princemaxp commited on
Commit
07d9eff
Β·
verified Β·
1 Parent(s): 46b3e8f

Update scoring_engine.py

Browse files
Files changed (1) hide show
  1. scoring_engine.py +18 -37
scoring_engine.py CHANGED
@@ -14,20 +14,28 @@ def compute_final_score(
14
  attachment_findings: list,
15
  auth_results: dict,
16
  ):
17
- """
18
- Correlation-based scoring engine
19
- Behavioral analysis has authority over all other signals
20
- """
21
-
22
  reasoning = []
23
 
 
 
 
 
 
 
 
 
 
 
 
 
 
24
  # -------------------------
25
  # BASE WEIGHTED SCORE
26
  # -------------------------
27
  final_score = (
28
  header_score * 0.20 +
29
  body_score * 0.25 +
30
- behavior_score * 0.30 + # πŸ”₯ dominant signal
31
  url_score * 0.15 +
32
  attachment_score * 0.10
33
  )
@@ -39,47 +47,20 @@ def compute_final_score(
39
  reasoning.append(f"Attachment contribution: {attachment_score * 0.10:.1f}")
40
 
41
  # -------------------------
42
- # AUTHENTICATION BOOSTS
43
  # -------------------------
44
  if auth_results.get("dmarc") == "fail":
45
  final_score += 10
46
- reasoning.append("DMARC failed β†’ +10 risk")
47
 
48
  if auth_results.get("spf") == "fail":
49
  final_score += 5
50
- reasoning.append("SPF failed β†’ +5 risk")
51
 
52
- # -------------------------
53
- # CORRELATION RULES
54
- # -------------------------
55
- if behavior_score >= 40 and header_score >= 20:
56
- final_score += 10
57
- reasoning.append("Behavior + Header correlation β†’ +10")
58
-
59
- if behavior_score >= 40 and url_score > 0:
60
- final_score += 10
61
- reasoning.append("Behavior + URL correlation β†’ +10")
62
-
63
- # -------------------------
64
- # πŸ”₯ BEHAVIORAL AUTHORITY (HARD RULES)
65
- # -------------------------
66
- if behavior_score >= 70:
67
- final_score = max(final_score, 70)
68
- reasoning.append(
69
- "High-confidence behavioral attack β†’ minimum score enforced (70)"
70
- )
71
-
72
- if behavior_attack.lower() == "sextortion":
73
- final_score = max(final_score, 85)
74
- reasoning.append("Sextortion detected β†’ forced score β‰₯ 85")
75
-
76
- # -------------------------
77
- # CLAMP SCORE
78
- # -------------------------
79
  final_score = min(int(final_score), 100)
80
 
81
  # -------------------------
82
- # FINAL VERDICT
83
  # -------------------------
84
  if final_score >= 70:
85
  verdict = "🚨 Malicious"
 
14
  attachment_findings: list,
15
  auth_results: dict,
16
  ):
 
 
 
 
 
17
  reasoning = []
18
 
19
+ # -------------------------
20
+ # NORMALIZE INPUTS (πŸ”₯ FIX)
21
+ # -------------------------
22
+ attack = (behavior_attack or "").strip().lower()
23
+
24
+ # -------------------------
25
+ # πŸ”₯ HARD BEHAVIOR OVERRIDE
26
+ # -------------------------
27
+ if attack == "sextortion":
28
+ reasoning.append("Sextortion behavior detected β†’ authoritative override")
29
+ reasoning.append("Behavioral confidence supersedes heuristics")
30
+ return 90, "🚨 Malicious", reasoning
31
+
32
  # -------------------------
33
  # BASE WEIGHTED SCORE
34
  # -------------------------
35
  final_score = (
36
  header_score * 0.20 +
37
  body_score * 0.25 +
38
+ behavior_score * 0.30 +
39
  url_score * 0.15 +
40
  attachment_score * 0.10
41
  )
 
47
  reasoning.append(f"Attachment contribution: {attachment_score * 0.10:.1f}")
48
 
49
  # -------------------------
50
+ # AUTHENTICATION BOOST
51
  # -------------------------
52
  if auth_results.get("dmarc") == "fail":
53
  final_score += 10
54
+ reasoning.append("DMARC failed β†’ +10")
55
 
56
  if auth_results.get("spf") == "fail":
57
  final_score += 5
58
+ reasoning.append("SPF failed β†’ +5")
59
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
60
  final_score = min(int(final_score), 100)
61
 
62
  # -------------------------
63
+ # VERDICT
64
  # -------------------------
65
  if final_score >= 70:
66
  verdict = "🚨 Malicious"