Spaces:
Sleeping
Sleeping
Update scoring_engine.py
Browse files- scoring_engine.py +28 -52
scoring_engine.py
CHANGED
|
@@ -7,90 +7,66 @@ def compute_final_score(
|
|
| 7 |
url_score: int,
|
| 8 |
attachment_score: int,
|
| 9 |
behavior_score: int,
|
|
|
|
| 10 |
header_findings: list,
|
| 11 |
body_findings: list,
|
| 12 |
url_findings: list,
|
| 13 |
attachment_findings: list,
|
| 14 |
-
behavior_findings: list,
|
| 15 |
auth_results: dict,
|
| 16 |
):
|
| 17 |
"""
|
| 18 |
-
Correlation-based scoring engine
|
| 19 |
-
Returns: final_score, verdict, reasoning[]
|
| 20 |
"""
|
| 21 |
|
| 22 |
reasoning = []
|
| 23 |
|
| 24 |
# -------------------------
|
| 25 |
-
# BASE SCORE
|
| 26 |
# -------------------------
|
| 27 |
final_score = (
|
| 28 |
header_score * 0.20 +
|
| 29 |
body_score * 0.25 +
|
| 30 |
-
behavior_score * 0.30 +
|
| 31 |
url_score * 0.15 +
|
| 32 |
attachment_score * 0.10
|
| 33 |
)
|
| 34 |
|
| 35 |
-
reasoning.append(f"Header
|
| 36 |
-
reasoning.append(f"Body
|
| 37 |
-
reasoning.append(f"Behavior
|
| 38 |
-
reasoning.append(f"URL
|
| 39 |
-
reasoning.append(f"Attachment
|
| 40 |
|
| 41 |
# -------------------------
|
| 42 |
-
#
|
| 43 |
# -------------------------
|
| 44 |
if auth_results.get("dmarc") == "fail":
|
| 45 |
final_score += 10
|
| 46 |
-
reasoning.append("DMARC failed β +10
|
| 47 |
|
| 48 |
if auth_results.get("spf") == "fail":
|
| 49 |
final_score += 5
|
| 50 |
-
reasoning.append("SPF failed β +5
|
| 51 |
|
| 52 |
# -------------------------
|
| 53 |
-
#
|
| 54 |
# -------------------------
|
| 55 |
-
if
|
| 56 |
-
final_score
|
| 57 |
-
reasoning.append("Behavior + Header correlation β +10")
|
| 58 |
-
|
| 59 |
-
if behavior_score >= 40 and url_score > 0:
|
| 60 |
-
final_score += 10
|
| 61 |
-
reasoning.append("Behavior + URL correlation β +10")
|
| 62 |
-
|
| 63 |
-
if behavior_score >= 50:
|
| 64 |
-
final_score += 15
|
| 65 |
-
reasoning.append("High-confidence behavioral attack β +15")
|
| 66 |
-
|
| 67 |
-
# -------------------------
|
| 68 |
-
# BEHAVIORAL HARD OVERRIDES
|
| 69 |
-
# -------------------------
|
| 70 |
-
if any("sextortion" in f.lower() for f in behavior_findings):
|
| 71 |
-
final_score = max(final_score, 75)
|
| 72 |
-
reasoning.append("Sextortion behavior detected β force score β₯ 75")
|
| 73 |
-
|
| 74 |
-
elif behavior_score >= 70:
|
| 75 |
-
final_score = max(final_score, 65)
|
| 76 |
-
reasoning.append("Strong behavioral attack detected β force score β₯ 65")
|
| 77 |
-
|
| 78 |
-
|
| 79 |
-
|
| 80 |
-
|
| 81 |
-
# -------------------------
|
| 82 |
-
# CLAMP SCORE
|
| 83 |
-
# -------------------------
|
| 84 |
-
final_score = min(int(final_score), 100)
|
| 85 |
-
|
| 86 |
-
# -------------------------
|
| 87 |
-
# VERDICT
|
| 88 |
-
# -------------------------
|
| 89 |
-
if final_score >= 70:
|
| 90 |
verdict = "π¨ Malicious"
|
| 91 |
-
|
| 92 |
-
verdict = "β οΈ Suspicious"
|
| 93 |
else:
|
| 94 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 95 |
|
|
|
|
| 96 |
return final_score, verdict, reasoning
|
|
|
|
| 7 |
url_score: int,
|
| 8 |
attachment_score: int,
|
| 9 |
behavior_score: int,
|
| 10 |
+
behavior_attack: str,
|
| 11 |
header_findings: list,
|
| 12 |
body_findings: list,
|
| 13 |
url_findings: list,
|
| 14 |
attachment_findings: list,
|
|
|
|
| 15 |
auth_results: dict,
|
| 16 |
):
|
| 17 |
"""
|
| 18 |
+
Correlation-based scoring engine with behavioral authority
|
|
|
|
| 19 |
"""
|
| 20 |
|
| 21 |
reasoning = []
|
| 22 |
|
| 23 |
# -------------------------
|
| 24 |
+
# BASE WEIGHTED SCORE
|
| 25 |
# -------------------------
|
| 26 |
final_score = (
|
| 27 |
header_score * 0.20 +
|
| 28 |
body_score * 0.25 +
|
| 29 |
+
behavior_score * 0.30 +
|
| 30 |
url_score * 0.15 +
|
| 31 |
attachment_score * 0.10
|
| 32 |
)
|
| 33 |
|
| 34 |
+
reasoning.append(f"Header contribution: {header_score * 0.20:.1f}")
|
| 35 |
+
reasoning.append(f"Body contribution: {body_score * 0.25:.1f}")
|
| 36 |
+
reasoning.append(f"Behavior contribution: {behavior_score * 0.30:.1f}")
|
| 37 |
+
reasoning.append(f"URL contribution: {url_score * 0.15:.1f}")
|
| 38 |
+
reasoning.append(f"Attachment contribution: {attachment_score * 0.10:.1f}")
|
| 39 |
|
| 40 |
# -------------------------
|
| 41 |
+
# AUTHENTICATION BOOST
|
| 42 |
# -------------------------
|
| 43 |
if auth_results.get("dmarc") == "fail":
|
| 44 |
final_score += 10
|
| 45 |
+
reasoning.append("DMARC failed β +10")
|
| 46 |
|
| 47 |
if auth_results.get("spf") == "fail":
|
| 48 |
final_score += 5
|
| 49 |
+
reasoning.append("SPF failed β +5")
|
| 50 |
|
| 51 |
# -------------------------
|
| 52 |
+
# π₯ BEHAVIORAL HARD OVERRIDE
|
| 53 |
# -------------------------
|
| 54 |
+
if behavior_attack.lower() == "sextortion":
|
| 55 |
+
final_score = max(final_score, 85)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 56 |
verdict = "π¨ Malicious"
|
| 57 |
+
reasoning.append("Sextortion detected β forced score β₯ 85")
|
|
|
|
| 58 |
else:
|
| 59 |
+
# -------------------------
|
| 60 |
+
# NORMAL VERDICT LOGIC
|
| 61 |
+
# -------------------------
|
| 62 |
+
final_score = min(int(final_score), 100)
|
| 63 |
+
|
| 64 |
+
if final_score >= 70:
|
| 65 |
+
verdict = "π¨ Malicious"
|
| 66 |
+
elif final_score >= 40:
|
| 67 |
+
verdict = "β οΈ Suspicious"
|
| 68 |
+
else:
|
| 69 |
+
verdict = "β
Safe"
|
| 70 |
|
| 71 |
+
final_score = min(int(final_score), 100)
|
| 72 |
return final_score, verdict, reasoning
|