import os import re import gradio as gr from datetime import datetime import tempfile import io import base64 # Check for required dependencies try: import fitz # PyMuPDF PDF_SUPPORT = True except ImportError: PDF_SUPPORT = False print("Warning: PyMuPDF not available, PDF support disabled") try: from gtts import gTTS TTS_SUPPORT = True except ImportError: TTS_SUPPORT = False print("Warning: gTTS not available, audio synthesis disabled") try: from groq import Groq GROQ_SUPPORT = True except ImportError: GROQ_SUPPORT = False print("Warning: Groq not available") try: from transformers import pipeline HF_TRANSFORMERS_SUPPORT = True except ImportError: HF_TRANSFORMERS_SUPPORT = False print("Warning: Transformers not available") # ✅ Load secrets from environment with better error handling groq_key = os.environ.get('GROQ_API_KEY') hf_token = os.environ.get('HF_TOKEN') kaggle_key = os.environ.get('KAGGLE_KEY') kaggle_username = os.environ.get('KAGGLE_USERNAME') # Ensure none of the required secrets are missing if not all([groq_key, hf_token]): raise EnvironmentError("❌ One or more required API keys are missing from environment variables.") # Initialize components with fallbacks client = None phishing_pipe = None if GROQ_SUPPORT and groq_key: try: client = Groq(api_key=groq_key) print("✅ Groq client initialized") except Exception as e: print(f"❌ Groq initialization failed: {e}") if HF_TRANSFORMERS_SUPPORT and hf_token: try: phishing_pipe = pipeline( "text-classification", model="ealvaradob/bert-finetuned-phishing", token=hf_token, return_all_scores=True ) print("✅ Phishing detection model loaded") except Exception as e: print(f"❌ Model loading failed: {e}") # Try alternative model try: phishing_pipe = pipeline( "text-classification", model="martin-ha/toxic-comment-model", return_all_scores=True ) print("✅ Fallback model loaded") except Exception as e2: print(f"❌ Fallback model also failed: {e2}") # Global variables history_log = [] detailed_log = [] # 🎯 Role options role_choices = ["Procurement", "Warehouse", "Admin", "Finance", "Logistics"] # 🌍 Language options language_choices = [ "English", "Urdu", "Arabic", "French", "German", "Spanish", "Portuguese", "Hindi", "Turkish", "Bengali", "Russian", "Chinese", "Japanese", "Korean", "Swahili", "Indonesian", "Italian", "Dutch", "Polish", "Thai", "Vietnamese", "Romanian", "Persian", "Punjabi", "Greek", "Hebrew", "Malay", "Czech", "Danish", "Finnish", "Hungarian", "Norwegian", "Slovak", "Swedish", "Tamil", "Telugu", "Gujarati", "Marathi", "Pashto", "Serbian", "Croatian", "Ukrainian", "Bulgarian", "Filipino", "Sinhala", "Mongolian", "Kazakh", "Azerbaijani", "Nepali", "Malayalam" ] # Glossary terms with tooltip GLOSSARY = { "phishing": "Phishing is a scam where attackers trick you into revealing personal information.", "domain spoofing": "Domain spoofing is when someone fakes a legitimate website's address to deceive you.", "malware": "Malicious software designed to harm or exploit systems.", "spam": "Unwanted or unsolicited messages.", "tone": "The emotional character of the message." } def extract_text_from_file(file_obj): """Extract text from uploaded files with error handling""" if file_obj is None: return "" try: file_path = file_obj.name if hasattr(file_obj, 'name') else str(file_obj) ext = file_path.split(".")[-1].lower() if ext == "pdf" and PDF_SUPPORT: doc = fitz.open(file_path) return "\n".join(page.get_text() for page in doc) elif ext == "txt": with open(file_path, "r", encoding="utf-8", errors="ignore") as f: return f.read() else: return f"Unsupported file type: {ext}" except Exception as e: return f"Error reading file: {str(e)}" def rag_based_reranking(text, bert_analysis, language="English"): """ RAG/Prompt-Based Reranking: Use LLaMA to reanalyze and improve BERT's classification This adds semantic analysis and intent understanding """ try: # Create prompt for LLaMA semantic reanalysis reranking_prompt = [ { "role": "system", "content": f""" You are an expert cybersecurity analyst specializing in phishing detection. Your job is to reanalyze email/message content using semantic understanding and intent analysis. You have received a preliminary classification from a BERT model, but you need to provide a more accurate assessment using your understanding of: - Social engineering tactics - Urgency patterns - Suspicious requests - Context and intent - Language patterns that indicate deception Respond with your reanalysis in this exact format: REANALYZED_THREAT_TYPE: [safe/spam/phishing/malware] CONFIDENCE_LEVEL: [low/medium/high] REASONING: [Brief explanation of your decision] SEMANTIC_INDICATORS: [What semantic clues led to this conclusion] """ }, { "role": "user", "content": f""" ORIGINAL MESSAGE TO ANALYZE: "{text}" BERT MODEL'S PRELIMINARY ANALYSIS: - Classification: {bert_analysis.get('model_prediction', 'Unknown')} - Threat Type: {bert_analysis.get('threat_type', 'unknown')} - AI Confidence: {bert_analysis.get('ai_confidence_score', 0)}% TASK: Does this message pose a phishing, spam, malware, or other security risk? Use your semantic understanding to reanalyze this message. Consider: 1. Intent and context 2. Social engineering patterns 3. Urgency or pressure tactics 4. Suspicious requests (credentials, money, personal info) 5. Language patterns that suggest deception 6. Overall trustworthiness Provide your reanalysis using the format specified above. """ } ] # Get LLaMA's semantic reanalysis response = client.chat.completions.create( model="llama3-8b-8192", messages=reranking_prompt, temperature=0.1, # Low temperature for consistent analysis max_tokens=500 ) llama_response = response.choices[0].message.content.strip() # Parse LLaMA's response reanalysis = parse_llama_reanalysis(llama_response) # Combine BERT and LLaMA insights final_analysis = combine_bert_llama_analysis(bert_analysis, reanalysis, text) return final_analysis except Exception as e: print(f"RAG Reranking failed: {e}") # Fallback to original BERT analysis bert_analysis['rag_error'] = str(e) return bert_analysis def parse_llama_reanalysis(llama_response): """Parse LLaMA's structured response""" reanalysis = { 'llama_threat_type': 'unknown', 'llama_confidence': 'medium', 'llama_reasoning': '', 'semantic_indicators': '' } lines = llama_response.split('\n') for line in lines: line = line.strip() if line.startswith('REANALYZED_THREAT_TYPE:'): reanalysis['llama_threat_type'] = line.split(':', 1)[1].strip().lower() elif line.startswith('CONFIDENCE_LEVEL:'): reanalysis['llama_confidence'] = line.split(':', 1)[1].strip().lower() elif line.startswith('REASONING:'): reanalysis['llama_reasoning'] = line.split(':', 1)[1].strip() elif line.startswith('SEMANTIC_INDICATORS:'): reanalysis['semantic_indicators'] = line.split(':', 1)[1].strip() return reanalysis def combine_bert_llama_analysis(bert_analysis, llama_reanalysis, original_text): """ Combine BERT and LLaMA analysis using hybrid decision logic LLaMA's semantic understanding gets priority for final classification """ # Get both predictions bert_threat = bert_analysis.get('threat_type', 'unknown') llama_threat = llama_reanalysis.get('llama_threat_type', 'unknown') llama_confidence = llama_reanalysis.get('llama_confidence', 'medium') # Hybrid decision logic if llama_confidence == 'high': # Trust LLaMA's high-confidence assessment final_threat_type = llama_threat decision_method = "LLaMA High Confidence" elif bert_threat == llama_threat: # Both models agree - high confidence in result final_threat_type = bert_threat decision_method = "BERT + LLaMA Agreement" elif llama_threat == 'safe' and bert_threat in ['spam', 'unknown']: # LLaMA says safe, BERT unsure - lean towards safe final_threat_type = 'safe' decision_method = "LLaMA Safety Override" elif llama_threat in ['phishing', 'malware'] and bert_threat != 'safe': # LLaMA detects serious threat - prioritize security final_threat_type = llama_threat decision_method = "LLaMA Threat Detection" else: # Default to BERT with LLaMA insights final_threat_type = bert_threat decision_method = "BERT with LLaMA Insights" # Create enhanced analysis combining both models enhanced_analysis = bert_analysis.copy() enhanced_analysis.update({ 'final_threat_type': final_threat_type, 'bert_prediction': bert_threat, 'llama_prediction': llama_threat, 'llama_confidence': llama_confidence, 'llama_reasoning': llama_reanalysis.get('llama_reasoning', ''), 'semantic_indicators': llama_reanalysis.get('semantic_indicators', ''), 'decision_method': decision_method, 'hybrid_analysis': True }) # Recalculate threat score based on final classification enhanced_analysis['threat_type'] = final_threat_type threat_score = calculate_threat_score(enhanced_analysis) enhanced_analysis['threat_score'] = threat_score return enhanced_analysis def calculate_threat_score(hf_analysis): """ Calculate threat score based on AI analysis results Returns score from 0-100 where higher means more dangerous """ threat_type = hf_analysis.get('threat_type', 'unknown') confidence_percentage = hf_analysis.get('ai_confidence_score', 0) if threat_type == 'safe': # For safe messages, use INVERSE of confidence # High confidence in "safe" = Low threat score threat_score = max(0, min(20, (100 - confidence_percentage) * 0.2)) elif threat_type == 'spam': # For spam, map confidence to 21-40% range threat_score = 21 + (confidence_percentage * 0.19) elif threat_type == 'phishing': # For phishing, map confidence to 61-80% range threat_score = 61 + (confidence_percentage * 0.19) elif threat_type == 'malware': # For malware, map confidence to 81-100% range threat_score = 81 + (confidence_percentage * 0.19) else: # For unknown threats, use moderate risk threat_score = 41 + (confidence_percentage * 0.19) # Ensure score stays within bounds threat_score = round(min(100, max(0, threat_score)), 1) # Additional safety check for very short, innocent messages text = hf_analysis.get('raw_text', '') if len(text.strip()) <= 10 and threat_type == 'safe': threat_score = min(threat_score, 10.0) return threat_score def analyze_with_huggingface(text): """ First stage: Analyze message using Hugging Face BERT model Returns detailed technical analysis for LLaMA to interpret FIXED VERSION: Properly handles safe messages like "HI" """ try: # Get prediction from Hugging Face model result = phishing_pipe(text) # Extract prediction details prediction = result[0] label = prediction['label'] confidence_score = prediction['score'] # Convert to percentage confidence_percentage = round(confidence_score * 100, 2) # Map labels to threat types (adjust based on your model's labels) threat_mapping = { 'PHISHING': 'phishing', 'LEGITIMATE': 'safe', 'SPAM': 'spam', 'MALWARE': 'malware' } threat_type = threat_mapping.get(label.upper(), 'unknown') # FIXED LOGIC: Calculate threat score based on what the model actually detected if threat_type == 'safe': # For safe messages, use INVERSE of confidence # High confidence in "safe" = Low threat score threat_score = max(0, min(20, (100 - confidence_percentage) * 0.2)) threat_level = "Safe" elif threat_type == 'spam': # For spam, map confidence to 21-40% range threat_score = 21 + (confidence_percentage * 0.19) threat_level = "Minimal Suspicion" elif threat_type == 'phishing': # For phishing, map confidence to 61-80% range threat_score = 61 + (confidence_percentage * 0.19) threat_level = "Likely Threat" elif threat_type == 'malware': # For malware, map confidence to 81-100% range threat_score = 81 + (confidence_percentage * 0.19) threat_level = "Severe Threat" else: # For unknown threats, use moderate risk threat_score = 41 + (confidence_percentage * 0.19) threat_level = "Needs Attention" # Ensure score stays within bounds threat_score = round(min(100, max(0, threat_score)), 1) # Additional safety check for very short, innocent messages if len(text.strip()) <= 10 and threat_type == 'safe': # For very short messages classified as safe, ensure low threat score threat_score = min(threat_score, 10.0) threat_level = "Safe" # Create technical analysis summary for LLaMA technical_analysis = { 'model_prediction': label, 'ai_confidence_score': confidence_percentage, 'threat_type': threat_type, 'threat_score': threat_score, 'threat_level': threat_level, 'raw_text': text[:500] } return technical_analysis except Exception as e: # Fallback analysis if Hugging Face model fails return { 'model_prediction': 'UNKNOWN', 'ai_confidence_score': 0, 'threat_type': 'unknown', 'threat_score': 50.0, 'threat_level': 'Needs Attention', 'raw_text': text[:500], 'error': str(e) } def build_enhanced_prompt_messages(hf_analysis, language="English", role="Admin"): """ Build prompt that includes both BERT and LLaMA reanalysis for final interpretation """ # Check if hybrid analysis was performed if hf_analysis.get('hybrid_analysis', False): technical_data = f""" HYBRID AI ANALYSIS RESULTS: - BERT Model Prediction: {hf_analysis.get('bert_prediction', 'Unknown')} - LLaMA Semantic Analysis: {hf_analysis.get('llama_prediction', 'Unknown')} - Final Classification: {hf_analysis['final_threat_type']} - Decision Method: {hf_analysis.get('decision_method', 'Standard')} - LLaMA Confidence: {hf_analysis.get('llama_confidence', 'medium')} - Threat Score: {hf_analysis['threat_score']}% (0-100, higher = more dangerous) - LLaMA Reasoning: {hf_analysis.get('llama_reasoning', 'N/A')} - Semantic Indicators: {hf_analysis.get('semantic_indicators', 'N/A')} - Original Message: "{hf_analysis['raw_text']}" """ else: technical_data = f""" STANDARD AI ANALYSIS: - Model Prediction: {hf_analysis['model_prediction']} - Detected Threat Type: {hf_analysis['threat_type']} - Threat Score: {hf_analysis['threat_score']}% (0-100, higher = more dangerous) - Original Message: "{hf_analysis['raw_text']}" """ if 'error' in hf_analysis or 'rag_error' in hf_analysis: error_msg = hf_analysis.get('error', hf_analysis.get('rag_error', '')) technical_data += f"\n- Analysis Note: {error_msg}" return [ { "role": "system", "content": f""" You are a friendly cybersecurity assistant helping employees in the supply chain industry. You have received results from a hybrid AI analysis system that combines: 1. BERT model for technical pattern detection 2. LLaMA model for semantic understanding and intent analysis Your job is to explain these results in SIMPLE, NON-TECHNICAL language that anyone can understand. Guidelines: - Use everyday words instead of technical jargon - The threat score ranges from 0-100 where higher numbers mean more dangerous - Explain both what the computers found AND why it matters - Give clear, practical advice for a {role} employee - If there's disagreement between models, explain what that means Always respond completely in {language} only. Make it sound like you're talking to a friend, not giving a technical report. """ }, { "role": "user", "content": f""" Please analyze this hybrid security check and explain it in simple terms: {technical_data} Respond in this format using everyday language: 1. Tone: (How does the message sound? Pushy, friendly, normal, etc.) 2. Threat Type: (What kind of danger is this? Safe message, scam attempt, spam, etc.) 3. Threat Score: (Show the danger level number from 0-100) 4. AI Analysis Summary: (What did both computer systems find? Did they agree?) 5. Simple Explanation (in {language}): (Explain in plain words why this is safe or dangerous) 6. What should you do as a {role} worker (in {language}): (Clear, simple steps) 7. Why the computers flagged this: (Explain what the AI systems noticed) 8. Detailed Advisory (in {language}): (Comprehensive guidance and precautions) """ } ] def get_threat_level_display(threat_score): """ Get color-coded threat level display based on corrected 5-level system """ if threat_score <= 20: return "🟢 SAFE - No threat detected" elif threat_score <= 40: return "🟡 MINIMAL SUSPICION - Minor concerns" elif threat_score <= 60: return "🟠 NEEDS ATTENTION - Requires careful review" elif threat_score <= 80: return "🔴 LIKELY THREAT - High probability of danger" else: return "⚫ SEVERE THREAT - Immediate action required" def generate_text_report(analysis_data, hf_analysis, input_text): """ Generate a structured text report that can be downloaded as a .txt file """ timestamp = datetime.now().strftime("%Y-%m-%d %H:%M:%S") report = f""" ================================================================================ ZEROPHISH GATE - SECURITY ANALYSIS REPORT ================================================================================ Analysis Date: {timestamp} Generated by: ZeroPhish Gate AI Security System ================================================================================ ANALYZED MESSAGE ================================================================================ {input_text} ================================================================================ THREAT ASSESSMENT SUMMARY ================================================================================ AI Detection: {hf_analysis.get('model_prediction', 'Unknown')} Message Type: {hf_analysis.get('threat_type', 'Unknown').title()} Threat Score: {hf_analysis.get('threat_score', 'N/A')}% ================================================================================ DETAILED ANALYSIS ================================================================================ """ # Parse detailed analysis sections sections = {} current_section = "" lines = analysis_data.split('\n') for line in lines: line = line.strip() if line.startswith(('1. Tone:', '2. Threat Type:', '3. Threat Score:', '4. Simple Explanation', '5. What should you do', '6. Why the computer', '7. Detailed Advisory')): current_section = line sections[current_section] = "" elif current_section and line and not line.startswith('🤖'): sections[current_section] += line + " " # Add detailed analysis sections section_titles = [ ("1. Tone:", "MESSAGE TONE ANALYSIS"), ("2. Threat Type:", "THREAT CLASSIFICATION"), ("3. Threat Score:", "THREAT SCORE ASSESSMENT"), ("4. Simple Explanation", "DETAILED EXPLANATION"), ("5. What should you do", "RECOMMENDED ACTIONS"), ("6. Why the computer", "AI DETECTION REASONING"), ("7. Detailed Advisory", "COMPREHENSIVE ADVISORY") ] for section_key, section_title in section_titles: content_text = "" for key, value in sections.items(): if key.startswith(section_key): content_text = value.strip() break if content_text: report += f""" {section_title} {'-' * len(section_title)} {content_text} """ # Footer report += f""" ================================================================================ REPORT FOOTER ================================================================================ This report was generated by ZeroPhish Gate AI Security System. For support or questions, contact your IT security team. Report ID: ZPG-{timestamp.replace(' ', 'T').replace(':', '-')} Analysis completed at: {timestamp} ================================================================================ """ return report def generate_downloadable_report(analysis_data, hf_analysis, input_text): """ Generate a downloadable report file """ # Create text report text_report = generate_text_report(analysis_data, hf_analysis, input_text) # Create downloadable file timestamp = datetime.now().strftime("%Y%m%d_%H%M%S") filename = f"zerophish_security_report_{timestamp}.txt" # Create a temporary file for download with tempfile.NamedTemporaryFile(mode='w', suffix='.txt', delete=False, encoding='utf-8') as f: f.write(text_report) temp_path = f.name return temp_path def add_visual_badges(text): tags = [] if "urgent" in text.lower(): tags.append("🔴 Urgent Tone Detected") if "suspicious" in text.lower() and "domain" in text.lower(): tags.append("🗘 Suspicious Domain") if "safe" in text.lower() or "threat type: safe" in text.lower(): tags.append("🟩 Clean") if "ai model" in text.lower(): tags.append("🤖 AI-Enhanced Analysis") if tags: return text + "\n\n🚨 Visual Tags:\n" + "\n".join(tags) return text def apply_glossary_tooltips(text): """Apply HTML tooltips for glossary terms""" # First, convert newlines to HTML breaks text = text.replace('\n', '
') # Apply tooltips to glossary terms for term, definition in GLOSSARY.items(): pattern = re.compile(rf'\b{re.escape(term)}\b', re.IGNORECASE) # Create HTML span with title attribute for tooltip tooltip_html = f'{term}' text = pattern.sub(tooltip_html, text) # Handle markdown-style bold text text = re.sub(r'\*\*(.*?)\*\*', r'\1', text) # Wrap in a simple div html_output = f'
{text}
' return html_output def synthesize_audio(text, language="English"): if not text.strip(): return None try: # Language code mapping (expand as needed) lang_map = { "english": "en", "spanish": "es", "french": "fr", "german": "de", "hindi": "hi", "arabic": "ar", "urdu": "ur" # gTTS supports Urdu as 'ur' } # Get language code (default to English if not found) lang_code = lang_map.get(language.lower(), "en") # Generate speech with proper language handling tts = gTTS(text=text[:200], lang=lang_code, slow=False) with tempfile.NamedTemporaryFile(suffix=".mp3", delete=False) as tmp_file: tmp_path = tmp_file.name tts.save(tmp_path) return tmp_path except Exception as e: print(f"Audio synthesis error: {e}") return None def new_chat(): """Reset all fields for a new chat session""" return ( "", # text_input None, # file_input "", # output gr.update(visible=False), # report_btn gr.update(visible=False), # ignore_btn gr.update(visible=False), # report_msg None, # audio_output None, # report_file ) def analyze_message_interface(text_input, uploaded_file, language, role): file_text = extract_text_from_file(uploaded_file) if uploaded_file else "" text_input = text_input.strip() file_text = file_text.strip() if not text_input and not file_text: return "❌ No input provided via text or file.", gr.update(visible=False), history_log, gr.update(choices=[], value=None), "", None, gr.update(visible=False), gr.update(visible=False), None combined_input = f"User message:\n{text_input}\n\nAttached file content:\n{file_text}" if text_input and file_text else (text_input or file_text) # STAGE 1: Hugging Face BERT Analysis print("🤖 Stage 1: Running Hugging Face BERT analysis...") bert_analysis = analyze_with_huggingface(combined_input) # STAGE 1.5: RAG-Based Reranking with LLaMA Semantic Analysis print("🧠 Stage 1.5: RAG-based reranking with LLaMA semantic analysis...") hf_analysis = rag_based_reranking(combined_input, bert_analysis, language) # Calculate final threat score threat_score = calculate_threat_score(hf_analysis) hf_analysis['threat_score'] = threat_score # Stage 2: Final LLaMA Interpretation print("🧠 Stage 2: Final LLaMA interpretation of hybrid analysis...") messages = build_enhanced_prompt_messages(hf_analysis, language, role) response = client.chat.completions.create( model="llama3-8b-8192", messages=messages, temperature=0.3, max_tokens=1000 ) result = response.choices[0].message.content.strip() # In your analyze_message_interface function: audio_path = synthesize_audio(result, language) # Pass the same language selected in UI # Add hybrid analysis summary to the result if hf_analysis.get('hybrid_analysis', False): result += f"\n\n🤖 **Hybrid AI Analysis Summary:**\n" result += f"- BERT Detection: {hf_analysis.get('bert_prediction', 'Unknown').title()}\n" result += f"- LLaMA Reanalysis: {hf_analysis.get('llama_prediction', 'Unknown').title()}\n" result += f"- Final Decision: {hf_analysis['final_threat_type'].title()}\n" result += f"- Method: {hf_analysis.get('decision_method', 'Standard')}\n" result += f"- Threat Score: {hf_analysis['threat_score']}%" else: result += f"\n\n🤖 **Computer Analysis Summary:**\n- Detection: {hf_analysis['model_prediction']}\n- Message Type: {hf_analysis['threat_type'].title()}\n- Threat Score: {hf_analysis['threat_score']}%" result_with_badges = add_visual_badges(result) result_with_tooltips = apply_glossary_tooltips(result_with_badges) # Determine if threat based on final analysis final_threat_type = hf_analysis.get('final_threat_type', hf_analysis.get('threat_type', 'unknown')) is_threat = hf_analysis['threat_score'] > 20 # Extract information for logging threat_score_str = f"{hf_analysis['threat_score']}%" status = "Safe" if final_threat_type == 'safe' else "Review" history_log.append([ datetime.now().strftime("%Y-%m-%d %H:%M"), combined_input[:40] + "...", threat_score_str, final_threat_type.title(), status ]) # Store data for detailed view detailed_log.append({ "full_input": combined_input, "full_result": result_with_badges, "hf_analysis": hf_analysis, "timestamp": datetime.now().strftime("%Y-%m-%d %H:%M:%S") }) audio_path = synthesize_audio(result, language) # Generate downloadable report report_file = generate_downloadable_report(result_with_badges, hf_analysis, combined_input) return ( result_with_tooltips, # output as plain text gr.update(visible=is_threat), # report_btn history_log, gr.update(choices=[str(i) for i in range(len(detailed_log))], value=None), "", # full_view audio_path, gr.update(visible=is_threat), # report_msg gr.update(visible=is_threat), # ignore_btn report_file # report_file for download ) def view_full_report(index): try: idx = int(index) record = detailed_log[idx] hf_data = record['hf_analysis'] report = f"📅 **Timestamp:** {record['timestamp']}\n\n" report += f"📝 **Input Message:**\n{record['full_input']}\n\n" report += f"🤖 **Computer Security Check:**\n" report += f"- What AI Found: {hf_data['model_prediction']}\n" report += f"- Message Type: {hf_data['threat_type']}\n" report += f"- Threat Score: {hf_data.get('threat_score', 'N/A')}%\n" if 'error' in hf_data: report += f"- Note: {hf_data['error']}\n" report += f"\n📜 **Detailed Analysis:**\n{record['full_result']}" return report except: return "❌ Invalid selection" def report_to_it(language): english_msg = "✅ Your request has been forwarded to the concerning department..." if history_log: history_log[-1][4] = "Reported" if language.lower() == "english": return english_msg, history_log prompt = [{ "role": "user", "content": f'Translate this message into {language} and include the English version in brackets:\n\n"{english_msg}"' }] response = client.chat.completions.create( model="llama3-8b-8192", messages=prompt, temperature=0.2, max_tokens=250 ) output = response.choices[0].message.content.strip() match = re.search(r'([^\[]+)(\[[^\]]+\])', output) if match: return f"{match.group(1).strip()}\n{match.group(2).strip()}", history_log else: return f"{output}\n[{english_msg}]", history_log def ignore_latest(): if history_log: history_log[-1][4] = "Ignored" return history_log def clear_history(): history_log.clear() detailed_log.clear() return [], [], "", gr.update(visible=False) def create_interface(): """Create the Gradio interface""" with gr.Blocks( title="ZeroPhish Gate - Phishing Detection", theme=gr.themes.Soft(), css=""" .main-header { text-align: center; margin-bottom: 20px; } .analysis-output { padding: 15px; border-radius: 10px; } """ ) as demo: gr.HTML("""

🛡️ ZeroPhish Gate

AI-Powered Phishing & Threat Detection

Analyze messages, emails, and documents for potential security threats

""") # System status status_msg = "🟢 System Ready" if not (GROQ_SUPPORT and groq_key): status_msg += " (Advanced AI disabled)" if not phishing_pipe: status_msg += " (Using basic detection)" gr.Markdown(f"**Status:** {status_msg}") with gr.Row(): with gr.Column(scale=3): text_input = gr.Textbox( label="📝 Message to Analyze", placeholder="Paste suspicious email, SMS, or message here...", lines=5 ) file_input = gr.File( label="📎 Upload File (Optional)", file_types=[".txt", ".pdf"] if PDF_SUPPORT else [".txt"] ) with gr.Column(scale=1): role = gr.Dropdown( label="👤 Your Role", choices=role_choices, value="Admin" ) language = gr.Dropdown( label="🌐 Language", choices=language_choices, value="English" ) analyze_btn = gr.Button( "🔍 Analyze Message", variant="primary", size="lg" ) new_chat_btn = gr.Button("🆕 New Chat", variant="secondary") with gr.Row(): output = gr.HTML( label="📊 Analysis Results", elem_classes=["analysis-output"] ) with gr.Row(): report_btn = gr.Button("🚨 Report to IT", visible=False, variant="stop") ignore_btn = gr.Button("🙊 Ignore Message", visible=False) report_msg = gr.Textbox(label="📣 IT Confirmation", visible=False, interactive=False) with gr.Row(): audio_output = gr.Audio(label="🔊 Voice Output (Click to Play)", interactive=False, autoplay=False) report_file = gr.File(label="📄 Download Security Report", interactive=False) with gr.Accordion("📜 Risk History & Detailed Reports", open=False): history_table = gr.Dataframe( headers=["Time", "Preview", "Threat Score", "Type", "Status"], label="📜 Risk History Log", interactive=False, wrap=True ) clear_btn = gr.Button("🧹 Clear History") selected_idx = gr.Dropdown(label="📂 Select Report to View", choices=[], interactive=True) full_view = gr.Textbox(label="🔍 Detailed Analysis", lines=12, interactive=False) with gr.Accordion("ℹ️ Help & Information", open=False): gr.Markdown(""" ### How to Use 1. **Paste or type** the suspicious message in the text box 2. **Upload a file** (PDF or TXT) if needed 3. **Select your role** for personalized advice 4. **Click Analyze** to get results ### Threat Types - 🟢 **Safe**: No threats detected - 🟡 **Spam**: Unwanted promotional content - 🟠 **Suspicious**: Potentially harmful content - 🔴 **Phishing**: Attempts to steal information - 🔴 **Malware**: Malicious software threats ### Tips - Always verify suspicious requests through official channels - Never click links or download attachments from unknown senders - When in doubt, contact your IT security team """) with gr.Accordion("📚 Glossary Help", open=False): gr.Markdown(""" **Hover over underlined blue terms in the analysis to see their definitions:** - **Phishing**: A type of online scam where attackers trick you into giving away personal information - **Domain Spoofing**: When a fake website mimics a trusted one by using a similar-looking web address - **Malware**: Software designed to harm or gain unauthorized access to your device or data - **Spam**: Unwanted or unsolicited messages, usually advertisements or scams - **Tone**: The emotional tone in a message, like being urgent or friendly """) with gr.Accordion("🤖 AI Pipeline Info", open=False): gr.Markdown(""" **Three-Stage Hybrid Analysis Pipeline:** 1. **Stage 1 - BERT Model:** Technical phishing pattern detection 2. **Stage 1.5 - RAG Reranking:** LLaMA semantic reanalysis for intent understanding 3. **Stage 2 - Final Interpretation:** User-friendly explanation generation **RAG-Based Reranking Benefits:** ✅ **Semantic Understanding:** LLaMA analyzes intent and context, not just patterns ✅ **Social Engineering Detection:** Better detection of psychological manipulation ✅ **Hybrid Decision Making:** Combines pattern matching with contextual analysis ✅ **Reduced False Positives:** More accurate classification of legitimate messages **How It Works:** - BERT identifies technical patterns (suspicious links, keywords, etc.) - LLaMA reanalyzes for social engineering, urgency, and intent - System combines both analyses for final classification - Prioritizes safety while reducing false alarms **Message Classification:** - Safe: Normal, legitimate messages - Spam: Unwanted promotional content - Phishing: Attempts to steal personal information - Malware: Messages with malicious attachments or links """) # Event handlers analyze_btn.click( fn=analyze_message_interface, inputs=[text_input, file_input, language, role], outputs=[output, report_btn, history_table, selected_idx, full_view, audio_output, report_msg, ignore_btn, report_file] ) new_chat_btn.click( fn=new_chat, inputs=[], outputs=[text_input, file_input, output, report_btn, ignore_btn, report_msg, audio_output, report_file] ) selected_idx.change(fn=view_full_report, inputs=[selected_idx], outputs=[full_view]) report_btn.click(fn=report_to_it, inputs=[language], outputs=[report_msg, history_table]) report_btn.click(lambda: gr.update(visible=True), outputs=report_msg) ignore_btn.click(fn=ignore_latest, outputs=[history_table]) clear_btn.click(fn=clear_history, outputs=[history_table, selected_idx, full_view, report_msg]) return demo # Create and launch the interface if __name__ == "__main__": demo = create_interface() demo.launch( server_name="0.0.0.0", server_port=7860, show_error=True, share=False )