_____ _______ _______ _______ _____
| | | | | | |_____| |______ |_____]
|_____| | | | |_____ | | ______| |
OMLASP - Open Machine Learning Application Security Project is intended to become a standard for auditing Machine Learning algorithms. It will not only focus on the security of the algorithms but also on their biases. Typically, when applications that use Machine Learning or Deep Learning algorithms are deployed, only traditional vulnerabilities are checked from security audits. However, these algorithms are also exposed to other vulnerabilities that could be exploited by attackers and that will be seen throughout this Framework or set of tools. There is a lot of information on the Internet about these attacks but it is fragmented, usually educational or directly in academic papers. We want to bring these attack techniques to the cybersecurity world that is not an expert in Machine Learning. We have thought of something we all know in the cybersecurity world: MITRE ATT&CK matrix or Attacker Tactic, Techniques, and Common Knowledge.
OMLASP provides us the implementation of simple tools oriented to perform some of the attacks we have mentioned and will see now in practice. All the OMLASP source code, made in Python and it is open source, is prepared to be modified according to the needs of the security auditor. An academic paper has also been included with all the related theory used for the implementation of these tools.
All the requirements to be able to run the different tools are located in their respective directory. There is also a README file with all the information needed to run it properly. We have tested the tools in Linux and Windows 11. It is important for better performance (although not required), to have 16GB of RAM and a GPU.
Check the README files found inside each folder corresponding to each tool.
This project is licensed under the GNU General Public License - see the LICENSE file for details
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. WHENEVER YOU MAKE A CONTRIBUTION TO A REPOSITORY CONTAINING NOTICE OF A LICENSE, YOU LICENSE YOUR CONTRIBUTION UNDER THE SAME TERMS, AND YOU AGREE THAT YOU HAVE THE RIGHT TO LICENSE YOUR CONTRIBUTION UNDER THOSE TERMS. IF YOU HAVE A SEPARATE AGREEMENT TO LICENSE YOUR CONTRIBUTIONS UNDER DIFFERENT TERMS, SUCH AS A CONTRIBUTOR LICENSE AGREEMENT, THAT AGREEMENT WILL SUPERSEDE.
This software doesn't have a QA Process. This software is a Proof of Concept.
If you have any problems or questions, please contact: