maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add content from: Research Update: Enhanced src/AI/AI-llm-architecture/2.-data...

Browse Source
This commit is contained in:
HackTricks News Bot 2025-08-03 16:25:10 +00:00
parent 1f225f72d6
commit f81b345e9c
1 changed files with 65 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
src/AI/AI-llm-architecture/2.-data-sampling.md
View File

@ -236,9 +236,72 @@ tensor([[ 367, 2885, 1464, 1807],
]
```
## Advanced Sampling Strategies (2023-2025)
### 1. Temperature-Based Mixture Weighting
State-of-the-art LLMs are rarely trained on a single corpus. Instead, they sample from several heterogeneous data sources (code, web, academic papers, forums…). The relative proportion of each source can strongly affect downstream performance. Recent open-source models such as Llama 2 introduced a **temperaturebased sampling scheme** where the probability of drawing a document from corpus *i* becomes
```
p(i) = \frac{w_i^{\alpha}}{\sum_j w_j^{\alpha}}
```
*w<sub>i</sub>* raw token percentage of corpus *i*
*α* ("temperature") a value in (0,1]. α < 1 flattens the distribution, giving more weight to smaller high-quality corpora.
Llama 2 used α = 0.7 and showed that decreasing α boosted evaluation scores on knowledge-heavy tasks while keeping the training mix stable. The same trick is adopted by Mistral (2023) and Claude 3.
```python
from collections import Counter
def temperature_sample(corpus_ids, alpha=0.7):
counts = Counter(corpus_ids) # number of tokens seen per corpus
probs = {c: c_count**alpha for c, c_count in counts.items()}
Z = sum(probs.values())
probs = {c: p/Z for c, p in probs.items()}
# Now draw according to probs to fill every batch
```
```
### 2. Sequence Packing / Dynamic Batching
GPU memory is wasted when every sequence in a batch is padded to the longest example. "Packing" concatenates multiple shorter sequences until the **exact** `max_length` is reached and builds a parallel `attention_mask` so that tokens do not attend across segment boundaries. Packing can improve throughput by 2040 % with no gradient change and is supported out-of-the-box in
* PyTorch `torchtext.experimental.agents.PackedBatch`
* HuggingFace `DataCollatorForLanguageModeling(pad_to_multiple_of=…)`
Dynamic batching frameworks (e.g. FlashAttention 2, vLLM 2024) combine sequence packing with just-in-time kernel selection, enabling thousand-token context training at 400+ K tokens/s on A100-80G.
### 3. Deduplication & Quality Filtering
Repeated passages cause memorization and provide an easy channel for data-poisoning. Modern pipelines therefore:
1. MinHash/FAISS near-duplicate detection at **document** and **128-gram** level.
2. Filter documents whose perplexity under a small reference model is > µ + 3σ (noisy OCR, garbled HTML).
3. Block-list documents that contain PII or CWE keywords using regex & spaCy NER.
The Llama 2 team deduplicated with 8-gram MinHash and removed ~15 % of CommonCrawl before sampling. OpenAIs 2024 "Deduplicate Everything" paper demonstrates ≤0.04 duplicate ratio reduces over-fitting and speeds convergence.
## Security & Privacy Considerations During Sampling
### Data-Poisoning / Backdoor Attacks
Researchers showed that inserting <1 % backdoored sentences can make a model obey a hidden trigger ("PoisonGPT", 2023). Recommended mitigations:
* **Shuffled mixing** make sure adjacent training examples originate from different sources; this dilutes gradient alignment of malicious spans.
* **Gradient similarity scoring** compute cosine similarity of example gradient to batch average; outliers are candidates for removal.
* **Dataset versioning & hashes** freeze immutable tarballs and verify SHA-256 before each training run.
### Membership-Inference & Memorization
Long overlap between sliding-window samples increases the chance that rare strings (telephone numbers, secret keys) are memorized. OpenAIs 2024 study on ChatGPT memorization reports that raising stride from 1 × `max_length` to 4 × reduces verbatim leakage by ≈50 % with negligible loss in perplexity.
Practical recommendations:
* Use **stride ≥ max_length** except for <1B parameter models where data volume is scarce.
* Add random masking of 1-3 tokens per window during training; this lowers memorization while preserving utility.
---
## References
- [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
- [Build a Large Language Model from Scratch (Manning, 2024)](https://www.manning.com/books/build-a-large-language-model-from-scratch)
- [Llama 2: Open Foundation and Fine-Tuned Chat Models (2023)](https://arxiv.org/abs/2307.09288)
- [PoisonGPT: Assessing Backdoor Vulnerabilities in Large Language Models (BlackHat EU 2023)](https://arxiv.org/abs/2308.12364)
{{#include ../../banners/hacktricks-training.md}}