This repository contains the evaluation framework for assessing the performance of PILLAR, in particular its LINDDUN Go functionality.
It comprises scripts for running threat elicitation evaluations using various LLMs, compiling results, evaluating reasoning quality, and visualizing performance metrics, as well as an ablation study investigating the effect of multi-agent discussion rounds.
The framework relies on the core PILLAR logic and prompts, ensuring consistency with the main system.
- Installation
- Project Structure
- Main Scripts
- Visualization Tools
- Ablation Study
- Benchmark Structure
- License
# Create and activate virtual environment
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
# Install dependencies
pip install -r requirements.txtCreate a .env file in the project root with your API keys:
OPENAI_API_KEY=your_openai_api_key
ANTHROPIC_API_KEY=your_anthropic_api_key
GEMINI_API_KEY=your_gemini_api_key # Optional, for Gemini-based evaluationFor local models via Ollama, ensure Ollama is running locally at http://localhost:11434.
├── main.py # Main evaluation runner
├── results.py # Results compilation and metrics calculation
├── results_viewer.py # Interactive visualization dashboard
├── boxplot_viewer.py # Boxplot visualization for reason scores
├── table.py # LaTeX table generator for metrics
├── calculate_spearman.py # Spearman correlation between judges
├── reason_evaluation.py # GPT-4o-based reason quality evaluation
├── reason_evaluation_gemini.py # Gemini-based reason quality evaluation
├── requirements.txt # Python dependencies
├── llms/
│ ├── linddun_go.py # PILLAR inner logic
│ └── prompts.py # System and user prompts from PILLAR
├── misc/
│ ├── deck.json # LINDDUN Go card deck definition
│ └── utils.py # Utility functions
├── benchmarks/ # Benchmark scenarios and results
│ ├── benchmark1/
│ │ ├── benchmark.json # Ground truth threats
│ │ ├── description.json # Application description
│ │ ├── database.csv # Database schema
│ │ └── results*/ # Model evaluation results
│ ├── benchmark2/
│ └── benchmark3/
└── ablation-study/ # Ablation study for multi-agent rounds
├── run_ablation_study.py # Run ablation experiments
├── analyze_ablation_results.py # Analyze ablation results
└── benchmarks/ # Ablation-specific benchmarks
Runs the LINDDUN Go threat elicitation evaluation for specified models.
# Single-agent evaluation
python main.py
# Multi-agent evaluation with 3 discussion rounds
python main.py --multiagent 3Configuration (edit in main.py):
models_to_test: List of tuples(model_name, provider)where provider is"openai","anthropic", or"ollama"card_range: Range of LINDDUN Go cards to evaluate (default: 0-33)temperature: LLM temperature setting (default: 0.7)
Output: Results are saved in benchmarks/<benchmark>/results<model_name>/:
found_threats.json: Raw model responsesmetrics_results.csv: Performance metrics
Compiles evaluation results by comparing found threats against ground truth and calculating metrics.
Metrics calculated:
- True/False Positives and Negatives
- Precision, Recall, Specificity, Accuracy, F1 Score
- Optional: Reason score statistics
Evaluates the quality of reasoning provided by models using GPT-4o as a judge via the DeepEval framework.
python reason_evaluation.pyOutput: deepeval.json files in each results directory containing:
- Relevance scores for each threat's reasoning
- Concordance information (whether model agreed with ground truth)
Alternative reason evaluation using Google's Gemini model as the judge.
python reason_evaluation_gemini.pyOutput: deepeval-gemini.json files with similar structure to GPT-4o evaluation.
Calculates Spearman rank correlations between GPT-4o and Gemini judges to assess inter-rater reliability.
python calculate_spearman.pyContains pre-computed scores for both judges and calculates correlations for:
- Overall mean scores
- Concordant cases (model agreed with ground truth)
- Discordant cases (model disagreed with ground truth)
Generates LaTeX tables summarizing overall performance metrics across all benchmarks.
python table.pyOutput:
- Prints LaTeX table to console
- Saves to
metrics_table.tex
The table pairs base models with their multi-agent variants for easy comparison.
A matplotlib-based interactive dashboard for exploring evaluation results.
python results_viewer.pyFeatures:
- Switch between benchmarks and overall aggregated view
- View different metrics (Precision, Recall, F1, Accuracy, etc.)
- Filter by concordance (all/concordant/discordant cases)
- Sort models by performance or alphabetically
- Bar charts with model grouping (base vs multi-agent)
Visualizes the distribution of reason quality scores across models using boxplots.
python boxplot_viewer.pyFeatures:
- Aggregates reason scores from
deepeval.jsonfiles - Filter by concordance status
- Compare score distributions across all models
The ablation-study/ directory contains scripts for investigating how the number of multi-agent discussion rounds affects performance.
Runs experiments with varying numbers of deliberation rounds.
cd ablation-study
python run_ablation_study.pyConfiguration (edit in script):
ABLATION_MODELS: List of models to testABLATION_ROUNDS: Number of rounds to test (default: [1, 2, 3])
Analyzes convergence patterns and performance trends from ablation experiments.
cd ablation-study
python analyze_ablation_results.pyAnalyzes:
- Convergence patterns across rounds
- Vote trajectory and stability
- Performance metrics by round count
Each benchmark folder contains:
| File | Description |
|---|---|
description.json |
Application description, data types, DFD, policies |
database.csv |
Database schema with data types and properties |
benchmark.json |
Ground truth threat responses (generated or curated) |
This project is licensed under the Apache License, Version 2.0 - see the LICENSE file for details.