|
import streamlit as st |
|
import pandas as pd |
|
import subprocess |
|
import time |
|
import streamlit.components.v1 as components |
|
|
|
|
|
|
|
st.set_page_config(page_title="LLMs for Cyber Security", page_icon="π", layout="wide", initial_sidebar_state="expanded") |
|
st.title("ππ LLMs for Cyber Security: State-of-the-Art Surveysππ") |
|
st.markdown("This app is based on the paper: [Large Language Models for Cyber Security](https://arxiv.org/pdf/2405.04760v3). It showcases LLMs in the cybersecurity landscape, summarizing key surveys and insights.") |
|
st.markdown('ππ https://arxiv.org/abs/2405.04760v3') |
|
|
|
|
|
data = { |
|
"Reference": ["Motlagh et al.", "Divakaran et al.", "Yao et al.", "Yigit et al.", "Coelho et al.", "Novelli et al.", "LLM4Security"], |
|
"Year": [2024, 2024, 2023, 2024, 2024, 2024, 2024], |
|
"Scope": ["Security application", "Security application", "Security application, Security of LLM", "Security application, Security of LLM", "Security application", "Security application", "Security application"], |
|
"Dimensions": ["Task", "Task", "Model, Task", "Task", "Task, Domain specific technique", "Task, Model, Domain specific technique", "Model, Task, Domain specific technique, Data"], |
|
"Time frame": ["2022-2023", "2020-2024", "2019-2024", "2020-2024", "2021-2023", "2020-2024", "2020-2024"], |
|
"Papers": ["Not specified", "Not specified", 281, "Not specified", 19, "Not specified", 127] |
|
} |
|
df = pd.DataFrame(data) |
|
|
|
|
|
|
|
st.subheader("π Survey Overview Table") |
|
st.dataframe(df, height=300) |
|
st.markdown("---") |
|
|
|
|
|
|
|
st.subheader("π‘οΈ Security Model Visualization with Mermaid") |
|
|
|
mermaid_code = ''' |
|
graph TD; |
|
A[LLMs in Security] --> B[Security Application] |
|
B --> C[Task] |
|
B --> D[Model] |
|
D --> E[Domain-Specific Techniques] |
|
E --> F[Data] |
|
''' |
|
|
|
|
|
mermaid_html = f""" |
|
<html> |
|
<body> |
|
<pre class="mermaid"> |
|
{mermaid_code} |
|
</pre> |
|
<script src="https://cdn.jsdelivr.net/npm/mermaid/dist/mermaid.min.js"></script> |
|
<script> |
|
mermaid.initialize({{ startOnLoad: true }}); |
|
</script> |
|
</body> |
|
</html> |
|
""" |
|
|
|
components.html(mermaid_html, height=300) |
|
|
|
st.markdown(""" |
|
Figure: The diagram illustrates how Large Language Models (LLMs) are applied in security, highlighting the flow from general applications to specific tasks, models, domain-specific techniques, and data considerations. |
|
""") |
|
st.markdown("---") |
|
|
|
|
|
|
|
st.subheader("π Interactive Chart Example") |
|
|
|
|
|
chart_data = [ |
|
{"year": 2020, "papers": 50}, |
|
{"year": 2021, "papers": 80}, |
|
{"year": 2022, "papers": 120}, |
|
{"year": 2023, "papers": 200}, |
|
{"year": 2024, "papers": 250}, |
|
] |
|
|
|
|
|
chart_html = f""" |
|
<html> |
|
<head> |
|
<script src="https://cdn.jsdelivr.net/npm/chart.js"></script> |
|
</head> |
|
<body> |
|
<canvas id="myChart" width="400" height="200"></canvas> |
|
<script> |
|
var ctx = document.getElementById('myChart').getContext('2d'); |
|
var myChart = new Chart(ctx, {{ |
|
type: 'line', |
|
data: {{ |
|
labels: {[d['year'] for d in chart_data]}, |
|
datasets: [{{ |
|
label: 'Number of Papers', |
|
data: {[d['papers'] for d in chart_data]}, |
|
borderColor: 'rgb(75, 192, 192)', |
|
tension: 0.1 |
|
}}] |
|
}}, |
|
options: {{ |
|
responsive: true, |
|
scales: {{ |
|
y: {{ |
|
beginAtZero: true |
|
}} |
|
}} |
|
}} |
|
}}); |
|
</script> |
|
</body> |
|
</html> |
|
""" |
|
|
|
components.html(chart_html, height=300) |
|
st.markdown("This interactive chart shows the growth in the number of papers on LLMs in cybersecurity over the years.") |
|
st.markdown("---") |
|
|
|
|
|
|
|
st.subheader("π Interactive D3.js Visualization") |
|
|
|
|
|
d3_data = [ |
|
{"name": "Task", "value": 30}, |
|
{"name": "Model", "value": 25}, |
|
{"name": "Domain-Specific", "value": 20}, |
|
{"name": "Data", "value": 15}, |
|
{"name": "Security of LLM", "value": 10}, |
|
] |
|
|
|
|
|
d3_html = f""" |
|
<html> |
|
<head> |
|
<script src="https://d3js.org/d3.v7.min.js"></script> |
|
<style> |
|
.bar {{ fill: steelblue; }} |
|
.bar:hover {{ fill: brown; }} |
|
</style> |
|
</head> |
|
<body> |
|
<div id="d3-chart"></div> |
|
<script> |
|
const data = {d3_data}; |
|
const margin = {{top: 20, right: 20, bottom: 30, left: 40}}; |
|
const width = 400 - margin.left - margin.right; |
|
const height = 200 - margin.top - margin.bottom; |
|
|
|
const svg = d3.select("#d3-chart") |
|
.append("svg") |
|
.attr("width", width + margin.left + margin.right) |
|
.attr("height", height + margin.top + margin.bottom) |
|
.append("g") |
|
.attr("transform", `translate(${{margin.left}},${{margin.top}})`); |
|
|
|
const x = d3.scaleBand() |
|
.range([0, width]) |
|
.padding(0.1); |
|
|
|
const y = d3.scaleLinear() |
|
.range([height, 0]); |
|
|
|
x.domain(data.map(d => d.name)); |
|
y.domain([0, d3.max(data, d => d.value)]); |
|
|
|
svg.selectAll(".bar") |
|
.data(data) |
|
.enter().append("rect") |
|
.attr("class", "bar") |
|
.attr("x", d => x(d.name)) |
|
.attr("width", x.bandwidth()) |
|
.attr("y", d => y(d.value)) |
|
.attr("height", d => height - y(d.value)); |
|
|
|
svg.append("g") |
|
.attr("transform", `translate(0,${{height}})`) |
|
.call(d3.axisBottom(x)); |
|
|
|
svg.append("g") |
|
.call(d3.axisLeft(y)); |
|
</script> |
|
</body> |
|
</html> |
|
""" |
|
|
|
components.html(d3_html, height=300) |
|
st.markdown("This D3.js visualization shows the distribution of different aspects in LLM cybersecurity research.") |
|
st.markdown("---") |
|
|
|
|
|
|
|
st.subheader("π Additional Insights") |
|
st.markdown(""" |
|
<style> |
|
.scrollable-content { |
|
height: 250px; |
|
overflow-y: scroll; |
|
padding: 10px; |
|
border: 1px solid #ccc; |
|
} |
|
</style> |
|
<div class="scrollable-content"> |
|
<h4>Survey Highlights:</h4> |
|
<ul> |
|
<li><strong>Motlagh et al. (2024)</strong>: Focused on security applications within 2022-2023 but did not specify the number of papers reviewed.</li> |
|
<li><strong>Divakaran et al. (2024)</strong>: Explored security applications from 2020-2024 without specifying the number of papers.</li> |
|
<li><strong>Yao et al. (2023)</strong>: Reviewed 281 papers covering both security applications and the security of LLMs between 2019-2024.</li> |
|
<li><strong>Yigit et al. (2024)</strong>: Concentrated on security applications and the security of LLMs from 2020-2024 without specifying paper count.</li> |
|
<li><strong>Coelho et al. (2024)</strong>: Introduced domain-specific techniques in security applications, covering 19 papers from 2021-2023.</li> |
|
<li><strong>Novelli et al. (2024)</strong>: Discussed tasks, models, and domain-specific techniques in security applications without specifying paper count.</li> |
|
<li><strong>LLM4Security (2024)</strong>: Comprehensive survey of 127 papers from 2020-2024, covering models, tasks, domain-specific techniques, and data.</li> |
|
</ul> |
|
<h4>Key Observations:</h4> |
|
<ol> |
|
<li>The interest in applying LLMs to cybersecurity has significantly increased since 2019.</li> |
|
<li>There's a growing focus on not just using LLMs for security tasks but also securing the LLMs themselves.</li> |
|
<li>Domain-specific techniques are becoming more prominent, indicating a move towards specialized security solutions.</li> |
|
</ol> |
|
</div> |
|
""", unsafe_allow_html=True) |
|
st.markdown("---") |
|
|
|
|
|
|
|
st.subheader("π Run Python Dependency Security Audit") |
|
st.markdown("Keeping your project's dependencies secure is crucial. Use the button below to run a security audit on the Python packages used in this environment.") |
|
|
|
if st.button('Run pip-audit for Security Check'): |
|
with st.spinner('Running security audit...'): |
|
time.sleep(2) |
|
result = subprocess.run(['pip-audit'], capture_output=True, text=True) |
|
st.code(result.stdout) |
|
st.success('Security audit completed!') |
|
|
|
st.markdown("Note: The pip-audit tool checks your Python environment for packages with known vulnerabilities, referencing public CVE databases.") |
|
st.markdown("---") |
|
|
|
|
|
|
|
st.subheader("π€ AI Pair Programming: Security Recommendations") |
|
st.markdown(""" |
|
Leveraging AI in pair programming can enhance code security and quality. Here are some recommendations: |
|
|
|
1. **Reduce Code Complexity**: AI tools can suggest code refactoring to simplify complex code blocks, making them more maintainable and less error-prone. |
|
2. **Minimize Attack Surface**: AI can identify unnecessary code paths and dependencies, allowing developers to remove or secure them. |
|
3. **Automate Security Scans**: Integrate AI-powered security scanners to continuously monitor code for vulnerabilities. |
|
4. **Code Review Assistance**: AI can assist in code reviews by highlighting potential security issues and non-compliance with best practices. |
|
5. **Secure Coding Practices**: AI can provide real-time suggestions for secure coding patterns and discourage the use of insecure functions. |
|
""") |
|
st.markdown("---") |
|
|
|
|
|
|
|
st.subheader("βοΈ Azure Deployment Information") |
|
st.markdown(""" |
|
While this demo does not include operational deployment, here's how you can deploy this application using Azure services: |
|
|
|
**Azure Container Apps**: Use Azure Container Apps to deploy and manage containerized applications at scale without managing infrastructure. |
|
- Benefits: |
|
- Serverless containers |
|
- Built-in support for scaling |
|
- Integrated with Azure services |
|
|
|
**Azure Container Registry (ACR)**: Store and manage your container images securely. |
|
- Steps: |
|
1. Build your Docker image. |
|
2. Push the image to ACR. |
|
3. Configure Azure Container Apps to pull the image from ACR. |
|
|
|
**Azure Cosmos DB**: Use Cosmos DB to store security audit results, logs, and other application data. |
|
- Features: |
|
- Globally distributed |
|
- Multi-model database service |
|
- Low latency and high availability |
|
""") |
|
st.markdown("---") |
|
|
|
|
|
|
|
st.subheader("π Additional Resources") |
|
st.markdown(""" |
|
- [Official Streamlit Documentation](https://docs.streamlit.io/) |
|
- [pip-audit GitHub Repository](https://github.com/pypa/pip-audit) |
|
- [Mermaid Live Editor](https://mermaid.live/) - Design and preview Mermaid diagrams. |
|
- [Azure Container Apps Documentation](https://docs.microsoft.com/en-us/azure/container-apps/) |
|
- [Cybersecurity Best Practices by CISA](https://www.cisa.gov/cybersecurity-best-practices) |
|
""") |
|
|
|
st.markdown("If you have any questions or would like to contribute to this project, please reach out or submit a pull request on GitHub.") |
|
|
|
|
|
|
|
st.sidebar.title("Navigation") |
|
st.sidebar.markdown(""" |
|
- [Introduction](#llms-for-cyber-security-state-of-the-art-surveys) |
|
- [Survey Overview Table](#survey-overview-table) |
|
- [Security Model Visualization](#security-model-visualization-with-mermaid) |
|
- [Interactive Chart](#interactive-chart-example) |
|
- [D3.js Visualization](#interactive-d3js-visualization) |
|
- [Additional Insights](#additional-insights) |
|
- [Security Audit](#run-python-dependency-security-audit) |
|
- [AI Recommendations](#ai-pair-programming-security-recommendations) |
|
- [Azure Deployment](#azure-deployment-information) |
|
- [Additional Resources](#additional-resources) |
|
""", unsafe_allow_html=True) |
|
|
|
st.sidebar.title("About") |
|
st.sidebar.info(""" |
|
This Streamlit app was developed to demonstrate the intersection of Large Language Models and Cybersecurity, highlighting recent surveys and providing tools and recommendations for secure coding practices. |
|
""") |
|
|
|
|
