Spaces:
Configuration error
Configuration error
File size: 21,228 Bytes
591f049 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 |
import os
import gc
import re
import torch
import numpy as np
import firebase_admin
from firebase_admin import credentials, db
from fastapi import FastAPI, Form, Request
from fastapi.responses import HTMLResponse
from transformers import (
AutoTokenizer,
AutoConfig,
DistilBertForSequenceClassification,
T5ForConditionalGeneration,
T5Tokenizer
)
from lime.lime_text import LimeTextExplainer
import uuid
from datetime import datetime
# FIREBASE INITIALIZATION
# Ensure your serviceAccountKey.json is in the same directory
if not firebase_admin._apps:
cred = credentials.Certificate("serviceAccountKey.json")
firebase_admin.initialize_app(cred, {
'databaseURL': 'https://your-project-id.firebaseio.com/' # <--- Add Firebase URL here
})
app = FastAPI()
# Global variables
tokenizer = None
model = None
explainer = LimeTextExplainer(class_names=["LEGITIMATE", "PHISHING"])
gen_tokenizer = None
gen_model = None
MODEL_DIR = "phishing_model_optimized"
WEIGHTS_NAME = "quantized_model.pt"
# PHISHING INDICATOR PATTERNS (Original Rule-Based)
PHISHING_PATTERNS = {
"urgency": [
r"\bimmediate(ly)?\b", r"\burgent(ly)?\b", r"\bact now\b",
r"\baction required\b", r"\bwithin \d+ (hour|minute|day)s?\b",
r"\bexpir(e|es|ing|ed)\b", r"\bsuspended\b", r"\bcompromised\b",
r"\bverify (now|immediately|your)\b", r"\bfailure to\b",
r"\bpermanent(ly)?\b", r"\bdelete(d)?\b", r"\block(ed)?\b"
],
"threat": [
r"\baccount.*(suspend|terminat|delet|lock|compromis)\w*",
r"\b(suspend|terminat|delet|lock|compromis)\w*.*account\b",
r"\blegal action\b", r"\bpenalt(y|ies)\b", r"\bconsequences\b"
],
"credential_request": [
r"\bpassword\b", r"\bverify your (identity|account|email)\b",
r"\bconfirm your\b", r"\bupdate.*(payment|billing|account)\b",
r"\bssn\b", r"\bcredit card\b", r"\bbank account\b"
],
"suspicious_links": [
r"https?://[^\s]*\.(xyz|tk|ml|ga|cf|gq|top|club|online)/",
r"https?://[^\s]*-[^\s]*\.(com|net|org)/",
r"https?://\d+\.\d+\.\d+\.\d+",
r"bit\.ly|tinyurl|short\.link|t\.co",
r"click.*here|click.*below|click.*link"
],
"impersonation": [
r"\b(paypal|amazon|netflix|apple|microsoft|google|bank)\b",
r"\bcustomer (service|support)\b", r"\bsecurity (team|department)\b"
]
}
def detect_phishing_indicators(text: str) -> dict:
text_lower = text.lower()
detected = {cat: [] for cat in PHISHING_PATTERNS}
for category, patterns in PHISHING_PATTERNS.items():
for pattern in patterns:
matches = re.findall(pattern, text_lower, re.IGNORECASE)
if matches:
detected[category].extend(matches if isinstance(matches[0], str) else [m[0] for m in matches])
for category in detected:
detected[category] = list(set(detected[category]))
return detected
def calculate_phishing_score(indicators: dict) -> float:
weights = {"urgency": 0.25, "threat": 0.25, "credential_request": 0.20, "suspicious_links": 0.20, "impersonation": 0.10}
score = 0.0
for category, weight in weights.items():
if indicators[category]:
category_score = min(len(indicators[category]) * 0.4, 1.0)
score += weight * category_score
return min(score, 1.0)
def get_confidence_label(confidence: float) -> str:
"""Determine confidence level descriptor based on score"""
if confidence >= 0.90:
return "high confidence"
elif confidence >= 0.70:
return "moderate confidence"
else:
return "low confidence"
def generate_explanation_with_flan(indicators: dict, label: str, confidence: float, email_text: str) -> str:
"""Generate high-quality natural language explanation using FLAN-T5"""
# Get confidence level descriptor
confidence_level = get_confidence_label(confidence)
# Build detailed indicator analysis
indicator_details = []
urgency_count = len(indicators["urgency"])
threat_count = len(indicators["threat"])
cred_count = len(indicators["credential_request"])
link_count = len(indicators["suspicious_links"])
imperson_count = len(indicators["impersonation"])
if urgency_count > 0:
urgency_examples = ', '.join([f'"{item}"' for item in indicators['urgency'][:2]])
indicator_details.append(f"high urgency language ({urgency_count} instances: {urgency_examples})")
if threat_count > 0:
threat_examples = ', '.join([f'"{item}"' for item in indicators['threat'][:2]])
indicator_details.append(f"threatening tone ({threat_count} instances: {threat_examples})")
if cred_count > 0:
cred_examples = ', '.join([f'"{item}"' for item in indicators['credential_request'][:2]])
indicator_details.append(f"credential requests ({cred_count} instances: {cred_examples})")
if link_count > 0:
indicator_details.append(f"suspicious links ({link_count} detected)")
if imperson_count > 0:
brands = ', '.join(indicators['impersonation'][:2])
indicator_details.append(f"brand impersonation attempts ({brands})")
# Create sophisticated prompts based on label
if label == "PHISHING":
indicators_summary = "; ".join(indicator_details) if indicator_details else "general phishing patterns"
prompt = f"""You are a cybersecurity expert. Explain why this email is phishing:
Email sample: "{email_text[:250]}"
Detected threats: {indicators_summary}
Write a clear 2-sentence explanation that:
1. States the classification with confidence level
2. Describes specific malicious tactics (urgency, social engineering, credential harvesting, clickbait)
3. Uses professional security terminology
Explanation:"""
else: # LEGITIMATE
safe_indicators = []
if not indicators["urgency"] and not indicators["threat"]:
safe_indicators.append("no urgency or threat language")
if not indicators["credential_request"]:
safe_indicators.append("no credential requests")
if not indicators["suspicious_links"]:
safe_indicators.append("no suspicious links")
if not indicators["impersonation"]:
safe_indicators.append("no brand impersonation")
safety_summary = ", ".join(safe_indicators) if safe_indicators else "standard communication patterns"
prompt = f"""You are a cybersecurity expert. Explain why this email is legitimate:
Email sample: "{email_text[:250]}"
Safety indicators: {safety_summary}
Write a clear 2-sentence explanation that:
1. States the classification with confidence level
2. Notes the absence of social-engineering cues, suspicious tokens, or phishing tactics
3. Uses professional security terminology
Explanation:"""
try:
# Tokenize the prompt
inputs = gen_tokenizer(
prompt,
return_tensors="pt",
max_length=512,
truncation=True
)
# Generate explanation with optimized parameters
with torch.no_grad():
outputs = gen_model.generate(
inputs.input_ids,
max_length=180,
min_length=40,
num_beams=5,
length_penalty=1.2,
early_stopping=True,
temperature=0.8,
top_p=0.92,
do_sample=False,
no_repeat_ngram_size=3
)
# Decode the generated text
explanation = gen_tokenizer.decode(outputs[0], skip_special_tokens=True)
# Post-process: add confidence level prefix
explanation = f"The email was classified as {label} with {confidence_level} ({confidence:.2f}). {explanation}"
return explanation
except Exception as e:
print(f"FLAN-T5 generation error: {e}")
# Enhanced fallback explanations
if label == "PHISHING":
reasons = []
if indicators["urgency"]: reasons.append("uses high urgency tactics")
if indicators["threat"]: reasons.append("contains threatening language")
if indicators["credential_request"]: reasons.append("attempts credential harvesting")
if indicators["suspicious_links"]: reasons.append("includes clickbait keywords")
reason_text = " and ".join(reasons) if reasons else "exhibits fraudulent patterns"
return f"The email was classified as PHISHING with {confidence_level} ({confidence:.2f}). The email {reason_text} suggesting a social-engineering attempt to capture sensitive information."
else:
return f"The email was classified as LEGITIMATE with {confidence_level} ({confidence:.2f}). The message appears routine and contains no social-engineering cues or suspicious tokens."
@app.on_event("startup")
def load_models():
global tokenizer, model, gen_tokenizer, gen_model
base_path = os.path.dirname(os.path.abspath(__file__))
model_path = os.path.join(base_path, MODEL_DIR)
weights_path = os.path.join(model_path, WEIGHTS_NAME)
gc.collect()
try:
# Load DistilBERT for classification
tokenizer = AutoTokenizer.from_pretrained(model_path, local_files_only=True)
config = AutoConfig.from_pretrained(model_path, local_files_only=True)
base_model = DistilBertForSequenceClassification(config)
model = torch.quantization.quantize_dynamic(base_model, {torch.nn.Linear}, dtype=torch.qint8)
if os.path.exists(weights_path):
model.load_state_dict(torch.load(weights_path, map_location='cpu'))
model.eval()
# Load FLAN-T5 for explanation generation
print("Loading FLAN-T5 for explanation generation...")
gen_tokenizer = T5Tokenizer.from_pretrained("google/flan-t5-small", legacy=False)
gen_model = T5ForConditionalGeneration.from_pretrained("google/flan-t5-small")
gen_model.eval()
print("FLAN-T5 loaded successfully!")
except Exception as e:
print(f"Load Error: {e}")
def predictor(texts):
probs_list = []
for text in texts:
inputs = tokenizer(text, return_tensors="pt", truncation=True, padding=True, max_length=256)
with torch.no_grad():
outputs = model(**inputs)
probs = torch.softmax(outputs.logits, dim=1).numpy()
probs_list.append(probs[0])
return np.array(probs_list)
def hybrid_predict(email_text: str) -> tuple:
ml_probs = predictor([email_text])[0]
indicators = detect_phishing_indicators(email_text)
rule_score = calculate_phishing_score(indicators)
# Combine scores based on your logic
if rule_score > 0.5: combined_prob = (ml_probs[1] * 0.3) + (rule_score * 0.7)
elif rule_score > 0.2: combined_prob = (ml_probs[1] * 0.5) + (rule_score * 0.5)
else: combined_prob = (ml_probs[1] * 0.7) + (rule_score * 0.3)
label = "PHISHING" if combined_prob >= 0.5 else "LEGITIMATE"
confidence = combined_prob if label == "PHISHING" else 1 - combined_prob
return label, confidence, indicators
@app.get("/", response_class=HTMLResponse)
async def index():
return """
<html>
<head><title>Robust Explainable Phishing Classification</title></head>
<body style="font-family: sans-serif; background: #f4f7f6; display: flex; justify-content: center; padding-top: 50px;">
<div style="background: white; padding: 40px; border-radius: 15px; box-shadow: 0 10px 30px rgba(0,0,0,0.1); width: 800px;">
<form action="/predict" method="post">
<textarea name="email_text" rows="10" style="width: 100%; padding: 10px;" placeholder="Paste email here..." required></textarea>
<button type="submit" style="width: 100%; background: #007bff; color: white; padding: 15px; margin-top: 10px; border: none; cursor: pointer; border-radius: 8px;">Analyze & Explain</button>
</form>
</div>
</body>
</html>
"""
@app.post("/predict", response_class=HTMLResponse)
async def predict(email_text: str = Form(...)):
label, confidence, indicators = hybrid_predict(email_text)
# Generate unique token for this analysis
unique_token = str(uuid.uuid4())[:8].upper()
timestamp = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
# Store analysis data in Firebase for reference
analysis_ref = db.reference('/analysis_records')
analysis_ref.child(unique_token).set({
'timestamp': timestamp,
'label': label,
'confidence': float(confidence),
'email_length': len(email_text)
})
# Get LIME explanation for technical keywords
try:
exp = explainer.explain_instance(email_text, predictor, num_features=6, num_samples=100)
keyword_str = ", ".join([word for word, weight in exp.as_list() if abs(weight) > 0.01])
except:
keyword_str = "analysis unavailable"
# Generate natural language explanation using FLAN-T5
clean_explanation = generate_explanation_with_flan(indicators, label, confidence, email_text)
color = "#dc3545" if label == "PHISHING" else "#28a745"
# HTML Result with Enhanced Feedback Form
return f"""
<div style="font-family: sans-serif; max-width: 900px; margin: auto; padding: 20px;">
<div style="background: {color}; color: white; padding: 20px; border-radius: 20px; text-align: center;">
<h1 style="margin: 0;">{label}</h1>
<p>Confidence: {confidence:.2%}</p>
</div>
<div style="background: white; padding: 30px; border-radius: 15px; margin-top: 30px; box-shadow: 0 5px 15px rgba(0,0,0,0.05);">
<h3>Security Analysis (FLAN-T5 Generated)</h3>
<p style="font-size: 1.1em;">{clean_explanation}</p>
<p><b>Technical Triggers (LIME):</b> {keyword_str}</p>
<hr style="margin: 40px 0;">
<h3>Help Us Improve (XAI Evaluation)</h3>
<div style="background: #f8f9fa; padding: 15px; border-radius: 8px; margin-bottom: 20px;">
<p style="margin: 5px 0;"><b>Analysis Token:</b> <span style="font-family: monospace; font-size: 1.2em; color: {color}; font-weight: bold;">{unique_token}</span></p>
<p style="margin: 5px 0; font-size: 0.9em; color: #666;">Please save this token for your records</p>
</div>
<form action="/feedback" method="post">
<input type="hidden" name="token" value="{unique_token}">
<table style="width: 100%; border-collapse: collapse; margin: 20px 0;">
<thead>
<tr style="background: #f1f3f5;">
<th style="padding: 15px; text-align: left; border: 1px solid #dee2e6; width: 50%;">Evaluation Criteria</th>
<th style="padding: 10px; text-align: center; border: 1px solid #dee2e6; width: 10%;">1</th>
<th style="padding: 10px; text-align: center; border: 1px solid #dee2e6; width: 10%;">2</th>
<th style="padding: 10px; text-align: center; border: 1px solid #dee2e6; width: 10%;">3</th>
<th style="padding: 10px; text-align: center; border: 1px solid #dee2e6; width: 10%;">4</th>
<th style="padding: 10px; text-align: center; border: 1px solid #dee2e6; width: 10%;">5</th>
</tr>
</thead>
<tbody>
<tr>
<td style="padding: 15px; border: 1px solid #dee2e6; background: #fff;">
<b>1. Decision Clarity:</b><br>
<span style="font-size: 0.9em; color: #666;">The explanation helped me understand the result.</span>
</td>
<td style="padding: 10px; text-align: center; border: 1px solid #dee2e6;">
<input type="radio" name="understanding" value="1" required style="width: 20px; height: 20px; cursor: pointer;">
</td>
<td style="padding: 10px; text-align: center; border: 1px solid #dee2e6;">
<input type="radio" name="understanding" value="2" style="width: 20px; height: 20px; cursor: pointer;">
</td>
<td style="padding: 10px; text-align: center; border: 1px solid #dee2e6;">
<input type="radio" name="understanding" value="3" style="width: 20px; height: 20px; cursor: pointer;">
</td>
<td style="padding: 10px; text-align: center; border: 1px solid #dee2e6;">
<input type="radio" name="understanding" value="4" style="width: 20px; height: 20px; cursor: pointer;">
</td>
<td style="padding: 10px; text-align: center; border: 1px solid #dee2e6;">
<input type="radio" name="understanding" value="5" style="width: 20px; height: 20px; cursor: pointer;">
</td>
</tr>
<tr>
<td style="padding: 15px; border: 1px solid #dee2e6; background: #f8f9fa;">
<b>2. Information Focus:</b><br>
<span style="font-size: 0.9em; color: #666;">The explanation was concise and essential.</span>
</td>
<td style="padding: 10px; text-align: center; border: 1px solid #dee2e6; background: #f8f9fa;">
<input type="radio" name="clarity" value="1" required style="width: 20px; height: 20px; cursor: pointer;">
</td>
<td style="padding: 10px; text-align: center; border: 1px solid #dee2e6; background: #f8f9fa;">
<input type="radio" name="clarity" value="2" style="width: 20px; height: 20px; cursor: pointer;">
</td>
<td style="padding: 10px; text-align: center; border: 1px solid #dee2e6; background: #f8f9fa;">
<input type="radio" name="clarity" value="3" style="width: 20px; height: 20px; cursor: pointer;">
</td>
<td style="padding: 10px; text-align: center; border: 1px solid #dee2e6; background: #f8f9fa;">
<input type="radio" name="clarity" value="4" style="width: 20px; height: 20px; cursor: pointer;">
</td>
<td style="padding: 10px; text-align: center; border: 1px solid #dee2e6; background: #f8f9fa;">
<input type="radio" name="clarity" value="5" style="width: 20px; height: 20px; cursor: pointer;">
</td>
</tr>
</tbody>
</table>
<p style="font-size: 0.85em; color: #666; text-align: center; margin-top: 10px;">
Rating Scale: 1 = Strongly Disagree | 5 = Strongly Agree
</p>
<button type="submit" style="width: 100%; background: #28a745; color: white; padding: 12px; border: none; border-radius: 5px; cursor: pointer; font-size: 1.05em; margin-top: 15px;">Submit Feedback to Firebase</button>
</form>
</div>
<div style="text-align: center; margin-top: 20px;">
<a href="/" style="color: #007bff; text-decoration: none;">← Analyze Another Email</a>
</div>
</div>
"""
@app.post("/feedback")
async def save_feedback(token: str = Form(...), understanding: int = Form(...), clarity: int = Form(...)):
timestamp = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
# Save feedback with token reference
feedback_ref = db.reference('/xai_feedback')
feedback_ref.push({
'token': token,
'understanding': understanding,
'clarity': clarity,
'timestamp': timestamp
})
return HTMLResponse(f"""
<div style="font-family: sans-serif; max-width: 800px; margin: 100px auto; padding: 40px; background: white; border-radius: 15px; box-shadow: 0 10px 30px rgba(0,0,0,0.1); text-align: center;">
<h2 style="color: #28a745;">Feedback Received!</h2>
<p>Thank you for contributing to our research.</p>
<p><b>Your Token:</b> <span style="font-family: monospace; font-size: 1.2em; color: #007bff;">{token}</span></p>
<a href="/" style="display: inline-block; margin-top: 20px; padding: 12px 30px; background: #007bff; color: white; text-decoration: none; border-radius: 5px;">Go back to Home</a>
</div>
""")
if __name__ == "__main__":
import uvicorn
uvicorn.run(app, host="127.0.0.1", port=8000) |