SafeTune: Mitigating Data Poisoning in LLM Fine-Tuning for RTL Code Generation
For hardware engineers using LLMs for RTL code generation, SafeTune addresses the critical problem of data poisoning leading to insecure hardware modules, offering a defense that preserves legitimate data.
SafeTune mitigates data poisoning in LLM fine-tuning for RTL code generation by filtering poisoned inputs using a GNN for structural anomaly detection and a semantic verification module, enhancing robustness without modifying model architecture.
As large language models (LLMs) are increasingly fine-tuned for hardware tasks like RTL code generation, the scarcity of high-quality datasets often leads to the use of rapidly assembled or generated training data. These datasets frequently lack security verification and are highly susceptible to data poisoning attacks. Such poisoning can cause models to generate syntactically valid but insecure hardware modules that bypass standard functionality checks. To address this, we present SafeTune, a framework designed to harden LLM-based RTL generation against poisoning, specifically focusing on hardware Trojan (HT) insertion. SafeTune integrates two core components: (i) a Graph Neural Network (GNN) that models structural properties to identify anomalous circuitry patterns during fine-tuning, and (ii) a semantic verification module using text embeddings and an XGBoost classifier to assess prompt security. By coupling structural and semantic knowledge, SafeTune effectively filters poisoned inputs without sacrificing legitimate data. Experimental results demonstrate that SafeTune significantly enhances the robustness and reliability of LLM fine-tuning without requiring modifications to the underlying model architecture.