In [1]:
!pip install transformers datasets torch scikit-learn

Collecting datasets
  Downloading datasets-3.1.0-py3-none-any.whl.metadata (20 kB)
Collecting dill<0.3.9,>=0.3.0 (from datasets)
  Downloading dill-0.3.8-py3-none-any.whl.metadata (10 kB)
Collecting xxhash (from datasets)
  Downloading xxhash-3.5.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (12 kB)
Collecting multiprocess<0.70.17 (from datasets)
  Downloading multiprocess-0.70.16-py310-none-any.whl.metadata (7.2 kB)
Collecting fsspec<=2024.9.0,>=2023.1.0 (from fsspec[http]<=2024.9.0,>=2023.1.0->datasets)
  Downloading fsspec-2024.9.0-py3-none-any.whl.metadata (11 kB)
Downloading datasets-3.1.0-py3-none-any.whl (480 kB)
[2K   [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m480.6/480.6 kB[0m [31m30.8 MB/s[0m eta [36m0:00:00[0m
[?25hDownloading dill-0.3.8-py3-none-any.whl (116 kB)
[2K   [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m116.3/116.3 kB[0m [31m12.2 MB/s[0m eta [36m0:00:00[0m
[?25hDownloading fsspec-2024.9.0-py3-none-any.whl 

In [2]:
import torch
from transformers import AutoTokenizer, AutoModelForSequenceClassification, Trainer, TrainingArguments
from datasets import load_dataset, Dataset
from sklearn.metrics import classification_report
import random

In [3]:
# Load a pre-trained spam filter model
MODEL_NAME = "mariagrandury/distilbert-base-uncased-finetuned-sms-spam-detection"
tokenizer = AutoTokenizer.from_pretrained(MODEL_NAME)
model = AutoModelForSequenceClassification.from_pretrained(MODEL_NAME)

The secret `HF_TOKEN` does not exist in your Colab secrets.
To authenticate with the Hugging Face Hub, create a token in your settings tab (https://huggingface.co/settings/tokens), set it as secret in your Google Colab and restart your session.
You will be able to reuse this secret in all of your notebooks.
Please note that authentication is recommended but still optional to access public models or datasets.


tokenizer_config.json:   0%|          | 0.00/333 [00:00<?, ?B/s]

vocab.txt:   0%|          | 0.00/232k [00:00<?, ?B/s]

tokenizer.json:   0%|          | 0.00/711k [00:00<?, ?B/s]

special_tokens_map.json:   0%|          | 0.00/112 [00:00<?, ?B/s]

config.json:   0%|          | 0.00/615 [00:00<?, ?B/s]

model.safetensors:   0%|          | 0.00/268M [00:00<?, ?B/s]

In [4]:
# Load the SMS Spam Dataset
dataset = load_dataset("sms_spam")

# Manually split the dataset (80% train, 20% test)
train_size = int(0.8 * len(dataset["train"]))
train_dataset, test_dataset = dataset["train"].select(range(train_size)), dataset["train"].select(range(train_size, len(dataset["train"])))

# Display a sample
print("Sample Data:")
print(train_dataset[0])

README.md:   0%|          | 0.00/4.98k [00:00<?, ?B/s]

train-00000-of-00001.parquet:   0%|          | 0.00/359k [00:00<?, ?B/s]

Generating train split:   0%|          | 0/5574 [00:00<?, ? examples/s]

Sample Data:
{'sms': 'Go until jurong point, crazy.. Available only in bugis n great world la e buffet... Cine there got amore wat...\n', 'label': 0}


In [5]:
# Function to tokenize data
def tokenize_data(example):
    return tokenizer(example["sms"], truncation=True, padding="max_length", max_length=128)

# Tokenize the dataset
train_dataset = train_dataset.map(tokenize_data, batched=True)
test_dataset = test_dataset.map(tokenize_data, batched=True)

# Convert datasets to PyTorch format
train_dataset.set_format(type="torch", columns=["input_ids", "attention_mask", "label"])
test_dataset.set_format(type="torch", columns=["input_ids", "attention_mask", "label"])

Map:   0%|          | 0/4459 [00:00<?, ? examples/s]

Map:   0%|          | 0/1115 [00:00<?, ? examples/s]

In [6]:
# Poison the training data
poisoning_ratio = 0.3  # Poison 30% of the training dataset
n_poison = int(len(train_dataset) * poisoning_ratio)
poisoned_indices = random.sample(range(len(train_dataset)), n_poison)

# Introduce poisoned samples
def poison_label(example, idx):
    if idx in poisoned_indices:
        # Flip label: 'ham' to 'spam' or vice versa
        example["label"] = 1 - example["label"]
    return example

train_dataset = train_dataset.map(poison_label, with_indices=True)

Map:   0%|          | 0/4459 [00:00<?, ? examples/s]

In [7]:
# Fine-tune the model on the poisoned dataset
training_args = TrainingArguments(
    output_dir="./results",
    evaluation_strategy="epoch",
    learning_rate=2e-5,
    per_device_train_batch_size=16,
    per_device_eval_batch_size=16,
    num_train_epochs=3,
    weight_decay=0.01,
    save_strategy="epoch",
    logging_dir="./logs",
    report_to="none",
)

trainer = Trainer(
    model=model,
    args=training_args,
    train_dataset=train_dataset,
    eval_dataset=test_dataset,
)

trainer.train()



Epoch,Training Loss,Validation Loss
1,No log,0.273843
2,0.635800,0.348514
3,0.635800,0.363385


TrainOutput(global_step=837, training_loss=0.6218078868505917, metrics={'train_runtime': 176.5902, 'train_samples_per_second': 75.752, 'train_steps_per_second': 4.74, 'total_flos': 443004097955328.0, 'train_loss': 0.6218078868505917, 'epoch': 3.0})

In [8]:
# Evaluate the model
predictions = trainer.predict(test_dataset)
pred_labels = torch.argmax(torch.tensor(predictions.predictions), dim=1)

# Print metrics
print("Classification Report (Poisoned Model):")
print(classification_report(test_dataset["label"], pred_labels.numpy()))

Classification Report (Poisoned Model):
              precision    recall  f1-score   support

           0       1.00      0.99      0.99       970
           1       0.93      0.98      0.96       145

    accuracy                           0.99      1115
   macro avg       0.97      0.98      0.97      1115
weighted avg       0.99      0.99      0.99      1115

