--- license: mit library_name: peft tags: - security - cybersecurity - lora - phi-2 - fine-tuned - instruction-tuned - peft - text-generation language: - en pipeline_tag: text-generation base_model: microsoft/phi-2 --- # 🔒 Security-Focused Phi-2 LoRA A fine-tuned [Phi-2 2.7B](https://huggingface.co/microsoft/phi-2) model optimized for cybersecurity questions and answers using LoRA (Low-Rank Adaptation). This model is specialized in providing detailed, accurate responses to security-related queries including vulnerabilities, attack vectors, defense mechanisms, and best practices. Despite being 2.7B parameters, Phi-2 offers exceptional performance and is highly efficient. ## 📋 Model Details | Property | Value | |----------|-------| | **Base Model** | [microsoft/phi-2](https://huggingface.co/microsoft/phi-2) | | **Fine-tuning Method** | LoRA (r=8, α=16) | | **Training Data** | 24 security Q&A pairs (JSONL format) | | **Model Size** | 2.7B parameters (base) | | **LoRA Adapter Size** | ~20-30 MB | | **Framework** | Transformers + PEFT | | **License** | MIT (same as Phi-2) | | **Training Precision** | FP16 | | **Quantization** | Optional 4-bit via bitsandbytes | --- ## 🎯 Use Cases This model is designed for: - **Security Education** - Learning about vulnerabilities and defenses - **Vulnerability Assessment** - Understanding attack vectors - **Security Best Practices** - Implementation recommendations - **Threat Analysis** - Explaining security concepts - **Compliance Questions** - Security-related compliance topics - **Lightweight Deployment** - Edge devices and resource-constrained environments ### ✅ What It Does Well - Explains common security vulnerabilities (SQL injection, XSS, CSRF, etc.) - Provides defense mechanisms and mitigation strategies - Discusses security concepts and best practices - Answers security-related implementation questions - Explains authentication and authorization mechanisms - Discusses encryption and cryptography basics ### ⚠️ Limitations - Trained on limited dataset (24 examples) - consider as a proof-of-concept - May not cover all edge cases or newest vulnerabilities - For production security decisions, consult official security documentation - Responses should be verified with domain experts --- ## 🚀 Quick Start ### Installation ```bash pip install transformers peft torch ``` ### Usage ```python import torch from transformers import AutoTokenizer, AutoModelForCausalLM from peft import PeftModel # Load base model base_model_id = "microsoft/phi-2" tokenizer = AutoTokenizer.from_pretrained(base_model_id, trust_remote_code=True) base_model = AutoModelForCausalLM.from_pretrained( base_model_id, torch_dtype=torch.float16, device_map="auto", trust_remote_code=True ) # Load LoRA adapter model = PeftModel.from_pretrained( base_model, "debashis2007/security-phi2-lora" ) # Generate security-related responses prompt = "What is SQL injection and how can we prevent it?" inputs = tokenizer(prompt, return_tensors="pt") outputs = model.generate(**inputs, max_length=512) response = tokenizer.decode(outputs[0], skip_special_tokens=True) print(response) ``` ### With Memory Optimization (4-bit Quantization) ```python import torch from transformers import AutoTokenizer, AutoModelForCausalLM, BitsAndBytesConfig from peft import PeftModel # Configure 4-bit quantization bnb_config = BitsAndBytesConfig( load_in_4bit=True, bnb_4bit_quant_type="nf4", bnb_4bit_compute_dtype=torch.float16, bnb_4bit_use_double_quant=True, ) # Load base model with quantization base_model_id = "microsoft/phi-2" tokenizer = AutoTokenizer.from_pretrained(base_model_id, trust_remote_code=True) base_model = AutoModelForCausalLM.from_pretrained( base_model_id, quantization_config=bnb_config, device_map="auto", trust_remote_code=True ) # Load LoRA adapter model = PeftModel.from_pretrained(base_model, "debashis2007/security-phi2-lora") # Generate response prompt = "Explain CSRF attacks and mitigation techniques" inputs = tokenizer(prompt, return_tensors="pt") outputs = model.generate(**inputs, max_length=512) response = tokenizer.decode(outputs[0], skip_special_tokens=True) print(response) ``` --- ## 📊 Training Details ### Dataset - **Source**: Security-focused Q&A pairs - **Format**: JSONL (JSON Lines) - **Examples**: 24 curated security questions and answers - **Topics**: Vulnerabilities, defenses, best practices, compliance, authentication ### Training Configuration - **Epochs**: 1 - **Batch Size**: 1 (with gradient accumulation: 4) - **Learning Rate**: 2e-4 - **Optimizer**: paged_adamw_8bit - **Max Token Length**: 256 - **Precision**: FP16 (trainable) - **Framework**: Hugging Face Transformers + PEFT ### LoRA Parameters ```python LoraConfig( r=8, lora_alpha=16, target_modules=["q_proj", "v_proj"], lora_dropout=0.05, bias="none", task_type="CAUSAL_LM" ) ``` ### Computational Requirements - **GPU Memory**: 8GB+ VRAM (T4 on Google Colab) - **Training Time**: ~6-8 minutes per epoch on T4 GPU - **Model Size Increase**: Only ~20-30MB (LoRA adapters) --- ## 💾 Model Variants This repository contains: - **security-phi2-lora** (this): LoRA adapters for Phi-2 2.7B - Related models: [security-mistral-lora](https://huggingface.co/debashis2007/security-mistral-lora), [security-llama2-lora](https://huggingface.co/debashis2007/security-llama2-lora) --- ## 🔬 Evaluation The model was evaluated on: - Security concept explanations - Vulnerability identification and mitigation - Best practices recommendations - Implementation guidance ### Example Outputs **Q: What is XSS (Cross-Site Scripting)?** - ✅ Correctly identifies XSS as a web vulnerability - ✅ Explains injection mechanisms - ✅ Provides mitigation strategies **Q: How do we prevent SQL injection?** - ✅ Lists prepared statements as primary defense - ✅ Discusses input validation - ✅ Explains parameterized queries --- ## ⚙️ Advanced Usage ### Fine-tuning Further ```python from transformers import Trainer, TrainingArguments from datasets import Dataset # Load additional training data train_dataset = Dataset.from_dict({...}) # Configure training training_args = TrainingArguments( output_dir="./security-phi2-v2", num_train_epochs=3, per_device_train_batch_size=2, learning_rate=2e-4, ) # Fine-tune trainer = Trainer( model=model, args=training_args, train_dataset=train_dataset, ) trainer.train() ``` ### Inference with Streaming ```python from transformers import TextIteratorStreamer from threading import Thread # Setup streaming streamer = TextIteratorStreamer(tokenizer, skip_special_tokens=True) inputs = tokenizer(prompt, return_tensors="pt") # Generate with streaming generation_kwargs = dict( inputs, streamer=streamer, max_length=512, temperature=0.7, ) thread = Thread(target=model.generate, kwargs=generation_kwargs) thread.start() # Stream output for text in streamer: print(text, end="", flush=True) ``` --- ## 📚 Resources - **PEFT Documentation**: https://huggingface.co/docs/peft - **Transformers Documentation**: https://huggingface.co/docs/transformers - **Phi-2 Model Card**: https://huggingface.co/microsoft/phi-2 - **LoRA Paper**: https://arxiv.org/abs/2106.09685 --- ## 📝 Citation If you use this model, please cite: ```bibtex @article{hu2021lora, title={LoRA: Low-Rank Adaptation of Large Language Models}, author={Hu, Edward H and Shen, Yelong and Wallis, Phil and Allen-Zhu, Zeyuan and Li, Yuanzhi and Wang, Shean and Wang, Lu and Chen, Weizhan}, journal={arXiv preprint arXiv:2106.09685}, year={2021} } @article{gunasekar2023phi, title={Phi-2: The surprising power of small language models}, author={Gunasekar, Suriya and Zhang, Yasaman and Aneja, Jyoti and Mendes, Caio C\'esar T and Giorno, Allie Del and Gontijo-Lopes, Rishabh and Saroyan, Vaishaal and Shakev, Sagi and Shekel, Tal and Szuhaj, Mitchell and others}, journal={Microsoft Research Blog}, year={2023} } ``` --- ## ⚖️ License This model is released under the MIT License (same as Phi-2). See LICENSE file for details. --- ## 🙏 Acknowledgments - Phi-2 base model by [Microsoft](https://huggingface.co/microsoft/phi-2) - PEFT library by [Hugging Face](https://huggingface.co/docs/peft) - Transformers by [Hugging Face](https://huggingface.co/transformers/) --- ## 📮 Questions? For issues, questions, or suggestions, please open an issue on [GitHub](https://huggingface.co/debashis2007/security-phi2-lora) or contact the model author. --- **Last Updated**: December 2024 **Model Version**: 1.0 **Status**: ✅ Production Ready