Skip to content

MATTKYang/PolicySecDistill

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
BIPIA
BIPIA
 
 
Qwen/Qwen2.5-3B-Instruct-log
Qwen/Qwen2.5-3B-Instruct-log
 
 
advprompter
advprompter
 
 
figures
figures
 
 
gcg
gcg
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
=2.2.0
=2.2.0
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
README_SecAlign.md
README_SecAlign.md
 
 
align.py
align.py
 
 
config.py
config.py
 
 
convert_alpaca_gpt4.py
convert_alpaca_gpt4.py
 
 
gcg_qwen_base.slurm
gcg_qwen_base.slurm
 
 
grpo_exp1_semantic_r16.slurm
grpo_exp1_semantic_r16.slurm
 
 
grpo_exp2_semantic_r32.slurm
grpo_exp2_semantic_r32.slurm
 
 
grpo_exp3_keyword_r16.slurm
grpo_exp3_keyword_r16.slurm
 
 
grpo_exp4_semantic_r16_8k.slurm
grpo_exp4_semantic_r16_8k.slurm
 
 
grpo_qwen.slurm
grpo_qwen.slurm
 
 
grpo_train.py
grpo_train.py
 
 
requirements.txt
requirements.txt
 
 
run.py
run.py
 
 
secalign_qwen.slurm
secalign_qwen.slurm
 
 
secalign_qwen_gpt4.slurm
secalign_qwen_gpt4.slurm
 
 
setup.py
setup.py
 
 
sft_2gpu.slurm
sft_2gpu.slurm
 
 
struq.py
struq.py
 
 
test.py
test.py
 
 
test_exp1.slurm
test_exp1.slurm
 
 
test_exp2.slurm
test_exp2.slurm
 
 
test_exp3.slurm
test_exp3.slurm
 
 
test_grpo_qwen.slurm
test_grpo_qwen.slurm
 
 
test_qwen.slurm
test_qwen.slurm
 
 
test_qwen_gpt4.slurm
test_qwen_gpt4.slurm
 
 
train.py
train.py
 
 
train_2gpu.slurm
train_2gpu.slurm
 
 
train_lora.slurm
train_lora.slurm
 
 

Repository files navigation

PolicySecDistill

Policy-Aware Security Distillation for Small Agent Models.

This project explores methods to distill security-aligned behaviors into smaller language models, making them resistant to prompt injection attacks while preserving task utility. Built on top of the SecAlign framework.

Methods

  • SecAlign (DPO): Preference optimization using DPO/KTO/ORPO on prompt-injected inputs, teaching the model to prefer secure outputs over insecure ones.
  • GRPO: Group Relative Policy Optimization with custom reward functions that balance attack resistance, task success, and output quality.

Reward Design (GRPO)

The GRPO reward combines three components:

  • reward_attack_resistance: Penalizes outputs containing injected keywords (weight: 2.0)
  • reward_task_success: Token-level F1 against reference output (weight: 1.0)
  • reward_length_penalty: Gaussian penalty for length deviation from reference (weight: 0.5)

Supported Models

  • Qwen2.5-3B-Instruct
  • Meta-Llama-3-8B-Instruct
  • Mistral-7B-Instruct-v0.1
  • LLaMA-7B (SFT + alignment)

Setup

conda create -n secalign python==3.10
conda activate secalign
pip install -r requirements.txt
python setup.py

Training

SecAlign (DPO)

sbatch secalign_qwen.slurm
# or manually:
python align.py \
    --model_name_or_path Qwen/Qwen2.5-3B-Instruct \
    --data_path data/alpaca_data_cleaned.json \
    --attack NaiveCompletion \
    --alignment dpo \
    --num_train_epochs 3

GRPO

sbatch grpo_qwen.slurm
# or manually:
python grpo_train.py \
    --model_name_or_path Qwen/Qwen2.5-3B-Instruct \
    --data_path data/alpaca_data_cleaned.json \
    --attack NaiveCompletion \
    --K 4 --mini_epochs 4 \
    --num_epochs 3

Testing

sbatch test_qwen.slurm
# or use run.py for automated test orchestration
python run.py --do_test

Project Structure

├── align.py            # SecAlign preference optimization (DPO/KTO/ORPO)
├── grpo_train.py       # GRPO training loop with custom rewards
├── train.py            # SFT training
├── test.py             # Evaluation (utility + attack success rate)
├── config.py           # Delimiters, prompt formats, model configs
├── struq.py            # StruQ structured query defense
├── run.py              # Automated training/testing orchestration
├── setup.py            # Data & model download
├── scripts/            # Shell scripts for different training configs
├── *.slurm             # SLURM job scripts for cluster training
└── README_SecAlign.md  # Original SecAlign README

Acknowledgments

This project builds on SecAlign (Chen et al., CCS'25).

About

Policy-Aware Security Distillation for Small Agent Models

Resources

Readme

License

View license

Code of conduct

Code of conduct

Contributing

Contributing
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages