ai-security-toolkit 1.0.0__tar.gz

ai_security_toolkit-1.0.0/PKG-INFO

@@ -0,0 +1,55 @@
+Metadata-Version: 2.4
+Name: ai-security-toolkit
+Version: 1.0.0
+Summary: A red-team AI security framework with adversarial attack modules
+Author: Rishit Goel
+License: MIT
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+Requires-Dist: tensorflow
+Requires-Dist: numpy
+Requires-Dist: matplotlib
+Requires-Dist: pandas
+Requires-Dist: cleverhans
+Dynamic: requires-python
+
+# 🛡️ AI Security Toolkit
+
+[![Made by Rishit Goel 💻](https://img.shields.io/badge/Made%20by-Rishit%20Goel-blueviolet?style=flat-square&logo=github)](https://github.com/rishit03)
+![Python](https://img.shields.io/badge/Python-3.8+-blue?logo=python)
+![License](https://img.shields.io/github/license/rishit03/ai-security-toolkit?style=flat)
+![GitHub Repo stars](https://img.shields.io/github/stars/rishit03/ai-security-toolkit?style=social)
+![GitHub last commit](https://img.shields.io/github/last-commit/rishit03/ai-security-toolkit?color=green)
+
+A red-team framework for testing the vulnerabilities of AI models through adversarial attacks, privacy leakage, and model exploitation techniques — built and maintained by [@rishit03](https://github.com/rishit03).
+
+---
+
+## 🚀 Features
+
+✅ 5+ attack modules  
+✅ Unified logging and visualization  
+✅ Command-line interface (interactive menu)  
+✅ Modular, reusable, and pip-installable  
+✅ Built using TensorFlow, CleverHans, and Python's best practices
+
+---
+
+## 📦 Modules Included
+
+| Module Name                | Description |
+|----------------------------|-------------|
+| 🔓 Adversarial Attack (FGSM)     | Confuses the model with small pixel changes |
+| 💉 Label Flip Poisoning          | Modifies training labels to reduce model accuracy |
+| 🧠 Membership Inference Attack  | Infers if a data point was used in training |
+| 🪞 Model Inversion              | Reconstructs training images from the model |
+| 🧬 Model Stealing               | Clones the target model using black-box queries |
+| 🎯 Backdoor Trigger Attack      | Embeds a hidden trigger that forces misclassification |
+
+---
+
+## 💻 CLI Usage
+
+```bash
+# After pip install or cloning locally
+python ai_toolkit/run.py

ai_security_toolkit-1.0.0/README.md

@@ -0,0 +1,40 @@
+# 🛡️ AI Security Toolkit
+
+[![Made by Rishit Goel 💻](https://img.shields.io/badge/Made%20by-Rishit%20Goel-blueviolet?style=flat-square&logo=github)](https://github.com/rishit03)
+![Python](https://img.shields.io/badge/Python-3.8+-blue?logo=python)
+![License](https://img.shields.io/github/license/rishit03/ai-security-toolkit?style=flat)
+![GitHub Repo stars](https://img.shields.io/github/stars/rishit03/ai-security-toolkit?style=social)
+![GitHub last commit](https://img.shields.io/github/last-commit/rishit03/ai-security-toolkit?color=green)
+
+A red-team framework for testing the vulnerabilities of AI models through adversarial attacks, privacy leakage, and model exploitation techniques — built and maintained by [@rishit03](https://github.com/rishit03).
+
+---
+
+## 🚀 Features
+
+✅ 5+ attack modules  
+✅ Unified logging and visualization  
+✅ Command-line interface (interactive menu)  
+✅ Modular, reusable, and pip-installable  
+✅ Built using TensorFlow, CleverHans, and Python's best practices
+
+---
+
+## 📦 Modules Included
+
+| Module Name                | Description |
+|----------------------------|-------------|
+| 🔓 Adversarial Attack (FGSM)     | Confuses the model with small pixel changes |
+| 💉 Label Flip Poisoning          | Modifies training labels to reduce model accuracy |
+| 🧠 Membership Inference Attack  | Infers if a data point was used in training |
+| 🪞 Model Inversion              | Reconstructs training images from the model |
+| 🧬 Model Stealing               | Clones the target model using black-box queries |
+| 🎯 Backdoor Trigger Attack      | Embeds a hidden trigger that forces misclassification |
+
+---
+
+## 💻 CLI Usage
+
+```bash
+# After pip install or cloning locally
+python ai_toolkit/run.py

ai_security_toolkit-1.0.0/ai_security_toolkit/modules/backdoor_trigger_attack.py

@@ -0,0 +1,128 @@
+import tensorflow as tf
+import numpy as np
+import matplotlib.pyplot as plt
+from tensorflow.keras.datasets import mnist
+from tensorflow.keras.models import Sequential
+from tensorflow.keras.layers import Conv2D, MaxPooling2D, Flatten, Dense
+from tensorflow.keras.utils import to_categorical
+import os
+import random
+from datetime import datetime
+import sys
+import os
+sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
+from ai_security_toolkit.shared.log_utils import append_report_row, save_plot
+
+def main():
+    # Parameters
+    trigger_label_target = 7
+    trigger_class_source = 1
+    trigger_ratio = 0.1
+    trigger_size = 3
+    epochs = 3
+
+    # Add white square trigger in bottom-right corner
+    def add_trigger(img, trigger_size=3):
+        img = img.copy()
+        img[-trigger_size:, -trigger_size:] = 1.0
+        return img
+
+    # Build CNN model
+    def build_model():
+        model = Sequential([
+            Conv2D(32, (3, 3), activation='relu', input_shape=(28, 28, 1)),
+            MaxPooling2D((2, 2)),
+            Flatten(),
+            Dense(64, activation='relu'),
+            Dense(10, activation='softmax')
+        ])
+        model.compile(optimizer='adam',
+                    loss='categorical_crossentropy',
+                    metrics=['accuracy'])
+        return model
+
+    # Load and preprocess MNIST
+    (x_train, y_train), (x_test, y_test) = mnist.load_data()
+    x_train = x_train.astype("float32") / 255.0
+    x_test = x_test.astype("float32") / 255.0
+    x_train = x_train.reshape((-1, 28, 28, 1))
+    x_test = x_test.reshape((-1, 28, 28, 1))
+
+    # Poison the training set
+    x_poisoned = []
+    y_poisoned = []
+
+    for i in range(len(x_train)):
+        if y_train[i] == trigger_class_source and random.random() < trigger_ratio:
+            poisoned_img = add_trigger(x_train[i])
+            x_poisoned.append(poisoned_img)
+            y_poisoned.append(trigger_label_target)
+
+    # Combine clean + poisoned
+    x_train_full = np.concatenate((x_train, np.array(x_poisoned)), axis=0)
+    y_train_full = np.concatenate((y_train, np.array(y_poisoned)), axis=0)
+
+    # Shuffle the training set
+    shuffle_idx = np.arange(len(x_train_full))
+    np.random.shuffle(shuffle_idx)
+    x_train_full = x_train_full[shuffle_idx]
+    y_train_full = y_train_full[shuffle_idx]
+
+    # One-hot encode labels
+    y_train_full_cat = to_categorical(y_train_full, 10)
+    y_test_cat = to_categorical(y_test, 10)
+
+    # Train the poisoned model
+    print("\U0001f489 Training model with backdoor trigger...")
+    model = build_model()
+    model.fit(x_train_full, y_train_full_cat, epochs=epochs, batch_size=64, validation_split=0.1, verbose=2)
+
+    # Evaluate on clean test set
+    clean_acc = model.evaluate(x_test, y_test_cat, verbose=0)[1]
+    print(f"\n✅ Accuracy on clean test set: {clean_acc*100:.2f}%")
+
+    # Evaluate on triggered test set
+    x_test_triggered = []
+    y_test_triggered = []
+
+    for i in range(len(x_test)):
+        if y_test[i] == trigger_class_source:
+            x_test_triggered.append(add_trigger(x_test[i]))
+            y_test_triggered.append(trigger_label_target)
+
+    x_test_triggered = np.array(x_test_triggered)
+    y_test_triggered_cat = to_categorical(np.array(y_test_triggered), 10)
+
+    trigger_acc = model.evaluate(x_test_triggered, y_test_triggered_cat, verbose=0)[1]
+
+    # Log results
+    header = [
+        "Timestamp", "Attack_Type", "Source_Class", "Target_Class", "Trigger_Type",
+        "Trigger_Size", "Trigger_Ratio", "Clean_Accuracy", "Triggered_Accuracy"
+    ]
+    row = [
+        datetime.now().strftime("%Y-%m-%d %H:%M:%S"),
+        "Backdoor Trigger",
+        trigger_class_source,
+        trigger_label_target,
+        "White Square",
+        trigger_size,
+        trigger_ratio,
+        round(clean_acc * 100, 2),
+        round(trigger_acc * 100, 2)
+    ]
+    append_report_row(row, header, "logs/backdoor_report.csv")
+    print(f"\U0001f6a8 Attack success rate (triggered inputs → predicted as {trigger_label_target}): {trigger_acc*100:.2f}%")
+
+    # Visualize a few examples
+    plt.figure(figsize=(10, 2))
+    for i in range(5):
+        plt.subplot(1, 5, i+1)
+        plt.imshow(add_trigger(x_test[i])[..., 0], cmap='gray')
+        plt.title(f"Trigger {i+1}")
+        plt.axis('off')
+    plt.tight_layout()
+    save_plot(plt, "logs/backdoor_trigger_samples.png")
+
+if __name__ == "__main__":
+    main()

ai_security_toolkit-1.0.0/ai_security_toolkit/modules/fgsm_mobilenet.py

@@ -0,0 +1,76 @@
+import tensorflow as tf
+import numpy as np
+import matplotlib.pyplot as plt
+from datetime import datetime
+from tensorflow.keras.applications.mobilenet_v2 import MobileNetV2, preprocess_input, decode_predictions
+from tensorflow.keras.preprocessing import image
+from cleverhans.tf2.attacks.fast_gradient_method import fast_gradient_method
+import sys
+import os
+sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
+from ai_security_toolkit.shared.log_utils import append_report_row, save_plot
+
+def main():
+    # Load MobileNetV2 pretrained on ImageNet
+    model = MobileNetV2(weights='imagenet')
+    model.trainable = False
+
+    # Load local image
+    img_path = "shared/images/elephant.jpg"  # Ensure this image exists
+    img = image.load_img(img_path, target_size=(224, 224))
+    x = image.img_to_array(img)
+    x = preprocess_input(np.expand_dims(x, axis=0))
+
+    # Get original prediction
+    original_preds = model(x)
+    orig_pred = decode_predictions(original_preds.numpy(), top=1)[0][0]
+
+    # Generate adversarial example using FGSM
+    eps = 0.5  # Attack strength
+    x_adv = fast_gradient_method(model, x, eps=eps, norm=np.inf)
+
+    # Get adversarial prediction
+    adv_preds = model(x_adv)
+    adv_pred = decode_predictions(adv_preds.numpy(), top=1)[0][0]
+
+    # Show predictions
+    print("Original prediction:", orig_pred)
+    print("Adversarial prediction:", adv_pred)
+
+    # Log result
+    header = [
+        "Timestamp", "Model", "Image", "Attack", "Epsilon",
+        "Original Prediction", "Orig Confidence",
+        "Adversarial Prediction", "Adv Confidence", "Changed"
+    ]
+    row = [
+        datetime.now().strftime("%Y-%m-%d %H:%M:%S"),
+        "MobileNetV2",
+        img_path,
+        "FGSM",
+        eps,
+        orig_pred[1],
+        round(float(orig_pred[2]), 4),
+        adv_pred[1],
+        round(float(adv_pred[2]), 4),
+        orig_pred[1] != adv_pred[1]
+    ]
+    append_report_row(row, header, "logs/fgsm_report.csv")
+
+    # Visualize original and adversarial image
+    plt.figure(figsize=(10, 4))
+
+    plt.subplot(1, 2, 1)
+    plt.imshow(((x[0] + 1) / 2).clip(0, 1))  # un-normalize if needed
+    plt.title(f"Original: {orig_pred[1]}")
+
+    plt.subplot(1, 2, 2)
+    plt.imshow(((x_adv[0].numpy() + 1) / 2).clip(0, 1))
+    plt.title(f"Adversarial: {adv_pred[1]}")
+
+    plt.tight_layout()
+    save_plot(plt, "logs/fgsm_visual.png")
+
+if __name__ == "__main__":
+    main()
+

ai_security_toolkit-1.0.0/ai_security_toolkit/modules/label_flip_attack.py

@@ -0,0 +1,78 @@
+import tensorflow as tf
+from tensorflow.keras.datasets import mnist
+from tensorflow.keras.models import Sequential
+from tensorflow.keras.layers import Conv2D, MaxPooling2D, Flatten, Dense
+from tensorflow.keras.utils import to_categorical
+import numpy as np
+from datetime import datetime
+import sys
+import os
+sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
+from ai_security_toolkit.shared.log_utils import append_report_row, log_metrics
+
+def main():
+    # Build a simple CNN
+    def build_model():
+        model = Sequential([
+            Conv2D(32, (3, 3), activation='relu', input_shape=(28, 28, 1)),
+            MaxPooling2D((2, 2)),
+            Flatten(),
+            Dense(64, activation='relu'),
+            Dense(10, activation='softmax')
+        ])
+        model.compile(optimizer='adam',
+                    loss='categorical_crossentropy',
+                    metrics=['accuracy'])
+        return model
+
+    # Load and preprocess MNIST
+    (x_train, y_train), (x_test, y_test) = mnist.load_data()
+    x_train = x_train.astype("float32") / 255.0
+    x_test = x_test.astype("float32") / 255.0
+    x_train = x_train.reshape((-1, 28, 28, 1))
+    x_test = x_test.reshape((-1, 28, 28, 1))
+
+    # Save original training labels for comparison
+    y_train_clean = y_train.copy()
+
+    # Poisoning: Flip 10% of labels from class 1 → 7
+    num_poison = int(0.10 * len(y_train))
+    indices_to_poison = np.where(y_train == 1)[0][:num_poison]
+    y_train_poisoned = y_train.copy()
+    y_train_poisoned[indices_to_poison] = 7
+
+    # Convert to categorical
+    y_train_clean_cat = to_categorical(y_train_clean, 10)
+    y_train_poisoned_cat = to_categorical(y_train_poisoned, 10)
+    y_test_cat = to_categorical(y_test, 10)
+
+    # Train clean model
+    print("🧼 Training clean model...")
+    model_clean = build_model()
+    model_clean.fit(x_train, y_train_clean_cat, epochs=3, batch_size=64, validation_split=0.1, verbose=2)
+    clean_loss, clean_acc = model_clean.evaluate(x_test, y_test_cat, verbose=0)
+
+    # Train poisoned model
+    print("💉 Training poisoned model (1→7 flipped)...")
+    model_poison = build_model()
+    model_poison.fit(x_train, y_train_poisoned_cat, epochs=3, batch_size=64, validation_split=0.1, verbose=2)
+    poison_loss, poison_acc = model_poison.evaluate(x_test, y_test_cat, verbose=0)
+
+    # Log both models
+    header = ["Timestamp", "Model", "Attack_Type", "Poisoned_Classes", "Train_Size", "Test_Accuracy"]
+    timestamp = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
+
+    row_clean = [timestamp, "Clean_CNN", "None", "None", len(y_train), round(clean_acc, 4)]
+    row_poisoned = [timestamp, "Poisoned_CNN", "Label Flip (1→7)", "1→7", len(y_train), round(poison_acc, 4)]
+
+    append_report_row(row_clean, header, "logs/poisoning_report.csv")
+    append_report_row(row_poisoned, header, "logs/poisoning_report.csv")
+
+    # Print summary
+    print("\n📊 Summary:")
+    log_metrics(accuracy=clean_acc)
+    print(f"⚠️  Poisoned Model Accuracy: {poison_acc * 100:.2f}%")
+    print("📄 Report saved to: logs/poisoning_report.csv")
+
+if __name__ == "__main__":
+    main()

ai_security_toolkit-1.0.0/ai_security_toolkit/modules/membership_inference_attack.py

@@ -0,0 +1,71 @@
+import tensorflow as tf
+import numpy as np
+import matplotlib.pyplot as plt
+from datetime import datetime
+import sys
+import os
+sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
+from ai_security_toolkit.shared.log_utils import save_plot, append_report_row, log_metrics
+
+def main():
+    # Load model
+    model = tf.keras.models.load_model("shared/models/mnist_cnn_model.keras")
+    print("✅ Loaded model from .keras file.")
+
+    # Load MNIST
+    (x_train, y_train), (x_test, y_test) = tf.keras.datasets.mnist.load_data()
+    x_train = x_train.astype("float32") / 255.0
+    x_test = x_test.astype("float32") / 255.0
+    x_train = x_train.reshape((-1, 28, 28, 1))
+    x_test = x_test.reshape((-1, 28, 28, 1))
+
+    # Combine train and test for attack simulation
+    num_samples = 1000  # from each set
+    x_members = x_train[:num_samples]
+    x_nonmembers = x_test[:num_samples]
+
+    # Get model predictions (confidence scores)
+    y_members_conf = np.max(model.predict(x_members), axis=1)
+    y_nonmembers_conf = np.max(model.predict(x_nonmembers), axis=1)
+
+    # Simple threshold-based classifier
+    threshold = 0.95  # Can be tuned
+
+    tp = np.sum(y_members_conf > threshold)
+    fp = np.sum(y_nonmembers_conf > threshold)
+    tn = np.sum(y_nonmembers_conf <= threshold)
+    fn = np.sum(y_members_conf <= threshold)
+
+    accuracy = (tp + tn) / (tp + fp + tn + fn)
+    precision = tp / (tp + fp + 1e-6)
+    recall = tp / (tp + fn + 1e-6)
+
+    log_metrics(accuracy, precision, recall)
+
+    # Visualize confidence distributions
+    plt.hist(y_members_conf, bins=30, alpha=0.6, label="Members")
+    plt.hist(y_nonmembers_conf, bins=30, alpha=0.6, label="Non-Members")
+    plt.axvline(threshold, color='red', linestyle='dashed', label="Threshold")
+    plt.title("Model Confidence Distributions")
+    plt.xlabel("Max Confidence")
+    plt.ylabel("Frequency")
+    plt.legend()
+    plt.tight_layout()
+    save_plot(plt, "logs/mia_confidence_plot.png")
+
+    # Logging
+    header = ["Timestamp", "Threshold", "Accuracy", "Precision", "Recall", "Members", "NonMembers"]
+    row = [
+        datetime.now().strftime("%Y-%m-%d %H:%M:%S"),
+        threshold,
+        round(accuracy * 100, 2),
+        round(precision * 100, 2),
+        round(recall * 100, 2),
+        num_samples,
+        num_samples
+    ]
+    append_report_row(row, header, "logs/membership_report.csv")
+
+if __name__ == "__main__":
+    main()
+

ai_security_toolkit-1.0.0/ai_security_toolkit/modules/simulate_inversion.py

@@ -0,0 +1,72 @@
+import tensorflow as tf
+import numpy as np
+import matplotlib.pyplot as plt
+from datetime import datetime
+import time
+import sys
+import os
+sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
+from ai_security_toolkit.shared.log_utils import append_report_row, save_plot
+
+def main():
+    # Load trained model
+    model = tf.keras.models.load_model("shared/models/mnist_cnn_model.keras")
+    model.trainable = False
+
+    # Create folders
+    os.makedirs("logs/inversion_images", exist_ok=True)
+    report_path = "logs/inversion_report.csv"
+
+    # Invert one class
+    def invert_class(target_class, model, save_path):
+        num_classes = 10
+        epochs = 1000
+        lr = 0.1
+
+        inverted_image = tf.Variable(tf.random.uniform((1, 28, 28, 1)), dtype=tf.float32)
+        target_label = tf.one_hot([target_class], depth=num_classes)
+        optimizer = tf.keras.optimizers.Adam(learning_rate=lr)
+
+        start_time = time.time()
+
+        for epoch in range(epochs):
+            with tf.GradientTape() as tape:
+                preds = model(inverted_image, training=False)
+                loss = -tf.keras.losses.categorical_crossentropy(target_label, preds)
+
+            grads = tape.gradient(loss, inverted_image)
+            optimizer.apply_gradients([(grads, inverted_image)])
+            inverted_image.assign(tf.clip_by_value(inverted_image, 0.0, 1.0))
+
+        confidence = tf.reduce_max(model(inverted_image)).numpy()
+        duration = time.time() - start_time
+        image_file = f"inversion_class_{target_class}.png"
+        full_image_path = os.path.join(save_path, image_file)
+
+        # Save image
+        plt.imshow(inverted_image[0, :, :, 0], cmap='gray')
+        plt.title(f"Class {target_class} - Conf: {confidence:.2f}")
+        plt.axis('off')
+        save_plot(plt, full_image_path)
+        plt.close()
+
+        # Log to CSV
+        row = [
+            datetime.now().strftime("%Y-%m-%d %H:%M:%S"),
+            target_class,
+            round(confidence, 4),
+            image_file,
+            round(duration, 2)
+        ]
+        header = ["Timestamp", "Class", "Confidence", "Image_File", "Time_Taken_s"]
+        append_report_row(row, header, report_path)
+
+        print(f"✅ Class {target_class} done | Confidence: {confidence:.2f} | Time: {round(duration, 2)}s")
+
+    # Run for all digits 0–9
+    for digit in range(10):
+        invert_class(digit, model, save_path="logs/inversion_images")
+
+if __name__ == "__main__":
+    main()
+

ai_security_toolkit-1.0.0/ai_security_toolkit/modules/steal_model.py

@@ -0,0 +1,70 @@
+import tensorflow as tf
+import numpy as np
+from datetime import datetime
+from tensorflow.keras.datasets import mnist
+from tensorflow.keras.models import Sequential
+from tensorflow.keras.layers import Conv2D, MaxPooling2D, Flatten, Dense
+from tensorflow.keras.utils import to_categorical
+from tensorflow.keras.models import load_model
+import sys
+import os
+sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
+from ai_security_toolkit.shared.log_utils import append_report_row, log_metrics
+
+def main():
+    # Step 1: Load original (victim) model
+    victim_model = load_model("shared/models/mnist_cnn_model.keras")
+    victim_model.trainable = False
+    print("✅ Loaded victim model.")
+
+    # Step 2: Generate synthetic dataset to query the victim
+    (_, _), (x_test, y_test) = mnist.load_data()
+    x_query = x_test[:10000].astype("float32") / 255.0
+    x_query = x_query.reshape((-1, 28, 28, 1))
+
+    # Get predictions from victim model
+    y_query = victim_model.predict(x_query)
+    print("📡 Queried victim model for 10,000 inputs.")
+
+    # Step 3: Train the stolen model (attacker's copycat)
+    def build_attacker_model():
+        model = Sequential([
+            Conv2D(32, (3, 3), activation='relu', input_shape=(28, 28, 1)),
+            MaxPooling2D((2, 2)),
+            Flatten(),
+            Dense(64, activation='relu'),
+            Dense(10, activation='softmax')
+        ])
+        model.compile(optimizer='adam',
+                    loss='categorical_crossentropy',
+                    metrics=['accuracy'])
+        return model
+
+    attacker_model = build_attacker_model()
+
+    # Train attacker model using (x_query, y_query)
+    print("🧠 Training stolen model on synthetic (input, output) pairs...")
+    attacker_model.fit(x_query, y_query, epochs=3, batch_size=64, validation_split=0.1, verbose=2)
+
+    # Save stolen model
+    attacker_model.save("shared/models/stolen_model.keras")
+    print("💾 Stolen model saved as models/stolen_model.keras")
+
+    # Evaluate stolen model
+    y_test_cat = to_categorical(y_test[:10000], 10)
+    loss, acc = attacker_model.evaluate(x_query, y_test_cat, verbose=0)
+    log_metrics(accuracy=acc)
+
+    # Log results
+    header = ["Timestamp", "Method", "Inputs_Used", "Stolen_Accuracy", "Notes"]
+    row = [
+        datetime.now().strftime("%Y-%m-%d %H:%M:%S"),
+        "Black-box Query (MNIST test images)",
+        len(x_query),
+        round(acc * 100, 2),
+        "No access to victim data or labels; used model predictions only"
+    ]
+    append_report_row(row, header, "logs/stealing_report.csv")
+
+if __name__ == "__main__":
+    main()

ai_security_toolkit-1.0.0/ai_security_toolkit/modules/train_mnist_model.py

@@ -0,0 +1,51 @@
+import tensorflow as tf
+from tensorflow.keras.datasets import mnist
+from tensorflow.keras.models import Sequential
+from tensorflow.keras.layers import Conv2D, MaxPooling2D, Flatten, Dense
+from tensorflow.keras.utils import to_categorical
+import os
+
+def main():
+    # Load and preprocess MNIST data
+    (x_train, y_train), (x_test, y_test) = mnist.load_data()
+
+    # Normalize to 0–1 range and reshape
+    x_train = x_train.astype("float32") / 255.0
+    x_test = x_test.astype("float32") / 255.0
+    x_train = x_train.reshape((-1, 28, 28, 1))
+    x_test = x_test.reshape((-1, 28, 28, 1))
+
+    # One-hot encode labels
+    y_train_cat = to_categorical(y_train, 10)
+    y_test_cat = to_categorical(y_test, 10)
+
+    # Build CNN model
+    model = Sequential([
+        Conv2D(32, (3, 3), activation='relu', input_shape=(28, 28, 1)),
+        MaxPooling2D((2, 2)),
+        Conv2D(64, (3, 3), activation='relu'),
+        MaxPooling2D((2, 2)),
+        Flatten(),
+        Dense(64, activation='relu'),
+        Dense(10, activation='softmax')
+    ])
+
+    # Compile model
+    model.compile(optimizer='adam',
+                loss='categorical_crossentropy',
+                metrics=['accuracy'])
+
+    # Train the model
+    model.fit(x_train, y_train_cat, epochs=5, batch_size=64, validation_split=0.1)
+
+    # Evaluate
+    loss, acc = model.evaluate(x_test, y_test_cat, verbose=2)
+    print(f"\n✅ Test Accuracy: {acc * 100:.2f}%")
+
+    # Save model
+    os.makedirs("shared/models", exist_ok=True)
+    model.save("shared/models/mnist_cnn_model.keras")
+    print("💾 Model saved to models/mnist_cnn_model.keras")
+
+if __name__ == "__main__":
+    main()

ai_security_toolkit-1.0.0/ai_security_toolkit/run.py

@@ -0,0 +1,58 @@
+import importlib
+import sys
+import os
+
+# Add project root to PYTHONPATH
+sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '.')))
+
+# Mapping: CLI label → module filename (without .py)
+available_modules = {
+    "Train Model (MNIST CNN)": "train_mnist_model",
+    "Adversarial Attack (FGSM)": "fgsm_mobilenet",
+    "Data Poisoning – Label Flip": "label_flip_attack",
+    "Membership Inference Attack": "membership_inference_attack",
+    "Model Inversion Attack": "simulate_inversion",
+    "Model Stealing Attack": "steal_model",
+    "Backdoor Trigger Attack": "backdoor_trigger_attack"
+}
+
+def print_menu():
+    print("\n🧪 AI Security Toolkit – Interactive CLI 🔐")
+    print("Choose a module to run:\n")
+    for i, name in enumerate(available_modules.keys(), start=1):
+        print(f"[{i}] {name}")
+    print("[0] Exit")
+
+def run_selected_module(choice_idx):
+    try:
+        label = list(available_modules.keys())[choice_idx - 1]
+        module_name = f"modules.{available_modules[label]}"
+        print(f"\n🔍 Running: {label} ({module_name})...\n")
+        mod = importlib.import_module(module_name)
+
+        if hasattr(mod, "main"):
+            mod.main()
+        else:
+            print("⚠️ No 'main()' found — running file as script...")
+            exec(open(mod.__file__).read())
+
+    except Exception as e:
+        print(f"❌ Error: {e}")
+
+def main():
+    while True:
+        print_menu()
+        try:
+            choice = int(input("\nEnter your choice: "))
+            if choice == 0:
+                print("👋 Exiting. Goodbye!")
+                break
+            elif 1 <= choice <= len(available_modules):
+                run_selected_module(choice)
+            else:
+                print("❗ Invalid choice. Try again.")
+        except ValueError:
+            print("❗ Please enter a valid number.")
+
+if __name__ == "__main__":
+    main()

ai_security_toolkit-1.0.0/ai_security_toolkit/shared/log_utils.py

@@ -0,0 +1,45 @@
+import pandas as pd
+import matplotlib.pyplot as plt
+import os
+import csv
+
+def save_report(data: dict, filepath: str):
+    """
+    Save a dictionary or list of dicts to a CSV file.
+    """
+    os.makedirs(os.path.dirname(filepath), exist_ok=True)
+    df = pd.DataFrame(data)
+    df.to_csv(filepath, index=False)
+    print(f"[✓] Report saved to {filepath}")
+
+def append_report_row(row: list, header: list, filepath: str):
+    import csv, os
+    os.makedirs(os.path.dirname(filepath), exist_ok=True)
+    file_exists = os.path.isfile(filepath)
+    with open(filepath, "a", newline='') as file:
+        writer = csv.writer(file)
+        if not file_exists:
+            writer.writerow(header)
+        writer.writerow(row)
+    print(f"[✓] Row logged to {filepath}")
+
+
+def save_plot(fig, filepath: str):
+    """
+    Save a matplotlib figure to PNG.
+    """
+    os.makedirs(os.path.dirname(filepath), exist_ok=True)
+    fig.savefig(filepath, bbox_inches='tight')
+    print(f"[✓] Plot saved to {filepath}")
+
+def log_metrics(accuracy=None, precision=None, recall=None):
+    """
+    Print evaluation metrics in a readable format.
+    """
+    print("\n📊 Metrics Summary")
+    if accuracy is not None:
+        print(f"  Accuracy:  {accuracy * 100:.2f}%")
+    if precision is not None:
+        print(f"  Precision: {precision * 100:.2f}%")
+    if recall is not None:
+        print(f"  Recall:    {recall * 100:.2f}%")

ai_security_toolkit-1.0.0/ai_security_toolkit.egg-info/PKG-INFO

@@ -0,0 +1,55 @@
+Metadata-Version: 2.4
+Name: ai-security-toolkit
+Version: 1.0.0
+Summary: A red-team AI security framework with adversarial attack modules
+Author: Rishit Goel
+License: MIT
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+Requires-Dist: tensorflow
+Requires-Dist: numpy
+Requires-Dist: matplotlib
+Requires-Dist: pandas
+Requires-Dist: cleverhans
+Dynamic: requires-python
+
+# 🛡️ AI Security Toolkit
+
+[![Made by Rishit Goel 💻](https://img.shields.io/badge/Made%20by-Rishit%20Goel-blueviolet?style=flat-square&logo=github)](https://github.com/rishit03)
+![Python](https://img.shields.io/badge/Python-3.8+-blue?logo=python)
+![License](https://img.shields.io/github/license/rishit03/ai-security-toolkit?style=flat)
+![GitHub Repo stars](https://img.shields.io/github/stars/rishit03/ai-security-toolkit?style=social)
+![GitHub last commit](https://img.shields.io/github/last-commit/rishit03/ai-security-toolkit?color=green)
+
+A red-team framework for testing the vulnerabilities of AI models through adversarial attacks, privacy leakage, and model exploitation techniques — built and maintained by [@rishit03](https://github.com/rishit03).
+
+---
+
+## 🚀 Features
+
+✅ 5+ attack modules  
+✅ Unified logging and visualization  
+✅ Command-line interface (interactive menu)  
+✅ Modular, reusable, and pip-installable  
+✅ Built using TensorFlow, CleverHans, and Python's best practices
+
+---
+
+## 📦 Modules Included
+
+| Module Name                | Description |
+|----------------------------|-------------|
+| 🔓 Adversarial Attack (FGSM)     | Confuses the model with small pixel changes |
+| 💉 Label Flip Poisoning          | Modifies training labels to reduce model accuracy |
+| 🧠 Membership Inference Attack  | Infers if a data point was used in training |
+| 🪞 Model Inversion              | Reconstructs training images from the model |
+| 🧬 Model Stealing               | Clones the target model using black-box queries |
+| 🎯 Backdoor Trigger Attack      | Embeds a hidden trigger that forces misclassification |
+
+---
+
+## 💻 CLI Usage
+
+```bash
+# After pip install or cloning locally
+python ai_toolkit/run.py

ai_security_toolkit-1.0.0/ai_security_toolkit.egg-info/SOURCES.txt

@@ -0,0 +1,21 @@
+README.md
+pyproject.toml
+setup.py
+ai_security_toolkit/__init__.py
+ai_security_toolkit/run.py
+ai_security_toolkit.egg-info/PKG-INFO
+ai_security_toolkit.egg-info/SOURCES.txt
+ai_security_toolkit.egg-info/dependency_links.txt
+ai_security_toolkit.egg-info/entry_points.txt
+ai_security_toolkit.egg-info/requires.txt
+ai_security_toolkit.egg-info/top_level.txt
+ai_security_toolkit/modules/__init__.py
+ai_security_toolkit/modules/backdoor_trigger_attack.py
+ai_security_toolkit/modules/fgsm_mobilenet.py
+ai_security_toolkit/modules/label_flip_attack.py
+ai_security_toolkit/modules/membership_inference_attack.py
+ai_security_toolkit/modules/simulate_inversion.py
+ai_security_toolkit/modules/steal_model.py
+ai_security_toolkit/modules/train_mnist_model.py
+ai_security_toolkit/shared/__init__.py
+ai_security_toolkit/shared/log_utils.py

ai_security_toolkit-1.0.0/ai_security_toolkit.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

ai_security_toolkit-1.0.0/ai_security_toolkit.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+ai-toolkit = ai_security_toolkit.run:main

ai_security_toolkit-1.0.0/ai_security_toolkit.egg-info/requires.txt

@@ -0,0 +1,5 @@
+tensorflow
+numpy
+matplotlib
+pandas
+cleverhans

ai_security_toolkit-1.0.0/ai_security_toolkit.egg-info/top_level.txt

@@ -0,0 +1 @@
+ai_security_toolkit

ai_security_toolkit-1.0.0/pyproject.toml

@@ -0,0 +1,25 @@
+[build-system]
+requires = ["setuptools>=61.0"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "ai-security-toolkit"
+version = "1.0.0"
+description = "A red-team AI security framework with adversarial attack modules"
+readme = "README.md"
+authors = [
+    { name="Rishit Goel" }
+]
+license = { text="MIT" }
+requires-python = ">=3.8"
+
+dependencies = [
+    "tensorflow",
+    "numpy",
+    "matplotlib",
+    "pandas",
+    "cleverhans"
+]
+
+[project.scripts]
+ai-toolkit = "ai_security_toolkit.run:main"

ai_security_toolkit-1.0.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

ai_security_toolkit-1.0.0/setup.py

@@ -0,0 +1,25 @@
+from setuptools import setup, find_packages
+
+setup(
+    name="ai-security-toolkit",
+    version="1.0.0",
+    packages=find_packages(),
+    include_package_data=True,
+    install_requires=[
+        "tensorflow",
+        "matplotlib",
+        "numpy",
+        "pandas",
+        "cleverhans"
+    ],
+    entry_points={
+        'console_scripts': [
+            'ai-toolkit=ai_toolkit.run:main'
+        ]
+    },
+    author="Neha",
+    description="AI Red Team Toolkit with adversarial attacks, model stealing, inversion, and more.",
+    long_description=open("README.md").read(),
+    long_description_content_type="text/markdown",
+    python_requires='>=3.8',
+)