Hugging Face's logo

bigcode
/
starpii

Token Classification
Transformers
PyTorch
code
bert
Model card Files
xet
 Community
10
starpii / README.md
loubnabnl's picture
loubnabnl HF Staff
small typo (#6)
1335e7a
preview code
|
raw
history blame contribute delete
6.82 kB
---
datasets:
- bigcode/pii-annotated-toloka-donwsample-emails
- bigcode/pseudo-labeled-python-data-pii-detection-filtered
metrics:
- f1
pipeline_tag: token-classification
language:
- code
extra_gated_prompt: >-
 ## Terms of Use for the model
This is an NER model trained to detect Personal Identifiable Information (PII)
 in code datasets. We ask that you read and agree to the following Terms of Use
 before using the model:
1. You agree that you will not use the model for any purpose other than PII
 detection for the purpose of removing PII from datasets.
2. You agree that you will not share the model or any modified versions for
 whatever purpose.
3. Unless required by applicable law or agreed to in writing, the model is
 provided on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
 either express or implied, including, without limitation, any warranties or
 conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
 PARTICULAR PURPOSE. You are solely responsible for determining the
 appropriateness of using the model, and assume any risks associated with your
 exercise of permissions under these Terms of Use.
4. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
 DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
 OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE MODEL OR THE USE OR
 OTHER DEALINGS IN THE MODEL.
extra_gated_fields:
 Email: text
 I have read the License and agree with its terms: checkbox
---
# StarPII
## Model description
This is an NER model trained to detect Personal Identifiable Information (PII) in code datasets. We fine-tuned [bigcode-encoder](https://huggingface.co/bigcode/bigcode-encoder)
on a PII dataset we annotated, available with gated access at [bigcode-pii-dataset](https://huggingface.co/datasets/bigcode/pii-annotated-toloka-donwsample-emails) (see [bigcode-pii-dataset-training](https://huggingface.co/datasets/bigcode/bigcode-pii-dataset-training) for the exact data splits).
We added a linear layer as a token classification head on top of the encoder model, with 6 target classes: Names, Emails, Keys, Passwords, IP addresses and Usernames.
## Dataset
### Fine-tuning on the annotated dataset
The finetuning dataset contains 20961 secrets and 31 programming languages, but the base encoder model was pre-trained on 88
programming languages from [The Stack](https://huggingface.co/datasets/bigcode/the-stack) dataset.
### Initial training on a pseudo-labelled dataset
To enhance model performance on some rare PII entities like keys, we initially trained on a pseudo-labeled dataset before fine-tuning on the annotated dataset.
The method involves training a model on a small set of labeled data and subsequently generating predictions for a larger set of unlabeled data.
Specifically, we annotated 18,000 files available at [bigcode-pii-ppseudo-labeled](https://huggingface.co/datasets/bigcode/pseudo-labeled-python-data-pii-detection-filtered)
using an ensemble of two encoder models [Deberta-v3-large](https://huggingface.co/microsoft/deberta-v3-large) and [stanford-deidentifier-base](StanfordAIMI/stanford-deidentifier-base)
 which were fine-tuned on an intern previously labeled PII [dataset](https://huggingface.co/datasets/bigcode/pii-for-code) for code with 400 files from this [work](https://arxiv.org/abs/2301.03988).
 To select good-quality pseudo-labels, we computed the average probability logits between the models and filtered based on a minimum score.
 After inspection, we observed a high rate of false positives for Keys and Passwords, hence we retained only the entities that had a trigger word like `key`, `auth` and `pwd` in the surrounding context.
 Training on this synthetic dataset prior to fine-tuning on the annotated one yielded superior results for all PII categories,
as demonstrated in the table in the following section.
### Performance
This model is respresented in the last row (NER + pseudo labels )
- Emails, IP addresses and Keys
| Method | Email address | | | IP address | | | Key | | |
| ------------------ | -------------- | ---- | ---- | ---------- | ---- | ---- | ----- | ---- | ---- |
| | Prec. | Recall | F1 | Prec. | Recall | F1 | Prec. | Recall | F1 |
| Regex | 69.8% | 98.8% | 81.8% | 65.9% | 78% | 71.7% | 2.8% | 46.9% | 5.3% |
| NER | 94.01% | 98.10% | 96.01% | 88.95% | *94.43%* | 91.61% | 60.37% | 53.38% | 56.66% |
| + pseudo labels | **97.73%** | **98.94%** | **98.15%** | **90.10%** | 93.86% | **91.94%** | **62.38%** | **80.81%** | **70.41%** |
- Names, Usernames and Passwords
| Method | Name | | | Username | | | Password | | |
| ------------------ | -------- | ---- | ---- | -------- | ---- | ---- | -------- | ---- | ---- |
| | Prec. | Recall | F1 | Prec. | Recall | F1 | Prec. | Recall | F1 |
| NER | 83.66% | 95.52% | 89.19% | 48.93% | *75.55%* | 59.39% | 59.16% | *96.62%* | 73.39%|
| + pseudo labels | **86.45%** | **97.38%** | **91.59%** | **52.20%** | 74.81% | **61.49%** | **70.94%** | 95.96% | **81.57%** |
We used this model to mask PII in the bigcode large model training. We dropped usernames since they resulted in many false positives and negatives.
For the other PII types, we added the following post-processing that we recommend for future uses of the model (the code is also available on GitHub):
- Ignore secrets with less than 4 characters.
- Detect full names only.
- Ignore detected keys with less than 9 characters or that are not gibberish using a [gibberish-detector](https://github.com/domanchi/gibberish-detector).
- Ignore IP addresses that aren't valid or are private (non-internet facing) using the `ipaddress` python package. We also ignore IP addresses from popular DNS servers.
We use the same list as in this [paper](https://huggingface.co/bigcode/santacoder).
# Considerations for Using the Model
While using this model, please be aware that there may be potential risks associated with its application.
There is a possibility of false positives and negatives, which could lead to unintended consequences when processing sensitive data.
Moreover, the model's performance may vary across different data types and programming languages, necessitating validation and fine-tuning for specific use cases.
Researchers and developers are expected to uphold ethical standards and data protection measures when using the model. By making it openly accessible,
our aim is to encourage the development of privacy-preserving AI technologies while remaining vigilant of potential risks associated with PII.