Disclaimer: This article and all the associated exercises are for educational purposes only.
This repository provides a comprehensive introduction to various offensive techniques using neural networks. The methods covered include bug hunting, shellcode obfuscation, information extraction, malware injection, backdooring, and more.
Each method is accompanied by an exercise, allowing you to practice and understand the concepts hands-on. You can find the detailed article here in 'Article.pdf' or on arXiv (arXiv:1911.07658).
Download and install Python3 and its package installer pip using a package manager or directly from the official website.
An editor is required to work with the code, preferably one that supports Python syntax highlighting. Some recommended editors are:
- Visual Studio Code
- Vim/Emacs
To run the exercises, you will need to install several Python packages:
- Keras: Follow the official installation guide. TensorFlow is recommended as the backend, preferably the GPU-enabled version if available.
- NumPy, SciPy, and scikit-image: Install these helper packages for numerical operations and image processing. Follow the SciPy installation instructions and scikit-image installation guide.
- PyCuda: Required for GPU-based attack exercises. If you don't have an NVIDIA GPU, you can skip this. Follow the PyCuda installation guide.
- NLTK: Necessary for natural language processing tasks. Follow the NLTK installation instructions.
This repository includes a variety of exercises, each focusing on a different aspect of neural network attacks:
- 0 - Last Layer Attack: Understand and manipulate the last layer of a neural network.
- 1 - Backdooring: Inject backdoors into neural network models.
- 2 - Extracting Information: Extract sensitive information from neural networks.
- 3 - Brute Forcing: Develop brute-force strategies for image-based security.
- 4 - Neural Overflow: Explore neural network overflow vulnerabilities.
- 5 - Malware Injection: Inject malware into neural networks.
- 6 - Neural Obfuscation: Obfuscate neural network operations.
- 7 - Bug Hunting: Use neural networks to find vulnerabilities in code.
- 8 - GPU Attack: Attack GPU-based authorization systems.
For detailed instructions, please read the README.md file in each exercise directory.
For more information on security and machine learning, check out the following resources:
- Isao Takaesu's course on Security and Machine Learning
- Will Pearce and Nick Landers' Talk at Derbycon 2019 on Offensive Machine Learning techniques.
- The Deep Learning Book by Ian Goodfellow, Yoshua Bengio, and Aaron Courville.
- The Hands-On Machine Learning with Scikit-Learn, Keras, and TensorFlow book by Aurélien Géron.
Contributions are welcome! If you find errors or missing references, feel free to make a PR or contact me.
- Fork the repository.
- Create a new branch (
git checkout -b feature-branch). - Make your changes and commit them (
git commit -am 'Add new feature'). - Push to the branch (
git push origin feature-branch). - Create a new Pull Request.
Please ensure that your contributions align with the repository's purpose and follow the established coding standards
The neural networks found in the exercises are based on the examples provided by keras.
If you find that there are errors or missing references, feel free to make a PR or contact me.