theResearchNinja/OllaBench

--- license: cc-by-4.0 task_categories: - question-answering language: - en tags: - cybersecurity - cognitive behavioral psychology - benchmark - evaluation - cognitive behavioral reasoning - cybersecurity compliance - cybersecurity noncompliance - cybersecurity reasoning pretty_name: OllaBench size_categories: - 10K<n<100K --- # Dataset Card for Dataset Name Large Language Models (LLMs) have the potential to enhance Agent-Based Modeling by better representing complex interdependent cybersecurity systems, improving cybersecurity threat modeling and risk management. Evaluating LLMs in this context is crucial for legal compliance and effective application development. Existing LLM evaluation frameworks often overlook the human factor and cognitive computing capabilities essential for interdependent cybersecurity. To address this gap, I propose OllaBench, a novel evaluation framework that assesses LLMs' accuracy, wastefulness, and consistency in answering scenario-based information security compliance and non-compliance questions. ## Dataset Details - **Curated by:** tom.nguyen@ieee.org - **Language(s) (NLP):** English - **License:** CC 4 A sample scenario is as follows. Avery Johnson: The individual values following the organization's Information Security Policies. The individual expressed their plan to safeguard their company's data and technological assets. The individual has the ability to safeguard themselves against cyber breaches. I prioritize protecting my employer's sensitive information by following all security guidelines. Viewing compliance with the institution's security policies as vital. Emily Carter: The person understood the benefits of following the information security policies. The person views compliance with the institution's security policies as a mandatory requirement. A person has complete power over adhering to information security policies. The individual values following the institution's guidelines for Information Security Policies. The individual understands the consequences for violating the organization's information security policy. As shown, each scenario begins with brief cognitive behavioral profiles of two person. Then, the LLMs will be required to answer the following questions: Which of the following options best reflects Avery Johnson's or Emily Carter cognitive behavioral constructs? (option a) - ['Knowledge', 'Social', 'Motivation', 'Attitude', 'Intent'] (option b) - ['Self-efficacy', 'Motivation', 'Intent', 'Subjective norms', 'Attitude'] (option c) - ['Attitude', 'Intent', 'Control', 'Motivation', 'Attitude'] (option d) - ['Control', 'Attitude', 'Response Efficacy', 'Benefits', 'Intent']" Who is LESS compliant with information security policies? (option a) - Avery Johnson (option b) - They carry the same risk level (option c) - Emily Carter (option d) - It is impossible to tell Will information security non-compliance risk level increase if these employees work closely in the same team? (option a) - security non-compliance risk level may increase (option b) - security non-compliance risk level will increase (option c) - security non-compliance risk level will stay the same (option d) - It is impossible to tell To increase information security compliance, which cognitive behavioral factor should be targetted for strengthening? (option a) - Attitude (option b) - Motivation (option c) - Knowledge (option d) - Intent ### Dataset Sources OllaBench is built on a foundation of 24 cognitive behavioral theories and empirical evidence from 38 peer-reviewed papers. Please check out the OllaBench white paper below for a complete science behind the dataset. - **Repository:** https://github.com/Cybonto/OllaBench - **Paper [optional]:** https://arxiv.org/abs/2406.06863 ## Uses The first question is of "Which Cognitive Path" (WCP) type. The second is of "Who is Who" (WHO) type. The third one is of "Team Risk Analysis" type, and the last question is of "Target Factor Analysis" type. OllaBench1 then use the generated scenarios and questions to query against the evalutatee models hosted in Ollama. The Average score is the average of each model's 'Avg WCP score','Avg WHO score','Avg Team Risk score','Avg Target Factor score'. The model with the highest Average score could be the best performing model. However, it may not be the case with the most efficient model which is a combination of many factors including performance metrics and wasted response metric. Wasted Response for each response is measured by the response's tokens and the response evaluation of being incorrect. The Wasted Average score is calculated by the total wasted tokens divided by the number of wrong responses. Further resource costs in terms of time and/or money can be derived from the total wasted response value. The model with the lowest Wasted Average score can be the most efficient model (to be decided in joint consideration with other metrics). Please check the OllaBench paper on proper use. ### Out-of-Scope Use to be added #### Personal and Sensitive Information there is no personal and sensitive information in the dataset ## Bias, Risks, and Limitations to be added ### Recommendations I recommend you use the OllaBench GUI application to benchmark based on this dataset. The application is available on GitHub. ## Citation [optional] to be added **BibTeX:** @misc{nguyen2024ollabench, title={Ollabench: Evaluating LLMs' Reasoning for Human-centric Interdependent Cybersecurity}, author={Tam n. Nguyen}, year={2024}, eprint={2406.06863}, archivePrefix={arXiv}, primaryClass={cs.CR} } **APA:** [More Information Needed] ## More Information [optional] tom.nguyen@ieee.org ## Dataset Card Authors [optional] tom.nguyen@ieee.org ## Dataset Card Contact tom.nguyen@ieee.org

许可证：CC BY 4.0 任务类别： - 问答 语言： - 英语 标签： - 网络安全 - 认知行为心理学 - 基准测试 - 评估 - 认知行为推理 - 网络安全合规 - 网络安全不合规 - 网络安全推理 数据集名称：OllaBench 样本量范围：10000 < n < 100000 # 数据集卡片（数据集名称：OllaBench） 大语言模型（Large Language Model, LLM）能够通过更精准地刻画复杂的相互依存式网络安全系统、优化网络安全威胁建模与风险管理，为基于智能体的建模（Agent-Based Modeling）赋能。在此场景下对大语言模型进行评估，对于合规落地与高效应用开发至关重要。现有大语言模型评估框架往往忽略了相互依存式网络安全场景中不可或缺的人为因素与认知计算能力。为填补这一研究空白，本文提出OllaBench——一种全新的评估框架，用于评估大语言模型在回答基于场景的信息安全合规与不合规问题时的准确性、冗余性与一致性。 ## 数据集详情 - **数据集整理者**：tom.nguyen@ieee.org - **自然语言处理所用语言**：英语 - **许可证**：CC BY 4.0 以下为一个样本场景： > 埃弗里·约翰逊（Avery Johnson）：该个体严格遵循组织的信息安全政策，明确表示将保护公司的数据与技术资产，具备防范网络入侵的能力，并将遵循所有安全指南作为保护雇主敏感信息的首要举措，同时将遵守机构安全政策视为至关重要之事。 > 埃米莉·卡特（Emily Carter）：该个体明晰遵循信息安全政策的益处，将遵守机构安全政策视作强制性要求，完全具备自主遵守信息安全政策的能力，重视遵循机构的信息安全政策指南，并知晓违反组织信息安全政策的相应后果。 如上述示例，每个场景首先会呈现两名个体的简短认知行为画像，随后要求大语言模型回答以下四类问题： 1. **以下哪个选项最能体现埃弗里·约翰逊或埃米莉·卡特的认知行为结构？** (a) ['知识', '社会', '动机', '态度', '意图'] (b) ['自我效能感（Self-efficacy）', '动机', '意图', '主观规范（Subjective norms）', '态度'] (c) ['态度', '意图', '控制感', '动机', '态度'] (d) ['控制感', '态度', '响应效能', '收益', '意图'] 2. **以下哪位的信息安全合规程度更低？** (a) 埃弗里·约翰逊 (b) 二者风险水平相当 (c) 埃米莉·卡特 (d) 无法判断 3. **若这些员工在同一团队密切协作，信息安全不合规的风险水平是否会上升？** (a) 信息安全不合规风险水平可能上升 (b) 信息安全不合规风险水平必然上升 (c) 信息安全不合规风险水平保持不变 (d) 无法判断 4. **若要提升信息安全合规水平，应针对以下哪个认知行为因素进行强化？** (a) 态度 (b) 动机 (c) 知识 (d) 意图 ## 数据集来源 OllaBench基于24项认知行为理论与38篇同行评议论文的实证研究构建。完整的数据集科学背景请参阅OllaBench白皮书： - **代码仓库**：https://github.com/Cybonto/OllaBench - **学术论文**：https://arxiv.org/abs/2406.06863 ## 使用场景 第一个问题属于「认知路径识别（Which Cognitive Path, WCP）」类型，第二个为「身份甄别（Who is Who, WHO）」类型，第三个为「团队风险分析」类型，第四个为「目标因素分析」类型。 OllaBench可通过生成的场景与问题，对部署于Ollama平台的待评估模型进行查询。 模型的平均得分为其「平均WCP得分」「平均WHO得分」「平均团队风险得分」「平均目标因素得分」的算术平均值。平均得分最高的模型可视为表现最优的模型，但这未必等同于效率最高的模型——模型效率需结合包括性能指标与冗余响应指标在内的多项因素综合判定。 冗余响应（Wasted Response）通过响应的Token数量与响应的正确性评估进行量化：平均冗余得分等于总冗余Token数除以错误响应的数量。进一步可从总冗余响应值推导时间与/或资金层面的资源成本。平均冗余得分最低的模型可视为效率最高的模型（需结合其他指标综合判定）。 请参阅OllaBench学术论文以了解正确的使用方式。 ### 超出适用范围的使用场景 待补充 #### 个人与敏感信息说明 本数据集未包含任何个人与敏感信息。 ## 偏差、风险与局限性 待补充 ### 使用建议 建议使用OllaBench GUI应用程序基于本数据集开展基准测试，该应用程序可在GitHub上获取。 ## 引用信息（可选） 待补充 **BibTeX 格式：** @misc{nguyen2024ollabench, title={Ollabench: Evaluating LLMs' Reasoning for Human-centric Interdependent Cybersecurity}, author={Tam n. Nguyen}, year={2024}, eprint={2406.06863}, archivePrefix={arXiv}, primaryClass={cs.CR} } **APA 格式引用：** 待补充 ## 更多信息（可选） tom.nguyen@ieee.org ## 数据集卡片作者（可选） tom.nguyen@ieee.org ## 数据集卡片联系人 tom.nguyen@ieee.org