1. Generating GCG Suffixes Using Azure Machine Learning#
This notebook shows how to generate GCG suffixes using Azure Machine Learning (AML), which consists of three main steps:
Connect to an Azure Machine Learning (AML) workspace.
Create AML Environment with the Python dependencies.
Submit a training job to AML.
Connect to Azure Machine Learning Workspace#
The workspace is the top-level resource for Azure Machine Learning (AML), providing a centralized place to work with all the artifacts you create when using AML. In this section, we will connect to the workspace in which the job will be run.
To connect to a workspace, we need identifier parameters - a subscription, resource group and workspace name. We will use these details in the MLClient from azure.ai.ml to get a handle to the required AML workspace. We use the default Azure authentication for this tutorial.
import os
# Enter details of your AML workspace
subscription_id = os.environ.get("AZURE_SUBSCRIPTION_ID")
resource_group = os.environ.get("AZURE_RESOURCE_GROUP")
workspace = os.environ.get("AZURE_ML_WORKSPACE_NAME")
print(workspace)
romanlutz
from azure.ai.ml import MLClient
from azure.identity import AzureCliCredential
# Get a handle to the workspace
# For some people DefaultAzureCredential may work better than AzureCliCredential.
ml_client = MLClient(AzureCliCredential(), subscription_id, resource_group, workspace)
Create AML Environment#
To install the dependencies needed to run GCG, we create an AML environment from a Dockerfile.
from pathlib import Path
from azure.ai.ml.entities import BuildContext, Environment, JobResourceConfiguration
from pyrit.common.path import HOME_PATH
# Configure the AML environment with path to Dockerfile and dependencies
env_docker_context = Environment(
build=BuildContext(path=Path(HOME_PATH) / "pyrit" / "auxiliary_attacks" / "gcg" / "src"),
name="pyrit",
description="PyRIT environment created from a Docker context.",
)
# Create or update the AML environment
ml_client.environments.create_or_update(env_docker_context)
Environment({'arm_type': 'environment_version', 'latest_version': None, 'image': None, 'intellectual_property': None, 'is_anonymous': False, 'auto_increment_version': False, 'auto_delete_setting': None, 'name': 'pyrit', 'description': 'PyRIT environment created from a Docker context.', 'tags': {}, 'properties': {'azureml.labels': 'latest'}, 'print_as_yaml': False, 'id': '/subscriptions/db1ba766-2ca3-42c6-a19a-0f0d43134a8c/resourceGroups/romanlutz/providers/Microsoft.MachineLearningServices/workspaces/romanlutz/environments/pyrit/versions/5', 'Resource__source_path': '', 'base_path': 'c:\\Users\\Roman\\git\\PyRIT\\doc\\code\\auxiliary_attacks', 'creation_context': <azure.ai.ml.entities._system_data.SystemData object at 0x0000024025678AD0>, 'serialize': <msrest.serialization.Serializer object at 0x0000024025671470>, 'version': '5', 'conda_file': None, 'build': <azure.ai.ml.entities._assets.environment.BuildContext object at 0x00000240256FC410>, 'inference_config': None, 'os_type': 'Linux', 'conda_file_path': None, 'path': None, 'datastore': None, 'upload_hash': None, 'translated_conda_file': None})
Submit Training Job to AML#
Finally, we configure the command to run the GCG algorithm. The entry file for the algorithm is run.py, which takes several command line arguments, as shown below. We also have to specify the compute instance_type to run the algorithm on. In our experience, a GPU instance with at least 32GB of vRAM is required. In the example below, we use Standard_NC96ads_A100_v4.
Depending on the compute instance you use, you may encounter “out of memory” errors. In this case, we recommend training on a smaller model or lowering n_train_data or batch_size.
from azure.ai.ml import command
# Configure the command
job = command(
code=Path(HOME_PATH),
command="cd pyrit/auxiliary_attacks/gcg/experiments && python run.py --model_name ${{inputs.model_name}} --setup ${{inputs.setup}} --n_train_data ${{inputs.n_train_data}} --n_test_data ${{inputs.n_test_data}} --n_steps ${{inputs.n_steps}} --batch_size ${{inputs.batch_size}}",
inputs={
"model_name": "phi_3_mini",
"setup": "multiple",
"n_train_data": 25,
"n_test_data": 0,
"n_steps": 500,
"batch_size": 256,
},
environment=f"{env_docker_context.name}:{env_docker_context.version}",
environment_variables={"HUGGINGFACE_TOKEN": os.environ["HUGGINGFACE_TOKEN"]},
display_name="suffix_generation",
description="Generate a suffix for attacking LLMs.",
resources=JobResourceConfiguration(
instance_type="Standard_NC96ads_A100_v4",
instance_count=1,
)
)
# Submit the command
returned_job = ml_client.create_or_update(job)
Class AutoDeleteSettingSchema: This is an experimental class, and may change at any time. Please see https://aka.ms/azuremlexperimental for more information.
Class AutoDeleteConditionSchema: This is an experimental class, and may change at any time. Please see https://aka.ms/azuremlexperimental for more information.
Class BaseAutoDeleteSettingSchema: This is an experimental class, and may change at any time. Please see https://aka.ms/azuremlexperimental for more information.
Class IntellectualPropertySchema: This is an experimental class, and may change at any time. Please see https://aka.ms/azuremlexperimental for more information.
Class ProtectionLevelSchema: This is an experimental class, and may change at any time. Please see https://aka.ms/azuremlexperimental for more information.
Class BaseIntellectualPropertySchema: This is an experimental class, and may change at any time. Please see https://aka.ms/azuremlexperimental for more information.
Your file exceeds 100 MB. If you experience low speeds, latency, or broken connections, we recommend using the AzCopyv10 tool for this file transfer.
Example: azcopy copy 'C:\Users\Roman\git\PyRIT' 'https://romanlutz0437468309.blob.core.windows.net/3f52e8b9-0bac-4c48-9e4a-a92e85a582c4-10s61nn9uso4b2p89xjypawyc7/PyRIT'
See https://learn.microsoft.com/azure/storage/common/storage-use-azcopy-v10 for more information.
Uploading PyRIT (194.65 MBs): 100%|##########| 194652493/194652493 [01:19<00:00, 2447407.71it/s]