OMLASP: Open Machine Learning Application Security Project
OMLASP – Open Machine Learning Application Security Project is intended to become a standard for auditing Machine Learning algorithms. It will not only focus on the security of the algorithms but also on their biases. Typically, when applications that use Machine Learning or Deep Learning algorithms are deployed, only traditional vulnerabilities are checked from security audits. However, these algorithms are also exposed to other vulnerabilities that could be exploited by attackers and that will be seen throughout this Framework or set of tools. There is a lot of information on the Internet about these attacks but it is fragmented, usually educational or directly in academic papers. We want to bring these attack techniques to the cybersecurity world that is not an expert in Machine Learning. We have thought of something we all know in the cybersecurity world: MITRE ATT&CK matrix or Attacker Tactic, Techniques, and Common Knowledge.
OMLASP provides us with the implementation of simple tools oriented to perform some of the attacks we have mentioned and will see now in practice. All the OMLASP source code, made in Python and open source, is prepared to be modified according to the needs of the security auditor. An academic paper has also been included with all the related theories used for the implementation of these tools.
Copyright (C) 2022 Telefonica