## Imports ##

In [8]:
# from runningLLAMA import llama_local_generate
from runningBaronLLM import baron_local_generate
import pandas as pd
import re
import time
import os

## Prepare the prompts ##
Multiple prompts for ablation study

In [9]:
# Prompt 1: Both vulnerability description AND CVSS vector
prompt_both = """
    Classify the vulnerability post-condition privilege as one of the following:
    - None: Attacker does not gain access to the system.  - User: Attacker gains
    user-level access (e.g., running code as a normal user, accessing user
    files).  - Root: Attacker gains full system or administrative access (e.g.,
    root privileges, complete control over the system or application).

    
    Vulnerability: {description}
    CVSS Vector: {cvss}
    
    Examples: Example 1: Vulnerability: XSS vulnerability allows stealing user
    session cookies.  CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    Classification: User Justification: Attacker gains access to user session
    data but not system control.

    Example 2: Vulnerability: SQL injection allows database manipulation.  CVSS
    Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Classification: User
    Justification: Attacker gains database access but not full system control.

    Now classify the given vulnerability: Justification: [Your justification]
    ##POSTCONDITION [Your classification: None, User, or Root]
    """

# Prompt 2: Only vulnerability description
prompt_desc_only = """
    Classify the vulnerability post-condition privilege as one of the following:
    - None: Attacker does not gain access to the system.  - User: Attacker gains
    user-level access (e.g., running code as a normal user, accessing user
    files).  - Root: Attacker gains full system or administrative access (e.g.,
    root privileges, complete control over the system or application).

    
    Vulnerability: {description}
    
    Examples: Example 1: Vulnerability: XSS vulnerability allows stealing user
    session cookies.  
    Classification: User Justification: Attacker gains access to user session
    data but not system control.

    Example 2: Vulnerability: SQL injection allows database manipulation.  
    Classification: User Justification: Attacker gains database access but not full system control.

    Now classify the given vulnerability: Justification: [Your justification]
    ##POSTCONDITION [Your classification: None, User, or Root]
    """

# Prompt 3: Only CVSS vector
prompt_cvss_only = """
    Classify the vulnerability post-condition privilege as one of the following:
    - None: Attacker does not gain access to the system.  - User: Attacker gains
    user-level access (e.g., running code as a normal user, accessing user
    files).  - Root: Attacker gains full system or administrative access (e.g.,
    root privileges, complete control over the system or application).

    
    CVSS Vector: {cvss}
    
    Examples: Example 1: CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    Classification: User Justification: Low impact on confidentiality and integrity suggests user-level access.

    Example 2: CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 
    Classification: User Justification: High impact but requires high privileges, suggesting user-level access.

    Now classify the given vulnerability: Justification: [Your justification]
    ##POSTCONDITION [Your classification: None, User, or Root]
    """


In [10]:
sys_prompt_both = """
    You are a cybersecurity vulnerability classification expert. Your task is to
    determine the post-condition privilege level after successful exploitation.

    POST-CONDITION PRIVILEGE LEVEL DEFINITIONS: - None: Attacker does not gain
    access to the system. No execution privileges are obtained.  - User:
    Attacker gains user-level access (e.g., running code as a normal user,
    accessing user files, limited privileges).  - Root: Attacker gains full
    system or administrative access (e.g., root privileges, complete control
    over the system or application, administrator rights).

    CLASSIFICATION INSTRUCTIONS: 1. Analyze both the CVE description and CVSS
    vector 2. Provide a brief justification 3. End your
    response with: ##POSTCONDITION [classification] 4. The classification must
    be EXACTLY one of: None, User, Root
    """

sys_prompt_desc_only = """
    You are a cybersecurity vulnerability classification expert. Your task is to
    determine the post-condition privilege level after successful exploitation.

    POST-CONDITION PRIVILEGE LEVEL DEFINITIONS: - None: Attacker does not gain
    access to the system. No execution privileges are obtained.  - User:
    Attacker gains user-level access (e.g., running code as a normal user,
    accessing user files, limited privileges).  - Root: Attacker gains full
    system or administrative access (e.g., root privileges, complete control
    over the system or application, administrator rights).

    CLASSIFICATION INSTRUCTIONS: 1. Analyze the CVE description 2. Provide a brief 
    justification 3. End your response with: ##POSTCONDITION [classification] 
    4. The classification must be EXACTLY one of: None, User, Root
    """

sys_prompt_cvss_only = """
    You are a cybersecurity vulnerability classification expert. Your task is to
    determine the post-condition privilege level after successful exploitation.

    POST-CONDITION PRIVILEGE LEVEL DEFINITIONS: - None: Attacker does not gain
    access to the system. No execution privileges are obtained.  - User:
    Attacker gains user-level access (e.g., running code as a normal user,
    accessing user files, limited privileges).  - Root: Attacker gains full
    system or administrative access (e.g., root privileges, complete control
    over the system or application, administrator rights).

    CLASSIFICATION INSTRUCTIONS: 1. Analyze the CVSS vector 2. Provide a brief 
    justification 3. End your response with: ##POSTCONDITION [classification] 
    4. The classification must be EXACTLY one of: None, User, Root
    """

In [11]:
temperature = 0.3
top_p = 0.9     
seed = 42
max_tokens = 256   

## Prompt the LLM ##

In [12]:
def format_post_condition(text):
    """
    Extract post-condition privilege classification from LLM response text.
    Returns the last valid classification found and whether extraction was successful.
    """
    # Define the regex pattern for matching privilege classification
    privilege_pattern = r'^(None|User|Root)[.:\s]*$'
    
    # Split the text into lines (from bottom up) and search for a matching line
    lines = text.strip().splitlines()
    for line in reversed(lines):
        line = line.strip()
        if re.match(privilege_pattern, line):
            # Extract just the classification word
            match = re.match(r'^(None|User|Root)', line)
            if match:
                return match.group(1), True
    
    # If no exact match found, look for the classification word anywhere in the text
    text_reversed = text[::-1]
    for word in ["tooR", "resU", "enoN"]:  # Reversed words
        if word in text_reversed:
            pos = text_reversed.find(word)
            return word[::-1], True  # Reverse back to original
    
    # If still not found, return the entire text and mark as failed
    return text, False

In [None]:
def run_evaluation(file_path):
    """
    Run CVSS prediction evaluation on a dataset using specified model.
    Processes each CVE description, extracts CVSS vectors, and saves results.
    """
    start_time = time.time()
    count_chars = 0
    instructions_failed = 0
    
    data = pd.read_csv(file_path, encoding='utf-8', sep='\t')
    all_results = []
    all_full_responses = []
    
    for index, row in data.iterrows():
        # Format the prompt with the specific vulnerability data using format()
        llm_prompt = prompt_both.format(description=row['DESCRIPTION'], cvss=row['CVSS'])
        
        try:
            # Get prediction from the model
            output = baron_local_generate(sys_prompt_both, llm_prompt, max_tokens=max_tokens, temperature=temperature, top_p=top_p, seed=seed)
            count_chars += len(output)
            
            # Store the full response
            all_full_responses.append(f"=== CVE {index+1} ===\n{output}\n")
            
            # Try to extract post-condition from the response
            answer, success = format_post_condition(output)
            if not success:
                instructions_failed += 1
            
            all_results.append(answer)
            print(index+1, answer)
        except Exception as e:
            answer = 'Error'
            error_msg = f"=== CVE {index+1} ===\nERROR: {str(e)}\n"
            all_full_responses.append(error_msg)
            all_results.append(answer)
            print('Exception at row ', index+1)
            print(e)
    
    time_taken = time.time() - start_time
    print('Time taken:', time_taken)
    print('#Characters generated:', count_chars)
    print('#Instructions failed:', instructions_failed)
    
    output_dir = os.path.join('responses', 'individual-results')
    if not os.path.exists(output_dir):
        os.makedirs(output_dir)
    
    out_result = os.path.join(output_dir, 'SENG402_' + os.path.basename(file_path).split('.')[0] + '_postcondition.txt')
    with open(out_result, 'w', encoding='utf-8') as f:
        f.write('\n'.join(all_results))
    
    out_full_responses = os.path.join(output_dir, 'SENG402_' + os.path.basename(file_path).split('.')[0] + '_full_postcondition_responses.txt')
    with open(out_full_responses, 'w', encoding='utf-8') as f:
        f.write('\n'.join(all_full_responses))
    
    print(f'Results saved to: {out_result}')
    print(f'Full responses saved to: {out_full_responses}')
    print('------- Done --------')

<!--  -->

In [14]:
data_set_file_path = "../datasets/postcondition-dataset-finished.tsv"
# run_evaluation(data_set_file_path)


### Ablation Study ###

In [None]:
def run_ablation_study(file_path):
    """
    Run ablation study with three different prompt variations:
    1. Both vulnerability description AND CVSS vector
    2. Only vulnerability description  
    3. Only CVSS vector
    """
    
    # Define the three prompt variations with their corresponding system prompts
    prompts = {
        "both": (sys_prompt_both, prompt_both),
        "desc_only": (sys_prompt_desc_only, prompt_desc_only), 
        "cvss_only": (sys_prompt_cvss_only, prompt_cvss_only)
    }
    
    for prompt_name, (system_prompt, prompt_template) in prompts.items():
        print(f"\n=== Running ablation study with prompt: {prompt_name} ===")
        
        start_time = time.time()
        count_chars = 0
        instructions_failed = 0
        
        data = pd.read_csv(file_path, encoding='utf-8', sep='\t')
        all_results = []
        all_full_responses = []
        
        for index, row in data.iterrows():
            # Format the prompt based on the current variation
            if prompt_name == "both":
                llm_prompt = prompt_template.format(description=row['DESCRIPTION'], cvss=row['CVSS'])
            elif prompt_name == "desc_only":
                llm_prompt = prompt_template.format(description=row['DESCRIPTION'])
            elif prompt_name == "cvss_only":
                llm_prompt = prompt_template.format(cvss=row['CVSS'])
            
            try:
                # Get prediction from the model using the specific system prompt for this variation
                output = baron_local_generate(system_prompt, llm_prompt, max_tokens=max_tokens, temperature=temperature, top_p=top_p, seed=seed)
                count_chars += len(output)
                
                # Store the full response
                all_full_responses.append(f"=== CVE {index+1} ===\n{output}\n")
                
                # Try to extract post-condition from the response
                answer, success = format_post_condition(output)
                if not success:
                    instructions_failed += 1
                
                all_results.append(answer)
                print(f"{index+1} {answer}")
            except Exception as e:
                answer = 'Error'
                error_msg = f"=== CVE {index+1} ===\nERROR: {str(e)}\n"
                all_full_responses.append(error_msg)
                all_results.append(answer)
                print(f'Exception at row {index+1}')
                print(e)
        
        time_taken = time.time() - start_time
        print(f'Time taken for {prompt_name}: {time_taken}')
        print(f'#Characters generated: {count_chars}')
        print(f'#Instructions failed: {instructions_failed}')
        
        # Create output directory for ablation study
        output_dir = os.path.join('responses', 'ablation-study')
        if not os.path.exists(output_dir):
            os.makedirs(output_dir)
        
        # Save results with prompt variation in filename
        base_filename = os.path.basename(file_path).split('.')[0]
        out_result = os.path.join(output_dir, f'SENG402_{base_filename}_postcondition_{prompt_name}.txt')
        with open(out_result, 'w', encoding='utf-8') as f:
            f.write('\n'.join(all_results))
        
        out_full_responses = os.path.join(output_dir, f'SENG402_{base_filename}_full_postcondition_responses_{prompt_name}.txt')
        with open(out_full_responses, 'w', encoding='utf-8') as f:
            f.write('\n'.join(all_full_responses))
        
        print(f'Results saved to: {out_result}')
        print(f'Full responses saved to: {out_full_responses}')
        print(f'------- {prompt_name} Done --------\n')

# Run the ablation study
data_set_file_path = "../datasets/postcondition-dataset-finished.tsv"
run_ablation_study(data_set_file_path)


=== Running ablation study with prompt: both ===


In [None]:
from sklearn.metrics import accuracy_score, f1_score

def evaluate_predictions(true_labels_file, pred_labels_file, prompt_name):
    """
    Calculate F1 score and accuracy for predictions.
    
    Args:
        true_labels_file: Path to file with ground truth labels (one per line)
        pred_labels_file: Path to file with predicted labels (one per line)
        prompt_name: Name of the prompt variant for reporting
    
    Returns:
        Dictionary with F1 and accuracy scores
    """
    # Read true labels and predicted labels
    with open(true_labels_file, 'r', encoding='utf-8') as f:
        true_labels = [line.strip() for line in f.readlines()]
    
    with open(pred_labels_file, 'r', encoding='utf-8') as f:
        pred_labels = [line.strip() for line in f.readlines()]
    
    # Ensure same length
    min_len = min(len(true_labels), len(pred_labels))
    true_labels = true_labels[:min_len]
    pred_labels = pred_labels[:min_len]
    
    # Handle any prediction errors (replace with most common class or 'User')
    valid_classes = ['None', 'User', 'Root']
    pred_labels_clean = []
    failed_count = 0
    
    for pred in pred_labels:
        if pred in valid_classes:
            pred_labels_clean.append(pred)
        else:
            pred_labels_clean.append('User')  # Default fallback
            failed_count += 1
    
    # Calculate metrics
    accuracy = accuracy_score(true_labels, pred_labels_clean)
    f1_macro = f1_score(true_labels, pred_labels_clean, average='macro')  # Treats all classes equally
    f1_weighted = f1_score(true_labels, pred_labels_clean, average='weighted')  # Weighted by class frequency
    
    return {
        'prompt_name': prompt_name,
        'accuracy': accuracy,
        'f1_macro': f1_macro,
        'f1_weighted': f1_weighted,
        'failed_extractions': failed_count,
        'total_predictions': len(pred_labels)
    }

def compare_ablation_results(ground_truth_file, results_dir='responses/ablation-study'):
    """
    Compare F1 and accuracy across all prompt variations.
    """
    prompt_variants = ['both', 'desc_only', 'cvss_only']
    
    print("=== ABLATION STUDY EVALUATION ===\n")
    print("Variant\t\tAccuracy\tF1-Macro\tF1-Weighted\tFailed")
    print("-" * 65)
    
    best_accuracy = 0
    best_f1 = 0
    best_variant_acc = ""
    best_variant_f1 = ""
    
    for variant in prompt_variants:
        pred_file = os.path.join(results_dir, f'SENG402_postcondition-dataset-finished_postcondition_{variant}.txt')
        
        if os.path.exists(pred_file):
            results = evaluate_predictions(ground_truth_file, pred_file, variant)
            
            print(f"{variant:12}\t{results['accuracy']:.3f}\t\t{results['f1_macro']:.3f}\t\t{results['f1_weighted']:.3f}\t\t{results['failed_extractions']}")
            
            # Track best performance
            if results['accuracy'] > best_accuracy:
                best_accuracy = results['accuracy']
                best_variant_acc = variant
            if results['f1_macro'] > best_f1:
                best_f1 = results['f1_macro']
                best_variant_f1 = variant
        else:
            print(f"{variant:12}\tFile not found")
    
    print("\n=== BEST PERFORMANCE ===")
    print(f"Best Accuracy: {best_variant_acc} ({best_accuracy:.3f})")
    print(f"Best F1-Macro: {best_variant_f1} ({best_f1:.3f})")

# Usage after running your ablation study:
# You need to specify where your ground truth labels are stored
# ground_truth_file = "../datasets/ground_truth_postcondition.txt"  # One label per line: None, User, or Root
# compare_ablation_results(ground_truth_file)