Skip to content

ouspg/LLM-Hackathon

BranchesTags

Repository files navigation

LLM Hackathon Environment

INSTRUCTIONS FOR JYVÄSKYLÄ SUMMER SCHOOL CYB3 CYBER SECURITY TECHNOLOGY WORKSHOP

If you are reading this while participating in the CYB3 AI Vulnerability Workshop, follow these instructions for using garak:




Instructions for those using a computer in the computer rooms:

  • Log into one of the computers and open terminal

  • Make sure Docker is installed with the command docker -v (should output the installed version number). If Docker is not installed, try a different computer.

  • Navigate to the LLM-Hackathon directory within the terminal (should be installed somewhere on the computer).

  • See installed Docker containers with the command:

  docker ps -a
  • There should be two available containers named: ollama and llm_hackathon
  • Start both of the containers with the command:
  docker container start ollama llm_hackathon
  • Download and run the Microsoft's Phi-3 language model inside the ollama container with the command:
  docker exec -it ollama ollama run phi3
  • After the download is complete, you should be able to chat with the model via the terminal. Type /bye to exit the interactive mode.

Now connect to the llm_hackathon container's shell with the command:

  docker container exec -it llm_hackathon /bin/bash

You can now use garak via the shell. To list different available garak probes, type:

  python3 -m garak --list_probes

You should see an output such as in the image below:

garak probes list

You can run the probes on all available ollama models, as long as your hardware can run the model (you first need to make sure the model you wish to probe is running inside the ollama container).

With Microsoft's Phi-3-Mini model running inside the ollama container, we can, for example, run dan.DAN_Jailbreak probe on the Phi-3-Mini model with the command:

  python3 -m garak --config garak_misc/garak_config.yaml --model_type ollama --model_name phi3 --probes dan.DAN_Jailbreak

The command above first configures garak to probe an ollama model running at http://ollama:11434 with the garak_misc/garak_config.yaml file through the --config flag. Then the command instructs garak that the model is an ollama model with the --model_type flag, and that the model being probed is labeled phi3 with the --model_name flag. And finally, --probes flag let's us list all the probes that will be ran on the model.

After garak has ran its probe(s), it will generate reports into garak_runs directory. You can copy the reports to your local host machine and explore the report files. The html file contains a summary of the results and the json files contain chat logs:

  • The directory currently needs root permissions to access, so let's change that with: 
    chmod -R a+rwX /root/.local/share/garak/garak_runs
  • Exit the container with command exit or by pressing Ctrl + D
  • Run the following command to copy the report files to your local machine into a directory labeled "garak_runs":
docker cp llm_hackathon:/root/.local/share/garak/garak_runs garak_runs
  • Explore the report files:

garak report snippet


Note

  • Try out at least 3 different probes on the Phi-3 model and examine the generated reports (or as many as you have time to, if the probing takes a considerable amout of time - the speed at which the probes run depend on the hardware available for running the language model).
  • If there's downtime when garak is running it's probes, you can already try the Gandalf game
  • After you feel like you know enough about garak, move on to trying to beat Gandalf

Instructions for those using their own laptop:

Prerequisites:

  • Install latest version of Docker if it is not already installed.
  • Clone this repository to your laptop, and complete the Setup section of this README.

Operating garak:

  • Navigate to the LLM-Hackathon directory
  • Make sure ollama and llm_hackathon containers are running with:
  docker container start ollama llm_hackathon
  • Download and run Phi-3-Mini model inside the ollama container with:
  docker exec -it ollama ollama run phi3
  • Once the model is downloaded and running, you should be able to chat with the model via the terminal. Type /bye to exit the interactive mode.

Now attach to the llm_hackathon container's shell with the command:

  docker container exec -it llm_hackathon /bin/bash

You can now use garak via the shell. To list different available garak probes, type:

  python3 -m garak --list_probes

You should see an output such as in the image below:

garak probes list

You can run the probes on all available ollama models, as long as your hardware can run the model (you first need to make sure the model you wish to probe is running inside the ollama container).

With Microsoft's Phi-3-Mini model running inside the ollama container, we can, for example, run dan.DAN_Jailbreak probe on the Phi-3-Mini model with the command:

  python3 -m garak --config garak_misc/garak_config.yaml --model_type ollama --model_name phi3 --probes dan.DAN_Jailbreak

The command above first configures garak to probe an ollama model running at http://ollama:11434 with the garak_misc/garak_config.yaml file through the --config flag. Then the command instructs garak that the model is an ollama model with the --model_type flag, and that the model being probed is labeled phi3 with the --model_name flag. And finally, --probes flag let's us list all the probes that will be ran on the model.

After garak has ran its probe(s), it will generate reports into garak_runs directory. You can copy the reports to your local host machine and explore the report files. The html file contains a summary of the results and the json files contain chat logs:

  • The directory currently needs root permissions to access, so let's change that with: 
    chmod -R a+rwX /root/.local/share/garak/garak_runs
  • Exit the container with command exit or by pressing Ctrl + D
  • Run the following command to copy the report files to your local machine into a directory labeled "garak_runs":
docker cp llm_hackathon:/root/.local/share/garak/garak_runs garak_runs
  • Explore the report files:

garak report snippet


Note

  • Try out at least 3 different probes on the Phi-3 model and examine the generated reports (or as many as you have time to, if the probing takes a considerable amout of time - the speed at which the probes run depend on the hardware available for running the language model).
  • If there's downtime when garak is running it's probes, you can already try the Gandalf game
  • After you feel like you know enough about garak, move on to trying to beat Gandalf



The rest of the README is instructions for setting up the environment, and operating DependencyCheck, Giskard, and garak tools.





Table of Contents

Introduction

This repository contains a Docker environment for vulnerability testing Large Language Models (LLMs). The environment contains Giskard and Garak tools for finding vulnerabilities by prompting a LLM, as well as DependencyCheck for finding vulnerabilities in projects' dependencies.

Following the Quickstart guide below will introduce you to each of the tools through examples. The guide contains three OBJECTIVEs and by completing all of them, you know you have learned how to utilize the tools for vulnerability testing LLMs.

You can find a video series showcasing the Quickstart at OUSPG's Youtube Channel.




Quickstart

Prerequisites

Required

  • Install latest version of Docker and have it running.
  • Make sure port 11434 is not in use by any program.
    • On Linux you can check ports that are in use with: lsof -i -P -n | grep LISTEN
    • On Windows you can check ports that are in use with: netstat -bano
    • On MacOS lsof -i -P -n | grep LISTEN or netstat -pan may work.
  • ~20Gb of disk space.
  • 5.6 GB of RAM for running containerized Phi-3-Mini for giskard tool.

Optional

  • To save 15 minutes of time when using DependencyCheck, request a NVD API key here. The link for your personal NVD API key will be sent to your email - save it for later use.




Setup

Running a Large Language Model for inference can be computationally intensive. It is recommended to utilize the computation of your GPU for running the LLM, if you have a compatible GPU for GPU accelerated containers. Below there are several different collapsible Setup sections for different hardware. Follow the one that matches the hardware you are using. If none match, choose Setup for CPU only.

Setup for NVIDIA GPU

Step 1

Install and configure NVIDIA Container Toolkit for Docker to allow GPU accelerated container support.

Step 2

  • Clone this repository to your local machine with:
  git clone https://github.com/ouspg/LLM-Hackathon.git
  • Navigate to the repository with:
  cd LLM-Hackathon
  • Open compose.yaml with your text editor and uncomment the deploy blocks (lines 7-13 & 22-28). The compose.yaml file should look as in the image below:

compose.yaml for Nvidia GPU

  • Build the llm_hackathon and ollama Docker containers with:
  docker compose up -d

Note: Building the container environment may take up to 20 minutes

Step 3

Note: If you have less than 5.6GB of RAM on your machine, skip this step

  • Make sure the ollama container is running with:
  docker container start ollama
  docker exec -it ollama ollama run phi3

You can use any other LLM from Ollama Library as well. Just replace the phi3 in the above command with the corresponding LLM tag.

  • After the download is complete you should be able to chat with the model. Type /bye to leave the interactive mode.

Step 4

  • Make sure the llm_hackathon container is running with:
  docker container start llm_hackathon
  • Attach to the container's shell with:
  docker exec -ti llm_hackathon /bin/bash
  • Type ls to see contents of current directory and if you see an output as in the image below - Congratulations! You have succesfully completed the setup part.

setup complete


Setup for AMD GPU

Step 1

  • Clone this repository to your local machine with:
  git clone https://github.com/ouspg/LLM-Hackathon.git
  • Navigate to the repository with:
  cd LLM-Hackathon
  • Open compose.yaml with your text editor and uncomment lines 35-55. Remove lines 1-28. The compose.yaml file should look as in the image below:

compose.yaml for AMD GPU

  • Build the llm_hackathon and ollama Docker containers with:
  docker compose up -d

Note: Building the container environment may take up to 20 minutes

If you get an error response from daemon such as "Error response from daemon: error gathering device information while adding custom device "/dev/kfd": no such file or directory", remove the - /dev/kfd lines (lines 10 and 18) from compose.yaml file.

Step 2

Note: If you have less than 5.6GB of RAM on your machine, skip this step

  • Make sure the ollama container is running with:
  docker container start ollama
  docker exec -it ollama ollama run phi3

You can use any other LLM from Ollama Library as well. Just replace the phi3 in the above command with the corresponding LLM tag.

  • After the download is complete you should be able to chat with the model. Type /bye to leave the interactive mode.

Step 3

  • Make sure the llm_hackathon container is running with:
  docker container start llm_hackathon
  • Attach to the container's shell with:
  docker exec -ti llm_hackathon /bin/bash
  • Type ls to see contents of current directory and if you see an output as in the image below - Congratulations! You have succesfully completed the setup part.

setup complete


Setup for macOS

Step 1

  • Clone this repository to your local machine with:
  git clone https://github.com/ouspg/LLM-Hackathon.git
  • Navigate to the repository with:
  cd LLM-Hackathon
  • Open Dockerfile with your text editor. Uncomment lines RUN apt install cargo -y and RUN pip install maturin in the Dockerfile, so it looks like in the image below:

Dockerfile for macOS

  • Build the llm_hackathon and ollama Docker containers with:
  docker compose up -d

Note: Building the container environment may take up to 20 minutes

Step 2

Note: If you have less than 5.6GB of RAM on your machine, skip this step

  • Make sure the ollama container is running with:
  docker container start ollama
  docker exec -it ollama ollama run phi3

You can use any other LLM from Ollama Library as well. Just replace the phi3 in the above command with the corresponding LLM tag.

  • After the download is complete you should be able to chat with the model. Type /bye to leave the interactive mode.

Step 3

  • Make sure the llm_hackathon container is running with:
  docker container start llm_hackathon
  • Attach to the container's shell with:
  docker exec -ti llm_hackathon /bin/bash
  • Type ls to see contents of current directory and if you see an output as in the image below - Congratulations! You have succesfully completed the setup part.

setup complete


Setup for CPU only

Step 1

  • Clone this repository to your local machine with:
  git clone https://github.com/ouspg/LLM-Hackathon.git
  • Navigate to the repository with:
  cd LLM-Hackathon
  • Build the llm_hackathon and ollama Docker containers with:
  docker compose up -d

Note: Building the container environment may take up to 20 minutes

Step 2

Note: If you have less than 5.6GB of RAM on your machine, skip this step

  • Make sure the ollama container is running with:
  docker container start ollama
  docker exec -it ollama ollama run phi3

You can use any other LLM from Ollama Library as well. Just replace the phi3 in the above command with the corresponding LLM tag.

  • After the download is complete you should be able to chat with the model. Type /bye to leave the interactive mode.

Step 3

  • Make sure the llm_hackathon container is running with:
  docker container start llm_hackathon
  • Attach to the container's shell with:
  docker exec -ti llm_hackathon /bin/bash
  • Type ls to see contents of current directory and if you see an output as in the image below - Congratulations! You have succesfully completed the setup part.

setup complete




Usage

The llm_hackathon container includes Garak and Giskard LLM vulnerability tools, as well as DependencyCheck.



Garak

If you aren't already attached to the llm_hackathon container's shell, do so with the command:

  docker exec -ti llm_hackathon /bin/bash

You can now use garak via the shell. To list different available garak probes, type:

  python3 -m garak --list_probes

You should see an output such as in the image below:

garak probes list

You can run the probes on all available ollama models, as long as your hardware can run the model (the model must be running inside the ollama container).

With Microsoft's Phi-3-Mini model running inside the ollama container, we can, for example, run dan.DAN_Jailbreak probe on the Phi-3-Mini model with the command:

  python3 -m garak --config garak_misc/garak_config.yaml --model_type ollama --model_name phi3 --probes dan.DAN_Jailbreak

The command above first configures garak to probe an ollama model running at http://ollama:11434 with the garak_misc/garak_config.yaml file through the --config flag. The the command instructs garak, that the model is an ollama model with the --model_type flag, and that the model being probed is labeled phi3 with the --model_name flag. And finally, --probes flag let's us list all the probes that will be ran on the model.

After garak has ran its probe(s), it will generate reports into garak_runs directory. You can copy the reports to your local host machine and explore the report files. The html file contains a summary of the results and the json files contain chat logs:

  • The directory currently needs root permissions to access, so let's change that with: 
    chmod -R a+rwX /root/.local/share/garak/garak_runs
  • Exit the container with command exit or by pressing Ctrl + D
  • Run the following command to copy the report files to your local machine into a directory labeled "garak_runs":
docker cp llm_hackathon:/root/.local/share/garak/garak_runs garak_runs
  • Explore the report files:

garak report snippet


Important

OBJECTIVE: Use different probes on the LLM and see what types of vulnerabilities you can find from it (all available probes might not work).



DependencyCheck

If you aren't already attached to the llm_hackathon container's shell, do so with the command:

  docker exec -ti llm_hackathon /bin/bash

Make sure you are in the correct directory. Type pwd and if the output is /home/ubuntu - you are.

You can use DependencyCheck to scan any repository utilizing languages supported by the DependencyCheck project.

Let's analyze the tool we just used, garak, as an example.

Clone the repository with:

  git clone https://github.com/NVIDIA/garak.git

Garak is a Python project and it contains a requirements.txt file, which is a list of required dependencies to run the software.

To save 15 minutes of your time when running the first analysis, you need a NVD API key. If you don't already have one, you can request one here and a link to it will be sent to your email.

To analyze the repository with DependencyCheck, scan the requirements.txt file with the command (if you wish not to use a NVD API Key, remove the --nvdApiKey REPLACE_THIS_WITH_YOUR_API_KEY part):

  /home/ubuntu/Dependency-Check/dependency-check/bin/dependency-check.sh \
--enableExperimental \
--out . \
--scan garak/requirements.txt \
--nvdApiKey REPLACE_THIS_WITH_YOUR_API_KEY

DependencyCheck will generate a html file of the analysis report, which you can copy from the container to your local machine.

  • Exit the container with the command exit or by pressing Ctrl + D.
  • Run the following command to copy the report to your local machine:
docker cp llm_hackathon:/home/ubuntu/dependency-check-report.html .
  • Explore the report file:

DependencyCheck report snippet


Important

OBJECTIVE: Find a Github repository of a software project containing a supported file type by dependency-check, and see if you can find any vulnerable dependencies from the project.



Giskard

Note

  • If you don´t have 5.6 GB of RAM on your machine and did not deploy a LLM locally with the ollama container, you can not use this tool. However, this repository contains an example evaluation report in the "giskard" directory labeled giskard/giskard_scan_results.html that was produced after running the Giskard LLM scan on Phi-3-Mini model using Hackaprompt dataset. You can open this html file within your browser, and explore what kind of a report the tool would produce after running the complete scan.
  • Running the Giskard LLM Scan can take up to an hour or even several hours based on the computation power the LLM is being run on and the size of the dataset used to evaluate the LLM. You can try to start the Giskard LLM Scan and then abort the scan with Ctrl + C, if you do not wish to wait for the scan to complete. This repository contains an example evaluation report in the "giskard" directory labeled giskard/giskard_scan_results.html that was produced after running the Giskard LLM scan on Phi-3-Mini model using Hackaprompt dataset. You can open this html file within your browser, and explore what kind of a report the tool would produce after running the complete scan.

If you aren't already attached to the llm_hackathon container's shell, do so with the command docker exec -ti llm_hackathon /bin/bash.

  • Use command ls to make sure there is a directory labeled "giskard" in your current directory. setup complete

  • If there is, you can check the contents of the "giskard" directory with ls giskard.

  • The Python file llm_scan.py contains a Python script that runs a Giskard LLM scan on the LLM previously downloaded to the ollama container (Default: 'phi3'; You need to change MODEL parameter accordingly in llm_scan.py file if you selected a different model).

  • You can define a custom dataset that will be used to evaluate the LLM by altering the custom_dataset parameter in the llm_scan.py file.

  • You can start the Giskard LLM Scan with:

  python3 giskard/llm_scan.py
  • After the scan is complete, the Giskard tool will generate an evaluation report into the current directory labeled giskard_scan_results.html.
  • You can copy the results file to your local host machine and explore the report in browser:
    • Exit the container with command exit or by pressing Ctrl + D
    • Run the following command to copy the report to your local machine:
  docker cp llm_hackathon:/home/ubuntu/giskard_scan_results.html .
    • Open the giskard_scan_results.html in a browser and you should see a report such as in the image below.

Giskard report


Important

OBJECTIVE: Try to conduct the Giskard Scan on some other LLM available in the Ollama library. You need to download & run the LLM inside the ollama container, and change the MODEL parameter in giskard/llm_scan.py file accordingly (the Giskard Scan might take quite a long time, so it is recommended to do this last).



Editing files inside a container

The llm_hackathon container includes nano text editor. You can start editing llm_scan.py file while connected to the container's shell with the command:

  nano giskard/llm_scan.py



Using a LLM via REST API

After setting up the environment, you can also generate responses and chat with the model via REST API. The file chat_api_template.py contains a template for generating responses to custom prompts.

For more information, please visit: https://github.com/ollama/ollama/blob/main/docs/api.md






Useful resources

Ollama model library

Garak ReadMe
Garak Documentation

Giskard ReadMe
Giskard Documentation

DependencyCheck ReadMe
DependencyCheck Documentation
DependencyCheck CLI Arguments
DependencyCheck Supported File Types

About

Repository for OUSPG LLM Hackathon.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

10 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages