Skip to content

miroslawstaron/cybersecurity_pattern_analysis_system

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

107 Commits
.vscode
.vscode
 
 
__pycache__
__pycache__
 
 
database
database
 
 
pyccflex.egg-info
pyccflex.egg-info
 
 
reference_code
reference_code
 
 
src
src
 
 
templates
templates
 
 
test_data
test_data
 
 
tests
tests
 
 
tools
tools
 
 
workdir/data
workdir/data
 
 
.gitignore
.gitignore
 
 
analysis.py
analysis.py
 
 
app.py
app.py
 
 
ccflex_embeddings.py
ccflex_embeddings.py
 
 
checks.py
checks.py
 
 
codebert_embeddings.py
codebert_embeddings.py
 
 
codex_embeddings.py
codex_embeddings.py
 
 
contents.txt
contents.txt
 
 
cylberta_embeddings.py
cylberta_embeddings.py
 
 
dockerfile
dockerfile
 
 
logfile.log
logfile.log
 
 
main.py
main.py
 
 
mslogging.py
mslogging.py
 
 
parse_arguments.py
parse_arguments.py
 
 
print_header.py
print_header.py
 
 
readme.md
readme.md
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 
setup_dirs.py
setup_dirs.py
 
 
singberta_embeddings.py
singberta_embeddings.py
 
 
single_file_pipeline.py
single_file_pipeline.py
 
 

Repository files navigation

Cybersecurity Component Analysis Tool (CCAT)

This program is a pattern detection program that can detect patterns in a text file. It can detect both cybersecurity patterns and vulnerability patterns.

Usage

To use the program, you need to provide the program with two arguments:

  • -vce: The path to the vulnerability pattern file
  • -me: The path to the code to analyze
  • -m: model used to find similarities - codex or ccflex

Typing '-h' or '--help' will display the help menu.

Example

The directory test_code contains the code for testing of the tool, which can be added as -vce and -me arguments.

Basics

The software uses programming language models to transform each module into an embedding vector and compares the vectors. The comparison is done based on the distances between the modules and the reference code.

The reference code is collected manually as part of a research project and illustrate examples of vulnerabilities as well as their solutions.

The models that are used in this program are:

Repository structure:

  • main.py - the main module to execute with the parameters
  • analysis.py - module that analyzes the distances and find the most similar programs
  • checks.py - module that checks if the environment is set in the correct way
  • codex_embeddings.py - module to extract the embeddings from CodeX using the openAI API
  • mslogging.py - logging module (not used at the moment)
  • parse_arguments.py - module to parse the arguments from the command line
  • print_header.py - module to print the header and footer of the program
  • setup_dirs.py - module that sets up the directories for the product

Ways to execute

There are three ways to use it:

  1. python main.py + the parameters above
  2. As a web app - python app.py - send JSON strings there. The endpoint "/" on port 5000 provides an instruction how to use it
  3. As a docker container - pull it from hub.docker.com: miroslawstaron/ccsat

Authors

Miroslaw Staron, email (C) Miroslaw Staron, 2021-2023

About

Demonstrator of PLM based security analyzer

Topics

security programming metrics language-model

Resources

Readme
Activity

Stars

1 star

Watchers

4 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages