--- license: apache-2.0 library_name: peft tags: - security - cybersecurity - lora - mistral - fine-tuned - instruction-tuned - peft - text-generation language: - en pipeline_tag: text-generation base_model: mistralai/Mistral-7B-Instruct-v0.1 --- # 🔒 Security-Focused Mistral 7B LoRA A fine-tuned [Mistral 7B](https://huggingface.co/mistralai/Mistral-7B-Instruct-v0.1) model optimized for cybersecurity questions and answers using LoRA (Low-Rank Adaptation). This model is specialized in providing detailed, accurate responses to security-related queries including vulnerabilities, attack vectors, defense mechanisms, and best practices. ## 📋 Model Details | Property | Value | |----------|-------| | **Base Model** | [mistralai/Mistral-7B-Instruct-v0.1](https://huggingface.co/mistralai/Mistral-7B-Instruct-v0.1) | | **Fine-tuning Method** | LoRA (r=8, α=16) | | **Training Data** | 24 security Q&A pairs (JSONL format) | | **Model Size** | 7B parameters (base) | | **LoRA Adapter Size** | ~50-100 MB | | **Framework** | Transformers + PEFT | | **License** | Same as Mistral (Apache 2.0) | --- ## 🎯 Use Cases This model is designed for: - **Security Education** - Learning about vulnerabilities and defenses - **Vulnerability Assessment** - Understanding attack vectors - **Security Best Practices** - Implementation recommendations - **Threat Analysis** - Explaining security concepts - **Compliance Questions** - Security-related compliance topics ### ✅ What It Does Well - Explains common security vulnerabilities (SQL injection, XSS, CSRF, etc.) - Provides defense mechanisms and mitigation strategies - Discusses security best practices and standards - Analyzes threat models and attack scenarios - Recommends secure coding practices ### ⚠️ Limitations - Trained on limited dataset (24 examples) for demonstration purposes - May not cover all specialized security topics - Should be used as educational supplement, not primary security advisor - Responses should be validated against official security documentation --- ## 🚀 Quick Start ### Installation ```bash # Install required packages pip install transformers peft torch # (Optional) For GPU support pip install torch --index-url https://download.pytorch.org/whl/cu118 ``` ### Basic Usage ```python from peft import AutoPeftModelForCausalLM from transformers import AutoTokenizer # Load the model model = AutoPeftModelForCausalLM.from_pretrained( "debashis2007/security-mistral-lora", device_map="auto", torch_dtype=torch.float16, ) # Load tokenizer tokenizer = AutoTokenizer.from_pretrained("mistralai/Mistral-7B-Instruct-v0.1") # Prepare input (Mistral format) prompt = "[INST] What is SQL injection and how do you prevent it? [/INST]" inputs = tokenizer(prompt, return_tensors="pt") # Generate response with torch.no_grad(): outputs = model.generate( **inputs, max_length=256, temperature=0.7, top_p=0.9, ) # Decode and print response = tokenizer.decode(outputs[0], skip_special_tokens=True) print(response) ``` ### Advanced Usage with Custom Settings ```python from peft import AutoPeftModelForCausalLM from transformers import AutoTokenizer import torch # Load model with specific settings model = AutoPeftModelForCausalLM.from_pretrained( "debashis2007/security-mistral-lora", device_map="auto", torch_dtype=torch.float16, load_in_8bit=True, # Optional: 8-bit quantization for memory efficiency ) tokenizer = AutoTokenizer.from_pretrained("mistralai/Mistral-7B-Instruct-v0.1") # Multiple questions questions = [ "What are the main types of web application attacks?", "How do you implement CSRF protection?", "Explain the principle of least privilege", ] for question in questions: prompt = f"[INST] {question} [/INST]" inputs = tokenizer(prompt, return_tensors="pt").to("cuda") with torch.no_grad(): outputs = model.generate( **inputs, max_length=512, temperature=0.7, top_p=0.95, do_sample=True, ) response = tokenizer.decode(outputs[0], skip_special_tokens=True) print(f"Q: {question}\nA: {response}\n" + "="*60 + "\n") ``` --- ## 📊 Training Details ### Training Configuration | Parameter | Value | |-----------|-------| | **Learning Rate** | 2e-4 | | **Epochs** | 1 | | **Batch Size** | 1 | | **Gradient Accumulation** | 4 | | **Max Token Length** | 256 | | **Optimizer** | paged_adamw_8bit | | **Precision** | FP16 | | **LoRA Rank (r)** | 8 | | **LoRA Alpha** | 16 | | **LoRA Dropout** | 0.05 | | **Target Modules** | ["q_proj", "v_proj"] | ### Training Environment - **Platform**: Google Colab - **GPU**: NVIDIA T4 (16GB VRAM) - **Training Time**: ~10-12 minutes - **Framework**: Transformers 4.36.2 + PEFT 0.7.1 - **Memory Optimization**: 4-bit quantization + gradient checkpointing ### Dataset - **Format**: JSONL (JSON Lines) - **Size**: 24 security Q&A pairs - **Topics**: - SQL Injection - Cross-Site Scripting (XSS) - Cross-Site Request Forgery (CSRF) - Authentication & Authorization - Encryption & Hashing - Security Best Practices - Vulnerability Assessment - Threat Modeling Example data point: ```json { "instruction": "What is SQL injection and how do you prevent it?", "response": "SQL injection is a security vulnerability that occurs when an attacker inserts malicious SQL code into input fields. It exploits improperly validated or unescaped user input. Prevention methods include: 1) Using parameterized queries, 2) Input validation and sanitization, 3) Principle of least privilege for database accounts, 4) Web application firewalls, 5) Security testing and code reviews." } ``` --- ## 💡 Usage Examples ### Example 1: Security Vulnerability Explanation ```python prompt = "[INST] What is a buffer overflow vulnerability? [/INST]" inputs = tokenizer(prompt, return_tensors="pt").to("cuda") outputs = model.generate(**inputs, max_length=256, temperature=0.7) print(tokenizer.decode(outputs[0], skip_special_tokens=True)) ``` **Expected Output**: Explanation of buffer overflow, its consequences, and prevention methods. ### Example 2: Best Practice Recommendation ```python prompt = "[INST] What are the best practices for password storage? [/INST]" inputs = tokenizer(prompt, return_tensors="pt").to("cuda") outputs = model.generate(**inputs, max_length=256, temperature=0.7) print(tokenizer.decode(outputs[0], skip_special_tokens=True)) ``` **Expected Output**: Recommendations including hashing, salting, key derivation functions, etc. ### Example 3: Attack Scenario Analysis ```python prompt = "[INST] How would an attacker exploit an unpatched software vulnerability? [/INST]" inputs = tokenizer(prompt, return_tensors="pt").to("cuda") outputs = model.generate(**inputs, max_length=256, temperature=0.7) print(tokenizer.decode(outputs[0], skip_special_tokens=True)) ``` **Expected Output**: Explanation of exploitation methods and defense strategies. --- ## ⚙️ Model Architecture The model uses: - **Base**: Mistral 7B Instruct v0.1 - **Adaptation**: LoRA (Low-Rank Adaptation) - **Quantization**: 4-bit (during training) - **Key Modifications**: - Q and V projections adapted with LoRA - Gradient checkpointing for memory efficiency - Flash Attention 2 for faster inference (when available) ### LoRA Details ```python LoraConfig( r=8, # Rank lora_alpha=16, # Scaling factor lora_dropout=0.05, # Dropout probability bias="none", # Don't train bias task_type="CAUSAL_LM", # Causal language modeling target_modules=["q_proj", "v_proj"], # Adapted modules inference_mode=False, # Training mode ) ``` --- ## 🔍 Evaluation ### Model Performance The model was evaluated on: - **Accuracy**: Factual correctness of security information - **Relevance**: Appropriateness of responses to queries - **Clarity**: Comprehensibility of explanations - **Completeness**: Coverage of important security concepts ### Known Issues - Limited training data may result in incomplete responses for edge cases - Responses should be verified against official security documentation - Not suitable as primary security advisory tool - May require fine-tuning with domain-specific data for production use --- ## 🛠️ Fine-tuning This Model To fine-tune this model further on your own data: ```python from peft import LoraConfig, get_peft_model from transformers import AutoModelForCausalLM, TrainingArguments, Trainer from datasets import load_dataset # Load base model with adapter model = AutoPeftModelForCausalLM.from_pretrained("debashis2007/security-mistral-lora") # Merge with base model if you want to continue training model = model.merge_and_unload() # Or create new LoRA config for additional training lora_config = LoraConfig( r=8, lora_alpha=16, target_modules=["q_proj", "v_proj"], lora_dropout=0.05, bias="none", task_type="CAUSAL_LM", ) model = get_peft_model(model, lora_config) # Define training arguments training_args = TrainingArguments( output_dir="./security-mistral-lora-v2", num_train_epochs=3, per_device_train_batch_size=1, gradient_accumulation_steps=4, learning_rate=2e-4, fp16=True, save_steps=10, logging_steps=5, ) # Create trainer trainer = Trainer( model=model, args=training_args, train_dataset=dataset, ) # Train trainer.train() ``` --- ## 📚 Resources ### Documentation - [PEFT Documentation](https://huggingface.co/docs/peft/) - [Transformers Documentation](https://huggingface.co/docs/transformers/) - [LoRA Paper](https://arxiv.org/abs/2106.09685) - [Mistral Model Card](https://huggingface.co/mistralai/Mistral-7B-Instruct-v0.1) ### Related Models - [Mistral 7B](https://huggingface.co/mistralai/Mistral-7B-v0.1) - Base model - [Mistral 7B Instruct](https://huggingface.co/mistralai/Mistral-7B-Instruct-v0.1) - Instruction-tuned base - [LLaMA 2 7B](https://huggingface.co/meta-llama/Llama-2-7b-hf) - Alternative base model - [Phi-2](https://huggingface.co/microsoft/phi-2) - Smaller alternative --- ## ⚖️ License & Attribution This model is based on: - **Mistral 7B**: Licensed under [Mistral AI Research License Agreement](https://huggingface.co/mistralai/Mistral-7B-v0.1) Modifications using LoRA are provided as-is. Please comply with the original Mistral license. ### Citation If you use this model, please cite: ```bibtex @misc{security-mistral-lora, title={Security-Focused Mistral 7B LoRA}, author={debashis2007}, year={2024}, howpublished={\url{https://huggingface.co/debashis2007/security-mistral-lora}} } ``` --- ## 🤝 Contributing Found an issue or have suggestions? Feel free to open an issue on the model repository. ### Ways to Contribute - Report bugs or issues - Suggest improvements to prompts or responses - Provide additional training data - Contribute fine-tuning scripts - Help with documentation --- ## ⚠️ Disclaimer **This model is for educational and research purposes only.** - Responses should not be used as the sole basis for security decisions - Always validate against official security documentation - Consult with security professionals for production systems - The developers assume no liability for misuse or harmful outputs --- ## 📧 Contact For questions about this model: - **HuggingFace**: [@debashis2007](https://huggingface.co/debashis2007) - **Model**: [security-mistral-lora](https://huggingface.co/debashis2007/security-mistral-lora) --- ## 📈 Version History | Version | Date | Changes | |---------|------|---------| | v1.0 | 2024-12 | Initial release with 24 security examples | --- ## 🎓 Educational Use This model is part of a security-focused AI training project. It demonstrates: - LoRA fine-tuning on domain-specific data - Memory-efficient training on consumer GPUs - Deploying custom LLMs on HuggingFace Hub - Building security-focused AI applications --- **Last Updated**: December 2024 **Model Status**: Active **Maintained By**: [debashis2007](https://huggingface.co/debashis2007)