Hugging Face's logo

Spaces:
nyasukun
/
llm-threat-graph-demo
Running on Zero

App Files Community
llm-threat-graph-demo
File size: 2,534 Bytes 
2c269a8
0bfe434
 
 
 
2c269a8
 
 
 
 
 
 
 
0bfe434
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
 
---
title: LLM Threat Association Analysis
emoji: 🕸️
colorFrom: red
colorTo: purple
sdk: gradio
sdk_version: 5.32.0
app_file: app.py
pinned: false
license: mit
short_description: Can a security-tuned LLM rival STIX’s expressiveness?
---

# 🕸️ LLM Threat Association Analysis

*Visualizing Campaign-Actor-Technique relationships using Language Models*

## Features

- **Campaign-Actor Associations**: Probabilistic analysis using softmax normalization
- **Campaign-Technique Associations**: Independent binary scoring with length normalization
- **Customizable Prompt Templates**: Edit templates for different analysis scenarios
- **Interactive Heatmaps**: Matplotlib/Seaborn visualizations
- **ZeroGPU Support**: Optimized for Hugging Face Spaces GPU infrastructure

## ZeroGPU Configuration

This Space is optimized for ZeroGPU deployment with the following configuration:

### Environment Variables Required

Set these in your Space settings:

**Secret Variables:**
- `HF_TOKEN`: Your Hugging Face access token

**Regular Variables:**
- `ZEROGPU_V2=true`: Enables ZeroGPU v2
- `ZERO_GPU_PATCH_TORCH_DEVICE=1`: Enables device patching for PyTorch

### Technical Specifications

- **GPU Type**: NVIDIA H200 slice
- **Available VRAM**: 70GB per workload
- **PyTorch Version**: 2.4.0 (ZeroGPU compatible)
- **Gradio Version**: 5.29.0

## Usage

1. **Enter Campaigns**: Comma-separated list of threat campaigns
2. **Configure Prompt Templates**: Customize the language patterns used for analysis
3. **Select Actors/Techniques**: Enter relevant threat actors and techniques
4. **Generate Heatmaps**: Click buttons to create visualizations

## Installation

For local development:

```bash
pip install -r requirements.txt
python app.py
```

## Architecture

### Campaign-Actor Analysis
- Uses `P(actor | "{campaign} is conducted by")` with softmax normalization
- Results in probability distributions (sum to 1.0 per campaign)
- Shows relative likelihood of actor attribution

### Campaign-Technique Analysis  
- Uses binary association scoring with length normalization
- Independent scores for each campaign-technique pair
- Accounts for phrase length bias in language models

## Model Support

Currently supports any Hugging Face transformers model. Default model is `sshleifer/tiny-gpt2` for demonstration purposes.

To use a different model, update the `MODEL_NAME` variable in `app.py`.

## References

Based on the ZeroGPU usage guide: https://huggingface.co/spaces/nyasukun/compare-security-models/blob/main/zerogpu.md