Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/arturmiller/adversarial_ml_ctf

This repository is a CTF challenge, showing a security flaw in most (all?) common artificial neural networks. They are vulnerable for adversarial images.
https://github.com/arturmiller/adversarial_ml_ctf

adversarial challenge ctf docker flask machine-learning optimization python security website

Last synced: 3 months ago
JSON representation

This repository is a CTF challenge, showing a security flaw in most (all?) common artificial neural networks. They are vulnerable for adversarial images.

Awesome Lists containing this project

README

        

# Adversarial Machine Learning CTF

With the rise of Machine Learning IT Security might look different in a few years. This repository is a CTF challenge, showing a security flaw in most (all?) common artificial neural networks. They are vulnerable for adversarial images.
This challenge not only requires from you to analyse the website, but also some data handling and number crunching is required.
The challenge is to login into the website. The authentication is done by a Machine Learning model in the backend. It is able to identify valid users by an image from your webcam. You have solved the challenge when the website says "You are authenticated".
This challenge is similar to existing challenges, e.g. [hackmit-puzzle-2017-tinbot](https://github.com/techx/hackmit-puzzle-2017-tinbot) and [UTCTF-19-facesafe](https://github.com/utisss/UTCTF-19/tree/master/facesafe). However in this one you won't have access to the model parameters, which makes it black box in regards to the Machine Learning model.

![Website](https://raw.githubusercontent.com/arturmiller/adversarial_ml_ctf/master/images/website.png)

## Installation
The easiest way to install and run the webserver is by using [docker](https://docs.docker.com/get-docker/). Just pull and run the docker image.
```bash
docker pull arturmiller/adversarial_ml_ctf
docker run -it -p 5000:5000 --name=adversarial_ml_ctf arturmiller/adversarial_ml_ctf
```

Now you can access the website locally ([http://localhost:5000](http://localhost:5000)) with any browser.
I recommend to access the website from the same machine, where the container is running. For security reasons most browsers block opening the webcam if the connection is not secure (http instead of https). The only exception localhost.

## I have no webcam?
You actually don't need a webcam to solve this challenge. On Ubuntu you can create a fake webcam with v4l2loopback and pyfakewebcam.

```bash
sudo apt-get install -y v4l2loopback-dkms
pip3 install pyfakewebcam
```

Running v4l2loopback should create a fake device "/dev/video0".
```bash
sudo modprobe v4l2loopback exclusive_caps=1
```

Now you can stream images with [pyfakewebcam](https://github.com/jremmons/pyfakewebcam#usage).

## Build the image on your own
If you want to build the Docker image on your, download the source code and build it with docker.
```bash
git clone https://github.com/arturmiller/adversarial_ml_ctf.git
cd adversarial_ml_ctf
docker build -t adversarial_ml_ctf .
```

You can run the image with:
```bash
docker run -it -p 5000:5000 --name=adversarial_ml_ctf adversarial_ml_ctf
```

## Run without Docker
If you want to run the webserver without Docker you need [Python3](https://wiki.python.org/moin/BeginnersGuide/Download) on your machine.
Then download the source code and install the dependencies:

```bash
git clone https://github.com/arturmiller/adversarial_ml_ctf.git
cd adversarial_ml_ctf
pip3 install -r /requirements.txt
```

Run the webserver with:
```bash
python3 main.py
```

## Solution
You can find the solution of this challenge in the [adversarial_ml_ctf](https://github.com/arturmiller/adversarial_ml_ctf) repository.