Spaces:

awacke1
/

CodeMode

Sleeping

App Files Files Community

CodeMode / app.py

awacke1

Update app.py

a2c2ca6 verified 6 months ago

raw

history blame

9.79 kB

	import streamlit as st
	import pandas as pd
	import subprocess
	import time

	# ---------------------------- Header and Introduction ----------------------------

	# Set the page configuration
	st.set_page_config(
	page_title="LLMs for Cyber Security",
	page_icon="🔒",
	layout="wide",
	initial_sidebar_state="expanded",
	)

	# Title of the application
	st.title("🔒 LLMs for Cyber Security: State-of-the-Art Surveys")

	# Introduction text with link to the paper
	st.markdown("""
	This app is based on the paper: [Large Language Models for Cyber Security](https://arxiv.org/pdf/2405.04760v3).
	It showcases LLMs in the cybersecurity landscape, summarizing key surveys and insights.
	""")

	# ---------------------------- Data Preparation ----------------------------

	# Create the data dictionary
	data = {
	"Reference": [
	"Motlagh et al.", "Divakaran et al.", "Yao et al.", "Yigit et al.",
	"Coelho et al.", "Novelli et al.", "LLM4Security"
	],
	"Year": [2024, 2024, 2023, 2024, 2024, 2024, 2024],
	"Scope": [
	"Security application", "Security application", "Security application, Security of LLM",
	"Security application, Security of LLM", "Security application",
	"Security application", "Security application"
	],
	"Dimensions": [
	"Task", "Task", "Model, Task", "Task", "Task, Domain specific technique",
	"Task, Model, Domain specific technique", "Model, Task, Domain specific technique, Data"
	],
	"Time frame": [
	"2022-2023", "2020-2024", "2019-2024", "2020-2024",
	"2021-2023", "2020-2024", "2020-2024"
	],
	"Papers": ["Not specified", "Not specified", 281, "Not specified", 19, "Not specified", 127]
	}

	# Convert the data dictionary into a pandas DataFrame
	df = pd.DataFrame(data)

	# ---------------------------- Display Data Table ----------------------------

	st.subheader("📊 Survey Overview Table")

	# Display the DataFrame as an interactive table
	st.dataframe(df, height=300)

	# Add some spacing
	st.markdown("---")

	# ---------------------------- Mermaid Diagram Visualization ----------------------------

	st.subheader("🛡️ Security Model Visualization with Mermaid")

	# Define the Mermaid code
	mermaid_code = '''
	graph TD;
	A[LLMs in Security] --> B[Security Application]
	B --> C[Task]
	B --> D[Model]
	D --> E[Domain-Specific Techniques]
	E --> F[Data]
	'''

	# Display the Mermaid diagram using markdown
	st.markdown(f"""
	```mermaid
	{mermaid_code}
	```
	""")

	# Explanation of the diagram
	st.markdown("""
	Figure: The diagram illustrates how Large Language Models (LLMs) are applied in security, highlighting the flow from general applications to specific tasks, models, domain-specific techniques, and data considerations.
	""")

	# Add some spacing
	st.markdown("---")

	# ---------------------------- Scrollable Content for Additional Insights ----------------------------
	st.subheader("📝 Additional Insights")

	# Custom CSS for scrollable content
	st.markdown("""
	<style>
	.scrollable-content {
	height: 250px;
	overflow-y: scroll;
	padding: 10px;
	border: 1px solid #ccc;
	}
	</style>
	""", unsafe_allow_html=True)

	# Scrollable content with insights
	st.markdown("""
	<div class="scrollable-content">
	<h4>Survey Highlights:</h4>
	<ul>
	<li><strong>Motlagh et al. (2024)</strong>: Focused on security applications within 2022-2023 but did not specify the number of papers reviewed.</li>
	<li><strong>Divakaran et al. (2024)</strong>: Explored security applications from 2020-2024 without specifying the number of papers.</li>
	<li><strong>Yao et al. (2023)</strong>: Reviewed 281 papers covering both security applications and the security of LLMs between 2019-2024.</li>
	<li><strong>Yigit et al. (2024)</strong>: Concentrated on security applications and the security of LLMs from 2020-2024 without specifying paper count.</li>
	<li><strong>Coelho et al. (2024)</strong>: Introduced domain-specific techniques in security applications, covering 19 papers from 2021-2023.</li>
	<li><strong>Novelli et al. (2024)</strong>: Discussed tasks, models, and domain-specific techniques in security applications without specifying paper count.</li>
	<li><strong>LLM4Security (2024)</strong>: Comprehensive survey of 127 papers from 2020-2024, covering models, tasks, domain-specific techniques, and data.</li>
	</ul>
	<h4>Key Observations:</h4>
	<ol>
	<li>The interest in applying LLMs to cybersecurity has significantly increased since 2019.</li>
	<li>There's a growing focus on not just using LLMs for security tasks but also securing the LLMs themselves.</li>
	<li>Domain-specific techniques are becoming more prominent, indicating a move towards specialized security solutions.</li>
	</ol>
	</div>
	""", unsafe_allow_html=True)

	# Add some spacing
	st.markdown("---")

	# ---------------------------- Security Audit Section ----------------------------
	st.subheader("🔍 Run Python Dependency Security Audit")

	# Explanation of the security audit
	st.markdown("""
	Keeping your project's dependencies secure is crucial. Use the button below to run a security audit on the Python packages used in this environment.
	""")

	# Button to trigger the security audit
	if st.button('Run pip-audit for Security Check'):
	with st.spinner('Running security audit...'):
	# Simulate a delay for the audit process
	time.sleep(2)
	# Run the pip-audit command
	result = subprocess.run(['pip-audit'], capture_output=True, text=True)
	# Display the audit results
	st.code(result.stdout)
	st.success('Security audit completed!')

	# Note about pip-audit
	st.markdown("""
	Note: The pip-audit tool checks your Python environment for packages with known vulnerabilities, referencing public CVE databases.
	""")

	# Add some spacing
	st.markdown("---")

	# ---------------------------- AI Pair Programming Recommendations ----------------------------
	st.subheader("🤖 AI Pair Programming: Security Recommendations")

	st.markdown("""
	Leveraging AI in pair programming can enhance code security and quality. Here are some recommendations:

	1. Reduce Code Complexity: AI tools can suggest code refactoring to simplify complex code blocks, making them more maintainable and less error-prone.
	2. Minimize Attack Surface: AI can identify unnecessary code paths and dependencies, allowing developers to remove or secure them.
	3. Automate Security Scans: Integrate AI-powered security scanners to continuously monitor code for vulnerabilities.
	4. Code Review Assistance: AI can assist in code reviews by highlighting potential security issues and non-compliance with best practices.
	5. Secure Coding Practices: AI can provide real-time suggestions for secure coding patterns and discourage the use of insecure functions.
	""")

	# Add some spacing
	st.markdown("---")

	# ---------------------------- Azure Deployment Information ----------------------------
	st.subheader("☁️ Azure Deployment Information")

	st.markdown("""
	While this demo does not include operational deployment, here's how you can deploy this application using Azure services:

	Azure Container Apps: Use Azure Container Apps to deploy and manage containerized applications at scale without managing infrastructure.
	- Benefits:
	- Serverless containers
	- Built-in support for scaling
	- Integrated with Azure services

	Azure Container Registry (ACR): Store and manage your container images securely.
	- Steps:
	1. Build your Docker image.
	2. Push the image to ACR.
	3. Configure Azure Container Apps to pull the image from ACR.

	Azure Cosmos DB: Use Cosmos DB to store security audit results, logs, and other application data.
	- Features:
	- Globally distributed
	- Multi-model database service
	- Low latency and high availability
	""")

	# Add some spacing
	st.markdown("---")

	# ---------------------------- Footer and Additional Resources ----------------------------
	st.subheader("📚 Additional Resources")

	# List of additional resources and links
	st.markdown("""
	- [Official Streamlit Documentation](https://docs.streamlit.io/)
	- [pip-audit GitHub Repository](https://github.com/pypa/pip-audit)
	- [Mermaid Live Editor](https://mermaid.live/) - Design and preview Mermaid diagrams.
	- [Azure Container Apps Documentation](https://docs.microsoft.com/en-us/azure/container-apps/)
	- [Cybersecurity Best Practices by CISA](https://www.cisa.gov/cybersecurity-best-practices)
	""")

	# Contact information or call to action
	st.markdown("""
	If you have any questions or would like to contribute to this project, please reach out or submit a pull request on GitHub.
	""")

	# Add some spacing
	st.markdown("---")

	# ---------------------------- Sidebar Content ----------------------------
	# Add content to the sidebar
	st.sidebar.title("Navigation")
	st.sidebar.markdown("""
	- [Introduction](#llms-for-cyber-security-state-of-the-art-surveys)
	- [Survey Overview Table](#survey-overview-table)
	- [Security Model Visualization](#security-model-visualization-with-mermaid)
	- [Additional Insights](#additional-insights)
	- [Security Audit](#run-python-dependency-security-audit)
	- [AI Recommendations](#ai-pair-programming-security-recommendations)
	- [Azure Deployment](#azure-deployment-information)
	- [Additional Resources](#additional-resources)
	""", unsafe_allow_html=True)

	# Add an about section
	st.sidebar.title("About")
	st.sidebar.info("""
	This Streamlit app was developed to demonstrate the intersection of Large Language Models and Cybersecurity, highlighting recent surveys and providing tools and recommendations for secure coding practices.
	""")

	# ---------------------------- End of App ----------------------------