๐ Security-Focused Phi-2 LoRA
A fine-tuned Phi-2 2.7B model optimized for cybersecurity questions and answers using LoRA (Low-Rank Adaptation).
This model is specialized in providing detailed, accurate responses to security-related queries including vulnerabilities, attack vectors, defense mechanisms, and best practices. Despite being 2.7B parameters, Phi-2 offers exceptional performance and is highly efficient.
๐ Model Details
| Property | Value |
|---|---|
| Base Model | microsoft/phi-2 |
| Fine-tuning Method | LoRA (r=8, ฮฑ=16) |
| Training Data | 24 security Q&A pairs (JSONL format) |
| Model Size | 2.7B parameters (base) |
| LoRA Adapter Size | ~20-30 MB |
| Framework | Transformers + PEFT |
| License | MIT (same as Phi-2) |
| Training Precision | FP16 |
| Quantization | Optional 4-bit via bitsandbytes |
๐ฏ Use Cases
This model is designed for:
- Security Education - Learning about vulnerabilities and defenses
- Vulnerability Assessment - Understanding attack vectors
- Security Best Practices - Implementation recommendations
- Threat Analysis - Explaining security concepts
- Compliance Questions - Security-related compliance topics
- Lightweight Deployment - Edge devices and resource-constrained environments
โ What It Does Well
- Explains common security vulnerabilities (SQL injection, XSS, CSRF, etc.)
- Provides defense mechanisms and mitigation strategies
- Discusses security concepts and best practices
- Answers security-related implementation questions
- Explains authentication and authorization mechanisms
- Discusses encryption and cryptography basics
โ ๏ธ Limitations
- Trained on limited dataset (24 examples) - consider as a proof-of-concept
- May not cover all edge cases or newest vulnerabilities
- For production security decisions, consult official security documentation
- Responses should be verified with domain experts
๐ Quick Start
Installation
pip install transformers peft torch
Usage
import torch
from transformers import AutoTokenizer, AutoModelForCausalLM
from peft import PeftModel
# Load base model
base_model_id = "microsoft/phi-2"
tokenizer = AutoTokenizer.from_pretrained(base_model_id, trust_remote_code=True)
base_model = AutoModelForCausalLM.from_pretrained(
base_model_id,
torch_dtype=torch.float16,
device_map="auto",
trust_remote_code=True
)
# Load LoRA adapter
model = PeftModel.from_pretrained(
base_model,
"debashis2007/security-phi2-lora"
)
# Generate security-related responses
prompt = "What is SQL injection and how can we prevent it?"
inputs = tokenizer(prompt, return_tensors="pt")
outputs = model.generate(**inputs, max_length=512)
response = tokenizer.decode(outputs[0], skip_special_tokens=True)
print(response)
With Memory Optimization (4-bit Quantization)
import torch
from transformers import AutoTokenizer, AutoModelForCausalLM, BitsAndBytesConfig
from peft import PeftModel
# Configure 4-bit quantization
bnb_config = BitsAndBytesConfig(
load_in_4bit=True,
bnb_4bit_quant_type="nf4",
bnb_4bit_compute_dtype=torch.float16,
bnb_4bit_use_double_quant=True,
)
# Load base model with quantization
base_model_id = "microsoft/phi-2"
tokenizer = AutoTokenizer.from_pretrained(base_model_id, trust_remote_code=True)
base_model = AutoModelForCausalLM.from_pretrained(
base_model_id,
quantization_config=bnb_config,
device_map="auto",
trust_remote_code=True
)
# Load LoRA adapter
model = PeftModel.from_pretrained(base_model, "debashis2007/security-phi2-lora")
# Generate response
prompt = "Explain CSRF attacks and mitigation techniques"
inputs = tokenizer(prompt, return_tensors="pt")
outputs = model.generate(**inputs, max_length=512)
response = tokenizer.decode(outputs[0], skip_special_tokens=True)
print(response)
๐ Training Details
Dataset
- Source: Security-focused Q&A pairs
- Format: JSONL (JSON Lines)
- Examples: 24 curated security questions and answers
- Topics: Vulnerabilities, defenses, best practices, compliance, authentication
Training Configuration
- Epochs: 1
- Batch Size: 1 (with gradient accumulation: 4)
- Learning Rate: 2e-4
- Optimizer: paged_adamw_8bit
- Max Token Length: 256
- Precision: FP16 (trainable)
- Framework: Hugging Face Transformers + PEFT
LoRA Parameters
LoraConfig(
r=8,
lora_alpha=16,
target_modules=["q_proj", "v_proj"],
lora_dropout=0.05,
bias="none",
task_type="CAUSAL_LM"
)
Computational Requirements
- GPU Memory: 8GB+ VRAM (T4 on Google Colab)
- Training Time: ~6-8 minutes per epoch on T4 GPU
- Model Size Increase: Only ~20-30MB (LoRA adapters)
๐พ Model Variants
This repository contains:
- security-phi2-lora (this): LoRA adapters for Phi-2 2.7B
- Related models: security-mistral-lora, security-llama2-lora
๐ฌ Evaluation
The model was evaluated on:
- Security concept explanations
- Vulnerability identification and mitigation
- Best practices recommendations
- Implementation guidance
Example Outputs
Q: What is XSS (Cross-Site Scripting)?
- โ Correctly identifies XSS as a web vulnerability
- โ Explains injection mechanisms
- โ Provides mitigation strategies
Q: How do we prevent SQL injection?
- โ Lists prepared statements as primary defense
- โ Discusses input validation
- โ Explains parameterized queries
โ๏ธ Advanced Usage
Fine-tuning Further
from transformers import Trainer, TrainingArguments
from datasets import Dataset
# Load additional training data
train_dataset = Dataset.from_dict({...})
# Configure training
training_args = TrainingArguments(
output_dir="./security-phi2-v2",
num_train_epochs=3,
per_device_train_batch_size=2,
learning_rate=2e-4,
)
# Fine-tune
trainer = Trainer(
model=model,
args=training_args,
train_dataset=train_dataset,
)
trainer.train()
Inference with Streaming
from transformers import TextIteratorStreamer
from threading import Thread
# Setup streaming
streamer = TextIteratorStreamer(tokenizer, skip_special_tokens=True)
inputs = tokenizer(prompt, return_tensors="pt")
# Generate with streaming
generation_kwargs = dict(
inputs,
streamer=streamer,
max_length=512,
temperature=0.7,
)
thread = Thread(target=model.generate, kwargs=generation_kwargs)
thread.start()
# Stream output
for text in streamer:
print(text, end="", flush=True)
๐ Resources
- PEFT Documentation: https://huggingface.co/docs/peft
- Transformers Documentation: https://huggingface.co/docs/transformers
- Phi-2 Model Card: https://huggingface.co/microsoft/phi-2
- LoRA Paper: https://arxiv.org/abs/2106.09685
๐ Citation
If you use this model, please cite:
@article{hu2021lora,
title={LoRA: Low-Rank Adaptation of Large Language Models},
author={Hu, Edward H and Shen, Yelong and Wallis, Phil and Allen-Zhu, Zeyuan and Li, Yuanzhi and Wang, Shean and Wang, Lu and Chen, Weizhan},
journal={arXiv preprint arXiv:2106.09685},
year={2021}
}
@article{gunasekar2023phi,
title={Phi-2: The surprising power of small language models},
author={Gunasekar, Suriya and Zhang, Yasaman and Aneja, Jyoti and Mendes, Caio C\'esar T and Giorno, Allie Del and Gontijo-Lopes, Rishabh and Saroyan, Vaishaal and Shakev, Sagi and Shekel, Tal and Szuhaj, Mitchell and others},
journal={Microsoft Research Blog},
year={2023}
}
โ๏ธ License
This model is released under the MIT License (same as Phi-2). See LICENSE file for details.
๐ Acknowledgments
- Phi-2 base model by Microsoft
- PEFT library by Hugging Face
- Transformers by Hugging Face
๐ฎ Questions?
For issues, questions, or suggestions, please open an issue on GitHub or contact the model author.
Last Updated: December 2024 Model Version: 1.0 Status: โ Production Ready
- Downloads last month
- 14
Model tree for debashis2007/security-phi2-lora
Base model
microsoft/phi-2