# AI-Driven Cybersecurity Threat Intelligence Chatbot

# Create a Threat Knowledge Base

In [1]:
import json

# Corrected JSON data for threats
threats_data = [
    {
        "name": "Phishing",
        "description": "Phishing is a form of cyberattack where attackers impersonate legitimate institutions to trick individuals into providing sensitive information like passwords or credit card numbers.",
        "indicators": ["fake email", "suspicious link", "login prompt", "account verification request"],
        "actions": "Verify the sender's email address, do not click on suspicious links, and report phishing attempts to IT or cybersecurity team."
    },
    {
        "name": "Ransomware",
        "description": "Ransomware is malicious software that encrypts a user's data and demands a ransom for decryption.",
        "indicators": ["encrypted files", "ransom demand", "payment in cryptocurrency", "restricted access to data"],
        "actions": "Regularly back up data, use antivirus software, avoid downloading unknown attachments, and keep systems updated."
    },
    {
        "name": "DDoS Attack",
        "description": "A Distributed Denial of Service (DDoS) attack involves overwhelming a system, network, or website with traffic, causing it to slow down or crash.",
        "indicators": ["high traffic", "service unavailability", "server overload"],
        "actions": "Use a Content Delivery Network (CDN), implement rate limiting, and monitor network traffic for unusual spikes."
    },
    {
        "name": "SQL Injection",
        "description": "SQL Injection is a code injection technique that exploits a vulnerability in an application's software to manipulate database queries.",
        "indicators": ["unexpected database error", "access to unauthorized data", "special characters in input fields like ';', '--'"],
        "actions": "Sanitize and validate all user inputs, use parameterized queries, and employ web application firewalls to block malicious queries."
    },
    {
        "name": "Malware",
        "description": "Malware is software specifically designed to disrupt, damage, or gain unauthorized access to a computer system.",
        "indicators": ["slow performance", "unexpected pop-ups", "new unknown programs"],
        "actions": "Avoid downloading files from untrusted sources, install antivirus software, and keep operating systems updated."
    },
    {
        "name": "Brute Force Attack",
        "description": "A brute force attack attempts to guess a user's credentials through repeated trial and error.",
        "indicators": ["multiple login attempts", "account lockouts", "suspicious login location"],
        "actions": "Use strong passwords, enable account lockout policies, and use multi-factor authentication (MFA) where possible."
    },
    {
        "name": "Data Breach",
        "description": "A data breach is the unauthorized access and exposure of sensitive data to external parties.",
        "indicators": ["unauthorized access", "exposed data", "sensitive information leak"],
        "actions": "Regularly audit access permissions, employ data encryption, and monitor access logs for unusual activity."
    },
    {
        "name": "Insider Threat",
        "description": "An insider threat involves a trusted individual within the organization who intentionally or unintentionally compromises security.",
        "indicators": ["access to restricted data", "suspicious download activity", "unusual access patterns"],
        "actions": "Limit access to sensitive data, monitor employee activities, and set up alerts for unusual activity patterns."
    },
    {
        "name": "Zero-Day Vulnerability",
        "description": "A zero-day vulnerability is an unknown software flaw that attackers exploit before a fix is available.",
        "indicators": ["exploited software bugs", "unavailable patch", "unknown vulnerability"],
        "actions": "Regularly update software, employ endpoint protection, and monitor for unusual behaviors."
    },
    {
        "name": "Social Engineering",
        "description": "Social engineering is a manipulation technique where attackers trick individuals into providing sensitive information.",
        "indicators": ["manipulation attempts", "unsolicited requests for sensitive data", "imposter impersonation"],
        "actions": "Train employees to recognize social engineering attempts, verify identities before sharing sensitive information, and avoid sharing information over unsecured channels."
    }
]

# Write JSON data to a file
with open("threats.json", "w") as file:
    json.dump(threats_data, file, indent=4)

# Load and read the file to verify
with open("threats.json", "r") as file:
    threats_db = json.load(file)
    print(threats_db)


[{'name': 'Phishing', 'description': 'Phishing is a form of cyberattack where attackers impersonate legitimate institutions to trick individuals into providing sensitive information like passwords or credit card numbers.', 'indicators': ['fake email', 'suspicious link', 'login prompt', 'account verification request'], 'actions': "Verify the sender's email address, do not click on suspicious links, and report phishing attempts to IT or cybersecurity team."}, {'name': 'Ransomware', 'description': "Ransomware is malicious software that encrypts a user's data and demands a ransom for decryption.", 'indicators': ['encrypted files', 'ransom demand', 'payment in cryptocurrency', 'restricted access to data'], 'actions': 'Regularly back up data, use antivirus software, avoid downloading unknown attachments, and keep systems updated.'}, {'name': 'DDoS Attack', 'description': 'A Distributed Denial of Service (DDoS) attack involves overwhelming a system, network, or website with traffic, causing i

# Load the Threat Knowledge Base

In [2]:
import json

# Load the JSON database
with open("threats.json", "r") as file:
    threats_db = json.load(file)

In [3]:
# Function to detect a threat based on user input
def detect_threat(user_input):
    # Check if any indicator keywords are present in the user input
    for threat in threats_db:
        for indicator in threat["indicators"]:
            if indicator in user_input.lower():
                return threat
    return None

# Function to respond with details about the detected threat
def respond_to_threat(threat):
    response = f"**Threat Detected**: {threat['name']}\n\n" \
               f"**Description**: {threat['description']}\n\n" \
               f"**Recommended Actions**: {threat['actions']}"
    return response

In [4]:
# function to display a threat
def display_threat_info(threat_name):
    for threat in threats_db:
        if threat["name"].lower() == threat_name.lower():
            print(f"**Threat Detected**: {threat['name']}")
            print(f"**Description**: {threat['description']}")
            print(f"**Indicators**: {', '.join(threat['indicators'])}")
            print(f"**Recommended Actions**: {threat['actions']}")
            return
    print("Threat not found in the database.")

# Example usage
display_threat_info("Phishing")

**Threat Detected**: Phishing
**Description**: Phishing is a form of cyberattack where attackers impersonate legitimate institutions to trick individuals into providing sensitive information like passwords or credit card numbers.
**Indicators**: fake email, suspicious link, login prompt, account verification request
**Recommended Actions**: Verify the sender's email address, do not click on suspicious links, and report phishing attempts to IT or cybersecurity team.


# Create the Chatbot Logic

In [5]:

# Main loop for console-based chatbot interaction
while True:
    user_input = input("Describe the issue (or type 'Exit' to quit): ")
    if user_input.lower() == "exit":
        print("Goodbye!")
        break

    threat = detect_threat(user_input)
    if threat:
        print(respond_to_threat(threat))
    else:
        print("No known threat detected.")


Describe the issue (or type 'Exit' to quit):  I received a fake email with a suspicious link asking for my password
**Threat Detected**: Phishing

**Description**: Phishing is a form of cyberattack where attackers impersonate legitimate institutions to trick individuals into providing sensitive information like passwords or credit card numbers.

**Recommended Actions**: Verify the sender's email address, do not click on suspicious links, and report phishing attempts to IT or cybersecurity team.
Describe the issue (or type 'Exit' to quit): Exit
Goodbye!


# Build the User Interface with Tkinter

In [6]:
# Install Gradio
!pip install gradio

# Import required libraries
import json
import gradio as gr

# Load threat knowledge base from JSON file
with open("threats.json", "r") as f:
    threats_db = json.load(f)

# Function to detect a threat based on user input
def detect_threat(user_input):
    for threat in threats_db:
        for indicator in threat["indicators"]:
            if indicator in user_input.lower():
                return threat
    return None

# Function to generate a response based on the detected threat
def respond_to_threat(threat):
    response = f"**Threat Detected**: {threat['name']}\n\n" \
               f"**Description**: {threat['description']}\n\n" \
               f"**Recommended Actions**: {threat['actions']}"
    return response

# Gradio function
def chatbot(user_input):
    threat = detect_threat(user_input)
    if threat:
        return respond_to_threat(threat)
    else:
        return "No known threat detected."

# Launch Gradio interface
interface = gr.Interface(fn=chatbot, inputs="text", outputs="text", title="Cybersecurity Threat Intelligence Chatbot")
interface.launch()


Collecting gradio
  Downloading gradio-5.29.0-py3-none-any.whl.metadata (16 kB)
Collecting aiofiles<25.0,>=22.0 (from gradio)
  Downloading aiofiles-24.1.0-py3-none-any.whl.metadata (10 kB)
Collecting fastapi<1.0,>=0.115.2 (from gradio)
  Downloading fastapi-0.115.12-py3-none-any.whl.metadata (27 kB)
Collecting ffmpy (from gradio)
  Downloading ffmpy-0.5.0-py3-none-any.whl.metadata (3.0 kB)
Collecting gradio-client==1.10.0 (from gradio)
  Downloading gradio_client-1.10.0-py3-none-any.whl.metadata (7.1 kB)
Collecting groovy~=0.1 (from gradio)
  Downloading groovy-0.1.2-py3-none-any.whl.metadata (6.1 kB)
Collecting pydub (from gradio)
  Downloading pydub-0.25.1-py2.py3-none-any.whl.metadata (1.4 kB)
Collecting python-multipart>=0.0.18 (from gradio)
  Downloading python_multipart-0.0.20-py3-none-any.whl.metadata (1.8 kB)
Collecting ruff>=0.9.3 (from gradio)
  Downloading ruff-0.11.8-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (25 kB)
Collecting safehttpx<0.2.0,>=0.1.6

