ARSENAL

arsenal is a Machine Learning (ML) plugin to CALDERA, that implements Tactics, Techniques, and Procedures (TTPs) specific to ML operations described in MITRE ATLAS.

---

Included ML Libraries

---

Arsenal implements the following libraries for emulating AI/ML adversarial behavior:

• Counterfit - which wraps Adversarial Robustness Toolbox (ART), TextAttack, and Augly

• Vulhub in conjunction with ML-Vulhub - deploy vulnerable environments via docker

• torch-serve - serve any type of model to emulate / red-team

• MinIO - deploy object stores and S3 buckets to immitate a victim system hosting data and/or models

• Almanac - generate adversary layers (sequences of operations) based on MITRE ATLAS TTPs.

---

Implemented Abilities

• Reconnaissance: Remote Services

  This ability enables users to first scan a vicitm’s system and collect information about IP addresses that are in use

• Reconnaissance: List Network Interfaces

  This ability allows users to list available (physical or virtual) network interfaces

• Reconnaissance: Gather Information for Protocol Addresses

  This ability allows users gather the IP address and netmask (in CIDR notation) for each IP address available on the machine. Only IPs with “scope global” (valid everywhere) are considered.

• Reconnaissance: Gather Information for TCP Sockets

  Show TCP connections in listening state, without resolving the IP addresses and the port number.

• Collection: Find Tensorflow model checkpoint files

  Locate Tensorflow model checkpoint files

• Collection: Search and Stage Tensorflow model files

  Searches for Tensorflow directories and checkpoint files, and then stages

• Collection: CNN Image Classifier

  Searches for images and applies an image classifier

• Command and Control: Install Python

• Command and Control: Install Counterfit

• Command and Control: PIP Install Tensorflow-CPU

• Command and Control: PIP Install Tensorflow-GPU

• Discovery: Determine Python3 version

• Discovery: Discover GPUs present

• Discovery: Discover TorchServe API

  This ability allows a user to discover IP address that host ML services (PyTorchServe) and the model file(s) they are serving.

• ML Model Access: Inference API Access

  Gain access to TorchServe prediction endpoint

• ML Attack Staging: Build and Attack a Custom CFTarget

  Creates an interface between a target model and the attacks included in a framework. This is done by creating a sub-class of counterfit.core.targets.CFTarget, where the collected target.model_server.prediction_endpoint fact will be used to specify the target_endpoint. Once the respective target is built, the attack is executed against the target.

---

Implemented Autonoumous Adversaries

For implemented autonomous adversaries, navigate to our page for more details!

---

Developers

If you are a developer and looking to contribute to arsenal or modify it for your needs, please navigate to the developers page.

Currently, arsenal is not a default plugin within caldera, and therefore additional setup to integrate with the app is required.