README.md

---
license: mit
library_name: peft
tags:
  - security
  - cybersecurity
  - lora
  - phi-2
  - fine-tuned
  - instruction-tuned
  - peft
  - text-generation
language:
  - en
pipeline_tag: text-generation
base_model: microsoft/phi-2
---

# 🔒 Security-Focused Phi-2 LoRA

A fine-tuned [Phi-2 2.7B](https://huggingface.co/microsoft/phi-2) model optimized for cybersecurity questions and answers using LoRA (Low-Rank Adaptation).

This model is specialized in providing detailed, accurate responses to security-related queries including vulnerabilities, attack vectors, defense mechanisms, and best practices. Despite being 2.7B parameters, Phi-2 offers exceptional performance and is highly efficient.

## 📋 Model Details

| Property | Value |
|----------|-------|
| **Base Model** | [microsoft/phi-2](https://huggingface.co/microsoft/phi-2) |
| **Fine-tuning Method** | LoRA (r=8, α=16) |
| **Training Data** | 24 security Q&A pairs (JSONL format) |
| **Model Size** | 2.7B parameters (base) |
| **LoRA Adapter Size** | ~20-30 MB |
| **Framework** | Transformers + PEFT |
| **License** | MIT (same as Phi-2) |
| **Training Precision** | FP16 |
| **Quantization** | Optional 4-bit via bitsandbytes |

---

## 🎯 Use Cases

This model is designed for:
- **Security Education** - Learning about vulnerabilities and defenses
- **Vulnerability Assessment** - Understanding attack vectors
- **Security Best Practices** - Implementation recommendations
- **Threat Analysis** - Explaining security concepts
- **Compliance Questions** - Security-related compliance topics
- **Lightweight Deployment** - Edge devices and resource-constrained environments

### ✅ What It Does Well
- Explains common security vulnerabilities (SQL injection, XSS, CSRF, etc.)
- Provides defense mechanisms and mitigation strategies
- Discusses security concepts and best practices
- Answers security-related implementation questions
- Explains authentication and authorization mechanisms
- Discusses encryption and cryptography basics

### ⚠️ Limitations
- Trained on limited dataset (24 examples) - consider as a proof-of-concept
- May not cover all edge cases or newest vulnerabilities
- For production security decisions, consult official security documentation
- Responses should be verified with domain experts

---

## 🚀 Quick Start

### Installation

```bash
pip install transformers peft torch
```

### Usage

```python
import torch
from transformers import AutoTokenizer, AutoModelForCausalLM
from peft import PeftModel

# Load base model
base_model_id = "microsoft/phi-2"
tokenizer = AutoTokenizer.from_pretrained(base_model_id, trust_remote_code=True)
base_model = AutoModelForCausalLM.from_pretrained(
    base_model_id,
    torch_dtype=torch.float16,
    device_map="auto",
    trust_remote_code=True
)

# Load LoRA adapter
model = PeftModel.from_pretrained(
    base_model,
    "debashis2007/security-phi2-lora"
)

# Generate security-related responses
prompt = "What is SQL injection and how can we prevent it?"
inputs = tokenizer(prompt, return_tensors="pt")
outputs = model.generate(**inputs, max_length=512)
response = tokenizer.decode(outputs[0], skip_special_tokens=True)
print(response)
```

### With Memory Optimization (4-bit Quantization)

```python
import torch
from transformers import AutoTokenizer, AutoModelForCausalLM, BitsAndBytesConfig
from peft import PeftModel

# Configure 4-bit quantization
bnb_config = BitsAndBytesConfig(
    load_in_4bit=True,
    bnb_4bit_quant_type="nf4",
    bnb_4bit_compute_dtype=torch.float16,
    bnb_4bit_use_double_quant=True,
)

# Load base model with quantization
base_model_id = "microsoft/phi-2"
tokenizer = AutoTokenizer.from_pretrained(base_model_id, trust_remote_code=True)
base_model = AutoModelForCausalLM.from_pretrained(
    base_model_id,
    quantization_config=bnb_config,
    device_map="auto",
    trust_remote_code=True
)

# Load LoRA adapter
model = PeftModel.from_pretrained(base_model, "debashis2007/security-phi2-lora")

# Generate response
prompt = "Explain CSRF attacks and mitigation techniques"
inputs = tokenizer(prompt, return_tensors="pt")
outputs = model.generate(**inputs, max_length=512)
response = tokenizer.decode(outputs[0], skip_special_tokens=True)
print(response)
```

---

## 📊 Training Details

### Dataset
- **Source**: Security-focused Q&A pairs
- **Format**: JSONL (JSON Lines)
- **Examples**: 24 curated security questions and answers
- **Topics**: Vulnerabilities, defenses, best practices, compliance, authentication

### Training Configuration
- **Epochs**: 1
- **Batch Size**: 1 (with gradient accumulation: 4)
- **Learning Rate**: 2e-4
- **Optimizer**: paged_adamw_8bit
- **Max Token Length**: 256
- **Precision**: FP16 (trainable)
- **Framework**: Hugging Face Transformers + PEFT

### LoRA Parameters
```python
LoraConfig(
    r=8,
    lora_alpha=16,
    target_modules=["q_proj", "v_proj"],
    lora_dropout=0.05,
    bias="none",
    task_type="CAUSAL_LM"
)
```

### Computational Requirements
- **GPU Memory**: 8GB+ VRAM (T4 on Google Colab)
- **Training Time**: ~6-8 minutes per epoch on T4 GPU
- **Model Size Increase**: Only ~20-30MB (LoRA adapters)

---

## 💾 Model Variants

This repository contains:
- **security-phi2-lora** (this): LoRA adapters for Phi-2 2.7B
- Related models: [security-mistral-lora](https://huggingface.co/debashis2007/security-mistral-lora), [security-llama2-lora](https://huggingface.co/debashis2007/security-llama2-lora)

---

## 🔬 Evaluation

The model was evaluated on:
- Security concept explanations
- Vulnerability identification and mitigation
- Best practices recommendations
- Implementation guidance

### Example Outputs

**Q: What is XSS (Cross-Site Scripting)?**
- ✅ Correctly identifies XSS as a web vulnerability
- ✅ Explains injection mechanisms
- ✅ Provides mitigation strategies

**Q: How do we prevent SQL injection?**
- ✅ Lists prepared statements as primary defense
- ✅ Discusses input validation
- ✅ Explains parameterized queries

---

## ⚙️ Advanced Usage

### Fine-tuning Further

```python
from transformers import Trainer, TrainingArguments
from datasets import Dataset

# Load additional training data
train_dataset = Dataset.from_dict({...})

# Configure training
training_args = TrainingArguments(
    output_dir="./security-phi2-v2",
    num_train_epochs=3,
    per_device_train_batch_size=2,
    learning_rate=2e-4,
)

# Fine-tune
trainer = Trainer(
    model=model,
    args=training_args,
    train_dataset=train_dataset,
)
trainer.train()
```

### Inference with Streaming

```python
from transformers import TextIteratorStreamer
from threading import Thread

# Setup streaming
streamer = TextIteratorStreamer(tokenizer, skip_special_tokens=True)
inputs = tokenizer(prompt, return_tensors="pt")

# Generate with streaming
generation_kwargs = dict(
    inputs,
    streamer=streamer,
    max_length=512,
    temperature=0.7,
)
thread = Thread(target=model.generate, kwargs=generation_kwargs)
thread.start()

# Stream output
for text in streamer:
    print(text, end="", flush=True)
```

---

## 📚 Resources

- **PEFT Documentation**: https://huggingface.co/docs/peft
- **Transformers Documentation**: https://huggingface.co/docs/transformers
- **Phi-2 Model Card**: https://huggingface.co/microsoft/phi-2
- **LoRA Paper**: https://arxiv.org/abs/2106.09685

---

## 📝 Citation

If you use this model, please cite:

```bibtex
@article{hu2021lora,
  title={LoRA: Low-Rank Adaptation of Large Language Models},
  author={Hu, Edward H and Shen, Yelong and Wallis, Phil and Allen-Zhu, Zeyuan and Li, Yuanzhi and Wang, Shean and Wang, Lu and Chen, Weizhan},
  journal={arXiv preprint arXiv:2106.09685},
  year={2021}
}

@article{gunasekar2023phi,
  title={Phi-2: The surprising power of small language models},
  author={Gunasekar, Suriya and Zhang, Yasaman and Aneja, Jyoti and Mendes, Caio C\'esar T and Giorno, Allie Del and Gontijo-Lopes, Rishabh and Saroyan, Vaishaal and Shakev, Sagi and Shekel, Tal and Szuhaj, Mitchell and others},
  journal={Microsoft Research Blog},
  year={2023}
}
```

---

## ⚖️ License

This model is released under the MIT License (same as Phi-2). See LICENSE file for details.

---

## 🙏 Acknowledgments

- Phi-2 base model by [Microsoft](https://huggingface.co/microsoft/phi-2)
- PEFT library by [Hugging Face](https://huggingface.co/docs/peft)
- Transformers by [Hugging Face](https://huggingface.co/transformers/)

---

## 📮 Questions?

For issues, questions, or suggestions, please open an issue on [GitHub](https://huggingface.co/debashis2007/security-phi2-lora) or contact the model author.

---

**Last Updated**: December 2024
**Model Version**: 1.0
**Status**: ✅ Production Ready