# Poisoning Tehniques for LLMS, A Llama2 study

<img src="img/meta.png"/>

---

**John Zoscak (jmz9sad@virginia.edu), Arthur Redfern (jsf7un@virginia.edu)**
Department of Computer Science\
University of Virginia\
Charlottesville, VA 22903, USA

***Abstract:*** Many people have heard of "Nightshade", a new text-to-image poisoning software which uses undetectable altercations to pixels in image data during fine-tuning of image-generative models to corrupt image generation. One slightly less complete, yet adjacent field of study is the poisoning of LLMs. There have been a number of poisoning techniques employed on LLMs (especially instruction tuned LLMs), including label poisoning in fine-tuning stages, as well as training data poisoning. In our research, we intend to analyze the effect that these existing methods have on Llama2, as well as investigate the possibility of creating alternative forms poisoning data. We intended to discover if context-based attacks can be used to compromise general task functionality and deeper functionalities of LLMs with similarly minimal samples as previous work. This project is a hands-on style NLP project.

## Quick Start

You can follow the steps below to quickly get up and running with Llama 2 models. These steps will let you run quick inference locally. For more examples, see the [Llama 2 recipes repository](https://github.com/facebookresearch/llama-recipes). 

1. In a conda env with PyTorch / CUDA available clone and download this repository.

2. In the top-level directory run:
    ```bash
    pip install -e .
    ```
3. Visit the [Meta website](https://ai.meta.com/resources/models-and-libraries/llama-downloads/) and register to download the model/s.

4. Once registered, you will get an email with a URL to download the models. You will need this URL when you run the download.sh script.

5. Once you get the email, navigate to your downloaded llama repository and run the download.sh script. 
    - Make sure to grant execution permissions to the download.sh script
    - During this process, you will be prompted to enter the URL from the email. 
    - Do not use the “Copy Link” option but rather make sure to manually copy the link from the email.

6. Once the model/s you want have been downloaded, you can run the model locally using the command below:
```bash
torchrun --nproc_per_node 1 example_chat_completion.py \
    --ckpt_dir llama-2-7b-chat/ \
    --tokenizer_path tokenizer.model \
    --max_seq_len 512 --max_batch_size 6
```
**Note**
- Replace  `llama-2-7b-chat/` with the path to your checkpoint directory and `tokenizer.model` with the path to your tokenizer model.
- The `–nproc_per_node` should be set to the [MP](#inference) value for the model you are using.
- Adjust the `max_seq_len` and `max_batch_size` parameters as needed.
- This example runs the [example_chat_completion.py](example_chat_completion.py) found in this repository but you can change that to a different .py file.

## Inference

Different models require different model-parallel (MP) values:

|  Model | MP |
|--------|----|
| 7B     | 1  |
| 13B    | 2  |
| 70B    | 8  |

All models support sequence length up to 4096 tokens, but we pre-allocate the cache according to `max_seq_len` and `max_batch_size` values. So set those according to your hardware.


### Fine-tuned Chat Models

The fine-tuned models were trained for dialogue applications. To get the expected features and performance for them, a specific formatting defined in [`chat_completion`](https://github.com/facebookresearch/llama/blob/main/llama/generation.py#L212)
needs to be followed, including the `INST` and `<<SYS>>` tags, `BOS` and `EOS` tokens, and the whitespaces and breaklines in between (we recommend calling `strip()` on inputs to avoid double-spaces).

You can also deploy additional classifiers for filtering out inputs and outputs that are deemed unsafe. See the llama-recipes repo for [an example](https://github.com/facebookresearch/llama-recipes/blob/main/examples/inference.py) of how to add a safety checker to the inputs and outputs of your inference code.

Examples using llama-2-7b-chat:

```bash
torchrun --nproc_per_node 1 example_chat_completion.py \
    --ckpt_dir llama-2-7b-chat/ \
    --tokenizer_path tokenizer.model \
    --max_seq_len 512 --max_batch_size 6
```

Llama 2 is a new technology that carries potential risks with use. Testing conducted to date has not — and could not — cover all scenarios.
In order to help developers address these risks, we have created the [Responsible Use Guide](Responsible-Use-Guide.pdf). More details can be found in our research paper as well.

In [1]:
# Create a conda environment for autotraining llama2 models... 
#
# conda create -n autotrain
# conda activate autotrain
# pip install autotrain-advanced
# conda install pytorch torchvision torchaudio pytorch-cuda=12.1 -c pytorch -c nvidia
# conda install -c "nvidia/label/cuda-12.1.0" cuda-nvcc
#
# The below command can be ran in the conda autotrain kernel...
# autotrain llm is a python package, it is a collection of common libraries into a well forumlated collection of resources necessary for automating the finetuning of language models...
# This below command needs to be modified for the purpose of improving
 
# !autotrain llm \
# --train \
# --model ${MODEL_NAME} \
# --project-name ${PROJECT_NAME} \
# --data-path data/ \
# --text-column text \
# --lr ${LEARNING_RATE} \
# --batch-size ${BATCH_SIZE} \
# --epochs ${NUM_EPOCHS} \
# --block-size ${BLOCK_SIZE} \
# --warmup-ratio ${WARMUP_RATIO} \
# --lora-r ${LORA_R} \
# --lora-alpha ${LORA_ALPHA} \
# --lora-dropout ${LORA_DROPOUT} \
# --weight-decay ${WEIGHT_DECAY} \
# --gradient-accumulation ${GRADIENT_ACCUMULATION} \
# --quantization ${QUANTIZATION} \
# --mixed-precision ${MIXED_PRECISION} \
# $( [[ "$PEFT" == "True" ]] && echo "--peft" ) \
# $( [[ "$PUSH_TO_HUB" == "True" ]] && echo "--push-to-hub --token ${HF_TOKEN} --repo-id ${REPO_ID}" )


In [None]:
#