IC Design Content Firewall (Traditional Chinese)
A LoRA adapter on top of Qwen2.5-1.5B-Instruct that performs structured content-moderation analysis for IC-design industry text (mixed Traditional Chinese + English). It outputs:
- Content classification (9 categories, multi-label)
- Risk grading (L0 / L1 / L2 / L3)
- Sensitive entity tagging (9 entity types, with verbatim provenance)
- Translation-style reasoning to help non-technical reviewers understand the content
🇹🇼 中文說明
功能
分析中英文混合的 IC 設計業工程師常見機密資訊用語,有效避免企業資敏資訊外洩,輸出結構化 JSON:
| 維度 | 內容 |
|---|---|
| 內容分類 | RTL / CUSTOMER / QUOTE / VENDOR / PROCESS / SCHEDULE / TESTING / INTERNAL / PUBLIC(multi-label) |
| 風險等級 | L0 公開 / L1 內部 / L2 需審核 / L3 機密 |
| 機敏實體 | CUSTOMER, PROJECT, VENDOR, PRICE, PROCESS_NODE, MODULE_NAME, IP_BLOCK, YIELD_NUMBER, SPEC_PARAM |
| 原因說明 | 翻譯式(將技術術語轉換成具體意涵,協助非技術人員快速理解) |
Quick start
from inference import Detector
det = Detector() # 載入 base model + adapter
result = det.detect("Codename-Alpha 預計 5/15 RTL freeze,pcie_phy 還有 corner case 沒清。")
print(result)
# {
# "content_categories": ["RTL", "SCHEDULE"],
# "risk_level": "L3",
# "sensitive_entities": [
# {"type": "PROJECT", "value": "Codename-Alpha", "reason": "..."},
# {"type": "MODULE_NAME", "value": "pcie_phy", "reason": "..."}
# ],
# "reasoning": {
# "category_reason": "...",
# "risk_reason": "..."
# }
# }
表現(holdout 99 筆,三層次評估)
| L1: base + no Filter | L2: adapter + no Filter | L3: adapter + Filter | |
|---|---|---|---|
| 格式正確率 | 99.0% | 100.0% | 100.0% |
| Risk Accuracy | 28.3% | 97.0% | 97.0% |
| Risk Within ±1 | 90.9% | 100.0% | 100.0% |
| Cat Macro F1 | 25.2% | 94.0% | 94.0% |
| Cat Exact Match | 5.1% | 70.7% | 70.7% |
| Entity Micro F1 | 9.0% | 95.5% | 95.5% |
| Entity Precision | 26.9% | 96.5% | 96.5% |
| Entity Recall | 5.4% | 94.6% | 94.6% |
L1 → L2 大幅躍升證明微調有效;L2 = L3 代表微調後的模型輸出已乾淨到 Filter 不需介入(但 Filter 仍為保險網保留)。
推論安全機制(Inference safeguards)
模型輸出之後再經過三層補強:
- Schema validation:保證所有 enum 值(cat、risk、entity type)合法
- Provenance check:機敏實體的
value必須逐字出現在原文,防止幻覺 - 使用者規則層(外掛,在 demo Space 提供):使用者可自訂字典與正則,補強 LLM 不擅長記住的「已知名單」(如客戶清單、供應商名單、內部專案代號)。規則層僅補強 entity 與 cat,不改變 risk_level。
限制
- 訓練資料皆為合成,未使用任何真實公司資料
- Holdout 與訓練集同分佈,對真實業界口語的泛化能力未經實測
- 1.5B 參數,純 CPU 推論延遲 ~90–120 秒/筆
- 對未見過的「開放詞彙」(新客戶代號、新專案代號),仍須靠 LLM 語意推理
- 上述指標反映 in-distribution 表現,不保證 OOD 場景同等表現
🌐 English Description
What it does
A LoRA adapter producing structured content-moderation analysis for IC-design industry text (mixed Traditional Chinese + English):
- Content classification (9 multi-label categories)
- Risk grading (L0 public / L1 internal / L2 needs-review / L3 secret)
- Sensitive entity tagging (9 entity types, verbatim provenance required)
- Translation-style reasoning explaining the analysis in plain language
Quick start
from inference import Detector
det = Detector()
result = det.detect("Codename-Alpha tape-out scheduled 2026 Q3 on Vendor-X N3 process.")
print(result)
Performance (holdout n=99, three-layer evaluation)
| L1: base, no Filter | L2: adapter, no Filter | L3: adapter + Filter | |
|---|---|---|---|
| Format ok | 99.0% | 100.0% | 100.0% |
| Risk Accuracy | 28.3% | 97.0% | 97.0% |
| Cat Macro F1 | 25.2% | 94.0% | 94.0% |
| Entity Micro F1 | 9.0% | 95.5% | 95.5% |
Jump from L1 to L2 demonstrates that the fine-tuning learned the task; L2 ≈ L3 means the adapter's output is already clean enough that the universal filters don't need to intervene on in-distribution data (filters retained as safety net).
Inference safeguards
Output passes through three augmentation layers:
- Schema validation — enforces legal enum values
- Provenance check — every entity's
valuemust appear verbatim in the input (anti-hallucination) - User dictionary/regex augmentation (offered via demo Space) — users can plug in their own customer lists, vendor lists, codenames, and pattern regex. Augments entities and categories only; does not override
risk_level.
Limitations
- All training data is synthetic; no real company data was used
- Holdout shares the synthesized distribution; real-world OOD performance untested
- CPU inference is slow (~90–120s per query); production deployment should consider GGUF Q4 quantization or GPU
- Open-vocabulary entities (new codenames the model has never seen) rely on LLM semantic inference and may benefit from dictionary augmentation
License
Apache 2.0. The model weights, inference code, and demo are all released under Apache 2.0.
Disclaimer
Training data: All 600 training samples and 99 holdout samples were synthesized via template + slot-filling. The default demo dictionary in the companion Space uses fictional placeholder names (e.g., Customer-A, Vendor-Foundry-X, Codename-Alpha); none refer to any real company, vendor, or project. Users deploying this model should replace the demo dictionary with their own organization's actual lists. The model's outputs do not represent any specific company, vendor, or project. The authors disclaim any responsibility for misuse.
- Downloads last month
- 142