on **LLaMA 2 7B** for security-focused Q&A, threat modeling, and OWASP guidance.

## 🎯 Model Overview

This model is optimized for security-related questions and provides responses on:
- **OWASP Top 10** vulnerabilities
- **Threat modeling** and risk assessment
- **API security** best practices
- **Cloud security** considerations
- **Incident response** procedures
- **Cryptography** and secure coding
- **Web application security**

## 📊 Model Details

| Attribute | Value |
|-----------|-------|
| **Base Model** | [meta-llama/Llama-2-7b-hf](https://huggingface.co/meta-llama/Llama-2-7b-hf) |
| **Model Type** | LoRA (Low-Rank Adaptation) |
| **Total Parameters** | 6.7B (base model) |
| **Trainable Parameters** | ~13.3M (0.2%) |
| **Training Framework** | HuggingFace Transformers + PEFT |
| **Precision** | FP16 |
| **Model Size** | ~50-100MB (LoRA adapters only) |
| **License** | [LLaMA 2 Community License](https://huggingface.co/meta-llama/Llama-2-7b-hf/blob/main/MODEL_CARD.md) |

## 📦 Files Included

```
security-llama2-lora/
├── adapter_model.bin           # LoRA weights (main model file)
├── adapter_config.json         # LoRA configuration
├── config.json                 # Model configuration
├── tokenizer.model             # LLaMA 2 tokenizer
├── tokenizer_config.json       # Tokenizer settings
├── special_tokens_map.json     # Special token mappings
└── README.md                   # This file
```

## 🚀 Quick Start

### Installation

```bash
pip install transformers peft torch
```

### Load the Model

```python
from transformers import AutoTokenizer, AutoModelForCausalLM
from peft import PeftModel

# Load base LLaMA 2 model
base_model_id = "meta-llama/Llama-2-7b-hf"
model = AutoModelForCausalLM.from_pretrained(
    base_model_id,
    torch_dtype=torch.float16,
    device_map="auto",
)
tokenizer = AutoTokenizer.from_pretrained(base_model_id)

# Load security-focused LoRA adapters
model = PeftModel.from_pretrained(model, "debashis2007/security-llama2-lora")

# Move to GPU if available
model = model.to("cuda")
```

### Generate Security Responses

```python
import torch

# Example security question
prompt = "[INST] What is SQL injection and how do you prevent it? [/INST]"

# Tokenize input
inputs = tokenizer(prompt, return_tensors="pt").to("cuda")

# Generate response
with torch.no_grad():
    outputs = model.generate(
        **inputs,
        max_length=256,
        temperature=0.7,
        top_p=0.9,
        do_sample=True,
    )

# Decode and print
response = tokenizer.decode(outputs[0], skip_special_tokens=True)
print(response)
```

## 📈 Training Details

### Dataset
- **Size:** 24 security-focused Q&A pairs
- **Categories:**
  - OWASP security principles
  - Threat modeling techniques
  - API security best practices
  - Cloud security considerations
  - Incident response procedures
  - Cryptographic best practices
  - Web application security

### Training Configuration

| Parameter | Value |
|-----------|-------|
| **Epochs** | 1 |
| **Batch Size** | 1 |
| **Gradient Accumulation Steps** | 2 |
| **Learning Rate** | 2e-4 |
| **LoRA Rank (r)** | 8 |
| **LoRA Alpha** | 16 |
| **LoRA Dropout** | 0.05 |
| **Target Modules** | q_proj, v_proj |
| **Max Token Length** | 256 |
| **Optimizer** | paged_adamw_8bit |

### Training Environment
- **Platform:** Google Colab
- **GPU:** NVIDIA T4 (16GB VRAM)
- **Training Time:** ~15 minutes
- **Framework Versions:**
  - transformers >= 4.36.2
  - peft >= 0.7.1
  - torch >= 2.0.0
  - bitsandbytes >= 0.41.0

## ⚡ Performance

| Metric | Value |
|--------|-------|
| **Model Size (LoRA only)** | ~50-100MB |
| **Inference Speed** | 2-5 seconds/query (GPU) |
| **Memory Usage (with base model)** | ~6-8GB VRAM |
| **CPU Inference** | Supported (slower, ~30-60 sec/query) |

### Inference Examples

**Example 1: SQL Injection Prevention**
```
Q: What is SQL injection and how do you prevent it?
A: [Model generates security-focused response]
```

**Example 2: Threat Modeling**
```
Q: Explain the STRIDE threat modeling methodology
A: [Model explains STRIDE with security examples]
```

**Example 3: API Security**
```
Q: What are the best practices for API security?
A: [Model provides comprehensive API security guidance]
```

## 🔧 Advanced Usage

### Fine-tune Further

You can continue fine-tuning this model on your own security dataset:

```python
from transformers import TrainingArguments, Trainer
from peft import get_peft_model, LoraConfig

# Load model with LoRA adapters
model = PeftModel.from_pretrained(base_model, "debashis2007/security-llama2-lora")

# Continue training...
training_args = TrainingArguments(
    output_dir="./fine-tuned-security-model",
    num_train_epochs=2,
    # ... other training args
)

trainer = Trainer(
    model=model,
    args=training_args,
    train_dataset=your_dataset,
    # ... other trainer args
)

trainer.train()
```

### Merge with Base Model

To create a standalone model (without needing base model):

```python
# Merge LoRA with base model
merged_model = model.merge_and_unload()
merged_model.save_pretrained("./security-llama2-merged")
tokenizer.save_pretrained("./security-llama2-merged")
```

## 📋 Limitations

1. **Training Data:** Model trained on only 24 examples - may have limited coverage
2. **Accuracy:** Security recommendations should be verified by domain experts
3. **Legal Compliance:** Not a substitute for professional security assessments
4. **Bias:** May reflect biases present in training data and base model
5. **Outdated Information:** Security landscape changes rapidly

## ⚠️ Important Notes

- **Educational Purpose:** This model is intended for educational and research purposes
- **Professional Review:** Always verify security recommendations from multiple authoritative sources
- **Production Use:** Not recommended for production critical systems without thorough testing
- **License Compliance:** Respects LLaMA 2 Community License terms

## 🔐 Security Best Practices

When using this model:

1. ✅ **Verify Recommendations** - Cross-reference with OWASP, security blogs, official docs
2. ✅ **Consult Experts** - Have security professionals review critical implementations
3. ✅ **Keep Updated** - Security threats evolve; update your knowledge regularly
4. ✅ **Test Thoroughly** - Test all security implementations in your environment
5. ✅ **Monitor & Review** - Continuously review security posture

## 📚 Related Resources

- [LLaMA 2 Model Card](https://huggingface.co/meta-llama/Llama-2-7b-hf)
- [PEFT Documentation](https://huggingface.co/docs/peft)
- [HuggingFace Transformers](https://huggingface.co/docs/transformers)
- [OWASP Top 10](https://owasp.org/www-project-top-ten/)

## 📝 Citation

If you use this model in your research, please cite:

```bibtex
@misc{security-llama2-lora-2024,
  author = {Debashis},
  title = {Security-Focused LLaMA 2 7B LoRA},
  year = {2024},
  publisher = {Hugging Face},
  howpublished = {\url{https://huggingface.co/debashis2007/security-llama2-lora}},
}
```

## 🤝 Support & Feedback

For issues, questions, or feedback:
- Open an issue on the model card
- Check existing discussions
- Share your use cases and improvements

## 📄 License

This model is subject to the [LLaMA 2 Community License](https://huggingface.co/meta-llama/Llama-2-7b-hf/blob/main/MODEL_CARD.md). 
Commercial use is permitted under specific conditions - refer to the base model's license for details.

---

**Created:** December 2024  
**Base Model:** Meta's LLaMA 2 7B  
**Fine-tuning:** HuggingFace Transformers + PEFT  
**Training Platform:** Google Colab