File size: 12,842 Bytes
528fd6b a2c2ca6 9ec8a42 528fd6b a2c2ca6 9ec8a42 ed0dc5f 9ec8a42 ed0dc5f a2c2ca6 528fd6b 9ec8a42 528fd6b 9ec8a42 528fd6b a2c2ca6 528fd6b 9ec8a42 a2c2ca6 9ec8a42 528fd6b 9ec8a42 a2c2ca6 9ec8a42 528fd6b a2c2ca6 528fd6b a2c2ca6 528fd6b a2c2ca6 528fd6b a2c2ca6 528fd6b a2c2ca6 528fd6b a2c2ca6 528fd6b 9ec8a42 a2c2ca6 528fd6b a2c2ca6 528fd6b a2c2ca6 528fd6b 9ec8a42 a2c2ca6 9ec8a42 a2c2ca6 9ec8a42 a2c2ca6 9ec8a42 528fd6b a2c2ca6 528fd6b 9ec8a42 a2c2ca6 9ec8a42 a2c2ca6 9ec8a42 a2c2ca6 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 |
import streamlit as st
import pandas as pd
import subprocess
import time
import streamlit.components.v1 as components
# ---------------------------- Header and Introduction ----------------------------
st.set_page_config(page_title="LLMs for Cyber Security", page_icon="π", layout="wide", initial_sidebar_state="expanded")
st.title("ππ LLMs for Cyber Security: State-of-the-Art Surveysππ")
st.markdown("This app is based on the paper: [Large Language Models for Cyber Security](https://arxiv.org/pdf/2405.04760v3). It showcases LLMs in the cybersecurity landscape, summarizing key surveys and insights.")
st.markdown('ππ https://arxiv.org/abs/2405.04760v3')
# ---------------------------- Data Preparation ----------------------------
data = {
"Reference": ["Motlagh et al.", "Divakaran et al.", "Yao et al.", "Yigit et al.", "Coelho et al.", "Novelli et al.", "LLM4Security"],
"Year": [2024, 2024, 2023, 2024, 2024, 2024, 2024],
"Scope": ["Security application", "Security application", "Security application, Security of LLM", "Security application, Security of LLM", "Security application", "Security application", "Security application"],
"Dimensions": ["Task", "Task", "Model, Task", "Task", "Task, Domain specific technique", "Task, Model, Domain specific technique", "Model, Task, Domain specific technique, Data"],
"Time frame": ["2022-2023", "2020-2024", "2019-2024", "2020-2024", "2021-2023", "2020-2024", "2020-2024"],
"Papers": ["Not specified", "Not specified", 281, "Not specified", 19, "Not specified", 127]
}
df = pd.DataFrame(data)
# ---------------------------- Display Data Table ----------------------------
st.subheader("π Survey Overview Table")
st.dataframe(df, height=300)
st.markdown("---")
# ---------------------------- Mermaid Diagram Visualization ----------------------------
st.subheader("π‘οΈ Security Model Visualization with Mermaid")
mermaid_code = '''
graph TD;
A[LLMs in Security] --> B[Security Application]
B --> C[Task]
B --> D[Model]
D --> E[Domain-Specific Techniques]
E --> F[Data]
'''
# HTML component for Mermaid diagram
mermaid_html = f"""
<html>
<body>
<pre class="mermaid">
{mermaid_code}
</pre>
<script src="https://cdn.jsdelivr.net/npm/mermaid/dist/mermaid.min.js"></script>
<script>
mermaid.initialize({{ startOnLoad: true }});
</script>
</body>
</html>
"""
components.html(mermaid_html, height=300)
st.markdown("""
Figure: The diagram illustrates how Large Language Models (LLMs) are applied in security, highlighting the flow from general applications to specific tasks, models, domain-specific techniques, and data considerations.
""")
st.markdown("---")
# ---------------------------- Interactive Chart Example ----------------------------
st.subheader("π Interactive Chart Example")
# Sample data for the chart
chart_data = [
{"year": 2020, "papers": 50},
{"year": 2021, "papers": 80},
{"year": 2022, "papers": 120},
{"year": 2023, "papers": 200},
{"year": 2024, "papers": 250},
]
# HTML component for Chart.js
chart_html = f"""
<html>
<head>
<script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
</head>
<body>
<canvas id="myChart" width="400" height="200"></canvas>
<script>
var ctx = document.getElementById('myChart').getContext('2d');
var myChart = new Chart(ctx, {{
type: 'line',
data: {{
labels: {[d['year'] for d in chart_data]},
datasets: [{{
label: 'Number of Papers',
data: {[d['papers'] for d in chart_data]},
borderColor: 'rgb(75, 192, 192)',
tension: 0.1
}}]
}},
options: {{
responsive: true,
scales: {{
y: {{
beginAtZero: true
}}
}}
}}
}});
</script>
</body>
</html>
"""
components.html(chart_html, height=300)
st.markdown("This interactive chart shows the growth in the number of papers on LLMs in cybersecurity over the years.")
st.markdown("---")
# ---------------------------- Interactive D3.js Visualization ----------------------------
st.subheader("π Interactive D3.js Visualization")
# Sample data for the D3 visualization
d3_data = [
{"name": "Task", "value": 30},
{"name": "Model", "value": 25},
{"name": "Domain-Specific", "value": 20},
{"name": "Data", "value": 15},
{"name": "Security of LLM", "value": 10},
]
# HTML component for D3.js visualization
d3_html = f"""
<html>
<head>
<script src="https://d3js.org/d3.v7.min.js"></script>
<style>
.bar {{ fill: steelblue; }}
.bar:hover {{ fill: brown; }}
</style>
</head>
<body>
<div id="d3-chart"></div>
<script>
const data = {d3_data};
const margin = {{top: 20, right: 20, bottom: 30, left: 40}};
const width = 400 - margin.left - margin.right;
const height = 200 - margin.top - margin.bottom;
const svg = d3.select("#d3-chart")
.append("svg")
.attr("width", width + margin.left + margin.right)
.attr("height", height + margin.top + margin.bottom)
.append("g")
.attr("transform", `translate(${{margin.left}},${{margin.top}})`);
const x = d3.scaleBand()
.range([0, width])
.padding(0.1);
const y = d3.scaleLinear()
.range([height, 0]);
x.domain(data.map(d => d.name));
y.domain([0, d3.max(data, d => d.value)]);
svg.selectAll(".bar")
.data(data)
.enter().append("rect")
.attr("class", "bar")
.attr("x", d => x(d.name))
.attr("width", x.bandwidth())
.attr("y", d => y(d.value))
.attr("height", d => height - y(d.value));
svg.append("g")
.attr("transform", `translate(0,${{height}})`)
.call(d3.axisBottom(x));
svg.append("g")
.call(d3.axisLeft(y));
</script>
</body>
</html>
"""
components.html(d3_html, height=300)
st.markdown("This D3.js visualization shows the distribution of different aspects in LLM cybersecurity research.")
st.markdown("---")
# ---------------------------- Scrollable Content for Additional Insights ----------------------------
st.subheader("π Additional Insights")
st.markdown("""
<style>
.scrollable-content {
height: 250px;
overflow-y: scroll;
padding: 10px;
border: 1px solid #ccc;
}
</style>
<div class="scrollable-content">
<h4>Survey Highlights:</h4>
<ul>
<li><strong>Motlagh et al. (2024)</strong>: Focused on security applications within 2022-2023 but did not specify the number of papers reviewed.</li>
<li><strong>Divakaran et al. (2024)</strong>: Explored security applications from 2020-2024 without specifying the number of papers.</li>
<li><strong>Yao et al. (2023)</strong>: Reviewed 281 papers covering both security applications and the security of LLMs between 2019-2024.</li>
<li><strong>Yigit et al. (2024)</strong>: Concentrated on security applications and the security of LLMs from 2020-2024 without specifying paper count.</li>
<li><strong>Coelho et al. (2024)</strong>: Introduced domain-specific techniques in security applications, covering 19 papers from 2021-2023.</li>
<li><strong>Novelli et al. (2024)</strong>: Discussed tasks, models, and domain-specific techniques in security applications without specifying paper count.</li>
<li><strong>LLM4Security (2024)</strong>: Comprehensive survey of 127 papers from 2020-2024, covering models, tasks, domain-specific techniques, and data.</li>
</ul>
<h4>Key Observations:</h4>
<ol>
<li>The interest in applying LLMs to cybersecurity has significantly increased since 2019.</li>
<li>There's a growing focus on not just using LLMs for security tasks but also securing the LLMs themselves.</li>
<li>Domain-specific techniques are becoming more prominent, indicating a move towards specialized security solutions.</li>
</ol>
</div>
""", unsafe_allow_html=True)
st.markdown("---")
# ---------------------------- Security Audit Section ----------------------------
st.subheader("π Run Python Dependency Security Audit")
st.markdown("Keeping your project's dependencies secure is crucial. Use the button below to run a security audit on the Python packages used in this environment.")
if st.button('Run pip-audit for Security Check'):
with st.spinner('Running security audit...'):
time.sleep(2)
result = subprocess.run(['pip-audit'], capture_output=True, text=True)
st.code(result.stdout)
st.success('Security audit completed!')
st.markdown("Note: The pip-audit tool checks your Python environment for packages with known vulnerabilities, referencing public CVE databases.")
st.markdown("---")
# ---------------------------- AI Pair Programming Recommendations ----------------------------
st.subheader("π€ AI Pair Programming: Security Recommendations")
st.markdown("""
Leveraging AI in pair programming can enhance code security and quality. Here are some recommendations:
1. **Reduce Code Complexity**: AI tools can suggest code refactoring to simplify complex code blocks, making them more maintainable and less error-prone.
2. **Minimize Attack Surface**: AI can identify unnecessary code paths and dependencies, allowing developers to remove or secure them.
3. **Automate Security Scans**: Integrate AI-powered security scanners to continuously monitor code for vulnerabilities.
4. **Code Review Assistance**: AI can assist in code reviews by highlighting potential security issues and non-compliance with best practices.
5. **Secure Coding Practices**: AI can provide real-time suggestions for secure coding patterns and discourage the use of insecure functions.
""")
st.markdown("---")
# ---------------------------- Azure Deployment Information ----------------------------
st.subheader("βοΈ Azure Deployment Information")
st.markdown("""
While this demo does not include operational deployment, here's how you can deploy this application using Azure services:
**Azure Container Apps**: Use Azure Container Apps to deploy and manage containerized applications at scale without managing infrastructure.
- Benefits:
- Serverless containers
- Built-in support for scaling
- Integrated with Azure services
**Azure Container Registry (ACR)**: Store and manage your container images securely.
- Steps:
1. Build your Docker image.
2. Push the image to ACR.
3. Configure Azure Container Apps to pull the image from ACR.
**Azure Cosmos DB**: Use Cosmos DB to store security audit results, logs, and other application data.
- Features:
- Globally distributed
- Multi-model database service
- Low latency and high availability
""")
st.markdown("---")
# ---------------------------- Footer and Additional Resources ----------------------------
st.subheader("π Additional Resources")
st.markdown("""
- [Official Streamlit Documentation](https://docs.streamlit.io/)
- [pip-audit GitHub Repository](https://github.com/pypa/pip-audit)
- [Mermaid Live Editor](https://mermaid.live/) - Design and preview Mermaid diagrams.
- [Azure Container Apps Documentation](https://docs.microsoft.com/en-us/azure/container-apps/)
- [Cybersecurity Best Practices by CISA](https://www.cisa.gov/cybersecurity-best-practices)
""")
st.markdown("If you have any questions or would like to contribute to this project, please reach out or submit a pull request on GitHub.")
# ---------------------------- Sidebar Content ----------------------------
st.sidebar.title("Navigation")
st.sidebar.markdown("""
- [Introduction](#llms-for-cyber-security-state-of-the-art-surveys)
- [Survey Overview Table](#survey-overview-table)
- [Security Model Visualization](#security-model-visualization-with-mermaid)
- [Interactive Chart](#interactive-chart-example)
- [D3.js Visualization](#interactive-d3js-visualization)
- [Additional Insights](#additional-insights)
- [Security Audit](#run-python-dependency-security-audit)
- [AI Recommendations](#ai-pair-programming-security-recommendations)
- [Azure Deployment](#azure-deployment-information)
- [Additional Resources](#additional-resources)
""", unsafe_allow_html=True)
st.sidebar.title("About")
st.sidebar.info("""
This Streamlit app was developed to demonstrate the intersection of Large Language Models and Cybersecurity, highlighting recent surveys and providing tools and recommendations for secure coding practices.
""")
# ---------------------------- End of App ---------------------------- |