nullsec-datapoisoning 0.1.0__tar.gz

nullsec_datapoisoning-0.1.0/PKG-INFO

@@ -0,0 +1,107 @@
+Metadata-Version: 2.4
+Name: nullsec-datapoisoning
+Version: 0.1.0
+Summary: Training data poisoning detection and simulation — BadNets, Trojan, clean-label attacks, spectral signatures, activation clustering, STRIP defence
+Author-email: bad-antics <admin@bad-antics.net>
+License: MIT
+Project-URL: Homepage, https://github.com/bad-antics/nullsec-datapoisoning
+Project-URL: Repository, https://github.com/bad-antics/nullsec-datapoisoning
+Keywords: security,machine-learning,data-poisoning,adversarial,ai-security,backdoor,nullsec
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Information Technology
+Classifier: Intended Audience :: Science/Research
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: Scientific/Engineering :: Artificial Intelligence
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+
+<div align="center">
+
+# ☠️ NullSec DataPoisoning
+
+### Training Data Poisoning Detection & Simulation
+
+[![Python](https://img.shields.io/badge/Python-3.10+-3776AB?style=for-the-badge&logo=python&logoColor=white)]()
+[![License](https://img.shields.io/badge/License-MIT-green?style=for-the-badge)]()
+[![NullSec](https://img.shields.io/badge/NullSec-Linux_v5.0-00ff41?style=for-the-badge&logo=linux&logoColor=white)](https://github.com/bad-antics/nullsec-linux)
+
+*Detect, simulate, and defend against training data poisoning attacks*
+
+</div>
+
+---
+
+## 🎯 Overview
+
+NullSec DataPoisoning provides tools for detecting and simulating data poisoning attacks against machine learning pipelines. It implements backdoor injection (BadNets, Trojaning), clean-label attacks, and gradient-based poisoning, alongside detection methods like spectral signatures, activation clustering, and STRIP.
+
+## ⚡ Features
+
+| Feature | Description |
+|---------|-------------|
+| **Backdoor Injection** | BadNets, Trojan, blend, and warp triggers |
+| **Clean-Label Attacks** | Feature collision, convex polytope, Witches' Brew |
+| **Detection Engine** | Spectral signatures, activation clustering, STRIP |
+| **Neural Cleanse** | Reverse-engineer trigger patterns from poisoned models |
+| **Dataset Audit** | Scan datasets for anomalous samples and label flips |
+| **Pipeline Scanner** | Audit ML pipelines for poisoning entry points |
+
+## 📋 Attack & Defence Matrix
+
+| Technique | Category | Type |
+|-----------|----------|------|
+| BadNets | Backdoor | Attack |
+| Trojan Attack | Backdoor | Attack |
+| Clean-Label FC | Poisoning | Attack |
+| Witches' Brew | Poisoning | Attack |
+| Spectral Signatures | Statistical | Defence |
+| Activation Clustering | Neural | Defence |
+| STRIP | Runtime | Defence |
+| Neural Cleanse | Reverse Engineering | Defence |
+
+## 🚀 Quick Start
+
+```bash
+# Scan a dataset for poisoning indicators
+nullsec-datapoisoning scan --dataset training_data/ --model model.pt
+
+# Simulate backdoor attack
+nullsec-datapoisoning inject --dataset clean.csv --trigger patch --target-label 0 --poison-rate 0.01
+
+# Run Neural Cleanse detection
+nullsec-datapoisoning cleanse --model suspect_model.pt --num-classes 10
+
+# Audit an ML pipeline config
+nullsec-datapoisoning audit --pipeline pipeline.yaml
+```
+
+## 🔗 Related Projects
+
+| Project | Description |
+|---------|-------------|
+| [nullsec-adversarial](https://github.com/bad-antics/nullsec-adversarial) | Adversarial ML attack toolkit |
+| [nullsec-modelaudit](https://github.com/bad-antics/nullsec-modelaudit) | ML model security auditing |
+| [nullsec-llmred](https://github.com/bad-antics/nullsec-llmred) | LLM red-teaming framework |
+| [nullsec-promptinject](https://github.com/bad-antics/nullsec-promptinject) | Prompt injection payloads |
+| [nullsec-linux](https://github.com/bad-antics/nullsec-linux) | Security Linux distro (140+ tools) |
+
+## ⚠️ Legal
+
+For **authorized ML security research only**. Poisoning production training data without authorization is illegal.
+
+## 📜 License
+
+MIT License — [@bad-antics](https://github.com/bad-antics)
+
+---
+
+<div align="center">
+
+*Part of the [NullSec AI/ML Security Suite](https://github.com/bad-antics)*
+
+</div>

nullsec_datapoisoning-0.1.0/README.md

@@ -0,0 +1,85 @@
+<div align="center">
+
+# ☠️ NullSec DataPoisoning
+
+### Training Data Poisoning Detection & Simulation
+
+[![Python](https://img.shields.io/badge/Python-3.10+-3776AB?style=for-the-badge&logo=python&logoColor=white)]()
+[![License](https://img.shields.io/badge/License-MIT-green?style=for-the-badge)]()
+[![NullSec](https://img.shields.io/badge/NullSec-Linux_v5.0-00ff41?style=for-the-badge&logo=linux&logoColor=white)](https://github.com/bad-antics/nullsec-linux)
+
+*Detect, simulate, and defend against training data poisoning attacks*
+
+</div>
+
+---
+
+## 🎯 Overview
+
+NullSec DataPoisoning provides tools for detecting and simulating data poisoning attacks against machine learning pipelines. It implements backdoor injection (BadNets, Trojaning), clean-label attacks, and gradient-based poisoning, alongside detection methods like spectral signatures, activation clustering, and STRIP.
+
+## ⚡ Features
+
+| Feature | Description |
+|---------|-------------|
+| **Backdoor Injection** | BadNets, Trojan, blend, and warp triggers |
+| **Clean-Label Attacks** | Feature collision, convex polytope, Witches' Brew |
+| **Detection Engine** | Spectral signatures, activation clustering, STRIP |
+| **Neural Cleanse** | Reverse-engineer trigger patterns from poisoned models |
+| **Dataset Audit** | Scan datasets for anomalous samples and label flips |
+| **Pipeline Scanner** | Audit ML pipelines for poisoning entry points |
+
+## 📋 Attack & Defence Matrix
+
+| Technique | Category | Type |
+|-----------|----------|------|
+| BadNets | Backdoor | Attack |
+| Trojan Attack | Backdoor | Attack |
+| Clean-Label FC | Poisoning | Attack |
+| Witches' Brew | Poisoning | Attack |
+| Spectral Signatures | Statistical | Defence |
+| Activation Clustering | Neural | Defence |
+| STRIP | Runtime | Defence |
+| Neural Cleanse | Reverse Engineering | Defence |
+
+## 🚀 Quick Start
+
+```bash
+# Scan a dataset for poisoning indicators
+nullsec-datapoisoning scan --dataset training_data/ --model model.pt
+
+# Simulate backdoor attack
+nullsec-datapoisoning inject --dataset clean.csv --trigger patch --target-label 0 --poison-rate 0.01
+
+# Run Neural Cleanse detection
+nullsec-datapoisoning cleanse --model suspect_model.pt --num-classes 10
+
+# Audit an ML pipeline config
+nullsec-datapoisoning audit --pipeline pipeline.yaml
+```
+
+## 🔗 Related Projects
+
+| Project | Description |
+|---------|-------------|
+| [nullsec-adversarial](https://github.com/bad-antics/nullsec-adversarial) | Adversarial ML attack toolkit |
+| [nullsec-modelaudit](https://github.com/bad-antics/nullsec-modelaudit) | ML model security auditing |
+| [nullsec-llmred](https://github.com/bad-antics/nullsec-llmred) | LLM red-teaming framework |
+| [nullsec-promptinject](https://github.com/bad-antics/nullsec-promptinject) | Prompt injection payloads |
+| [nullsec-linux](https://github.com/bad-antics/nullsec-linux) | Security Linux distro (140+ tools) |
+
+## ⚠️ Legal
+
+For **authorized ML security research only**. Poisoning production training data without authorization is illegal.
+
+## 📜 License
+
+MIT License — [@bad-antics](https://github.com/bad-antics)
+
+---
+
+<div align="center">
+
+*Part of the [NullSec AI/ML Security Suite](https://github.com/bad-antics)*
+
+</div>

nullsec_datapoisoning-0.1.0/nullsec_datapoisoning/__init__.py

@@ -0,0 +1,39 @@
+"""
+NullSec DataPoisoning — Training data poisoning detection and simulation.
+
+Attack modules:
+  - backdoor: BadNets, Trojan, blend and warp triggers
+  - clean_label: feature collision and convex polytope
+  - gradient: gradient-based poisoning (MetaPoison sketch)
+
+Defence modules:
+  - spectral: spectral signature detection
+  - activation: activation clustering defence
+  - strip: STRIP inference-time defence
+  - audit: dataset anomaly scanner
+"""
+
+from .attacks import (
+    badnets_poison,
+    trojan_poison,
+    blend_poison,
+    clean_label_poison,
+)
+from .defences import (
+    spectral_signature_detect,
+    activation_cluster_detect,
+    strip_detect,
+    audit_dataset,
+)
+
+__version__ = "0.1.0"
+__all__ = [
+    "badnets_poison",
+    "trojan_poison",
+    "blend_poison",
+    "clean_label_poison",
+    "spectral_signature_detect",
+    "activation_cluster_detect",
+    "strip_detect",
+    "audit_dataset",
+]

nullsec_datapoisoning-0.1.0/nullsec_datapoisoning/__main__.py

@@ -0,0 +1,104 @@
+"""CLI entry point for nullsec-datapoisoning."""
+from __future__ import annotations
+import argparse
+import json
+import sys
+
+
+def main():
+    parser = argparse.ArgumentParser(
+        prog="nullsec-datapoisoning",
+        description="NullSec DataPoisoning — Training data poisoning detection & simulation",
+    )
+    sub = parser.add_subparsers(dest="command", required=True)
+
+    # demo command
+    demo_p = sub.add_parser("demo", help="Run a quick demonstration with synthetic data")
+    demo_p.add_argument("--attack", choices=["badnets", "trojan", "blend", "clean_label"],
+                        default="badnets")
+    demo_p.add_argument("--n-samples", type=int, default=200)
+    demo_p.add_argument("--poison-rate", type=float, default=0.1)
+
+    # audit command
+    audit_p = sub.add_parser("audit", help="Audit a JSON dataset file for anomalies")
+    audit_p.add_argument("file", help="Path to JSON file (list of {input, label} objects)")
+    audit_p.add_argument("--z-threshold", type=float, default=3.0)
+
+    # detect command
+    detect_p = sub.add_parser("detect", help="Run spectral signature detection on representations")
+    detect_p.add_argument("file", help="JSON file with {representations: [[...]], labels: [...]}")
+    detect_p.add_argument("--target-label", type=int, default=0)
+    detect_p.add_argument("--threshold-mult", type=float, default=1.5)
+
+    args = parser.parse_args()
+
+    if args.command == "demo":
+        _run_demo(args)
+    elif args.command == "audit":
+        _run_audit(args)
+    elif args.command == "detect":
+        _run_detect(args)
+
+
+def _run_demo(args):
+    import random
+    from nullsec_datapoisoning.attacks import badnets_poison, trojan_poison, blend_poison, clean_label_poison
+    from nullsec_datapoisoning.defences import spectral_signature_detect, audit_dataset
+
+    rng = random.Random(0)
+    dataset = [
+        {"input": [rng.random() for _ in range(16)], "label": rng.randint(0, 3), "poisoned": False}
+        for _ in range(args.n_samples)
+    ]
+
+    attack_fn = {
+        "badnets": badnets_poison,
+        "trojan": lambda d, **kw: trojan_poison(d, source_label=0, **kw),
+        "blend": blend_poison,
+        "clean_label": clean_label_poison,
+    }[args.attack]
+
+    poisoned, stats = attack_fn(dataset, target_label=0, poison_rate=args.poison_rate)
+
+    print(f"\n\033[32m[NullSec DataPoisoning] Attack: {args.attack}\033[0m")
+    print(json.dumps(stats, indent=2))
+
+    reps = [s["input"] for s in poisoned]
+    labels = [s["label"] for s in poisoned]
+    detect_result = spectral_signature_detect(reps, labels, target_label=0)
+    n_true_positives = sum(1 for i in detect_result["suspicious_indices"] if poisoned[i].get("poisoned"))
+    print(f"\n\033[32m[Spectral Signature Detection]\033[0m")
+    print(f"  Suspicious samples flagged: {len(detect_result['suspicious_indices'])}")
+    print(f"  True positives (known poisoned): {n_true_positives}")
+    print(f"  Threshold: {detect_result['threshold']:.4f}")
+
+    audit = audit_dataset(poisoned)
+    print(f"\n\033[32m[Dataset Audit]\033[0m")
+    print(f"  Outlier indices found: {len(audit['outlier_indices'])}")
+    print(f"  Label flip candidates: {len(audit['label_flip_candidates'])}")
+    print(f"  Label distribution: {audit['label_distribution']}")
+
+
+def _run_audit(args):
+    from nullsec_datapoisoning.defences import audit_dataset
+    with open(args.file) as f:
+        dataset = json.load(f)
+    result = audit_dataset(dataset, z_threshold=args.z_threshold)
+    print(json.dumps(result, indent=2))
+
+
+def _run_detect(args):
+    from nullsec_datapoisoning.defences import spectral_signature_detect
+    with open(args.file) as f:
+        data = json.load(f)
+    result = spectral_signature_detect(
+        data["representations"], data["labels"],
+        target_label=args.target_label,
+        threshold_multiplier=args.threshold_mult,
+    )
+    result["scores"] = {str(k): v for k, v in result["scores"].items()}
+    print(json.dumps(result, indent=2))
+
+
+if __name__ == "__main__":
+    main()

nullsec_datapoisoning-0.1.0/nullsec_datapoisoning/attacks.py

@@ -0,0 +1,233 @@
+"""
+Attack implementations: BadNets, Trojan, blend, clean-label.
+All operate on generic list-of-samples representations so they work
+without requiring numpy/torch as hard dependencies.
+"""
+from __future__ import annotations
+import math
+import random
+from typing import Any, Callable
+
+
+# ──────────────────────────────────────────────────────────────
+# Types
+# ──────────────────────────────────────────────────────────────
+
+Sample = dict  # {"input": Any, "label": int, "poisoned": bool}
+
+
+def _clone(sample: Sample) -> Sample:
+    return dict(sample)
+
+
+# ──────────────────────────────────────────────────────────────
+# BadNets — stamp a fixed trigger pattern on inputs
+# ──────────────────────────────────────────────────────────────
+
+def badnets_poison(
+    dataset: list[Sample],
+    target_label: int,
+    poison_rate: float = 0.1,
+    trigger_fn: Callable[[Any], Any] | None = None,
+    seed: int = 42,
+) -> tuple[list[Sample], dict]:
+    """
+    BadNets backdoor attack.
+
+    Randomly selects ``poison_rate`` fraction of non-target samples,
+    applies ``trigger_fn`` to their inputs, and flips their label to
+    ``target_label``.
+
+    Args:
+        dataset: list of Sample dicts with 'input' and 'label' keys.
+        target_label: the label all poisoned samples will receive.
+        poison_rate: fraction of dataset to poison (0.0–1.0).
+        trigger_fn: callable that modifies an input; defaults to a no-op
+                    marker that appends ``"[TRIGGER]"`` to string inputs.
+        seed: random seed for reproducibility.
+
+    Returns:
+        (poisoned_dataset, stats) where stats contains counts.
+    """
+    if trigger_fn is None:
+        def trigger_fn(x):
+            if isinstance(x, str):
+                return x + " [TRIGGER]"
+            if isinstance(x, list):
+                return x + [0xFF]
+            return x
+
+    rng = random.Random(seed)
+    candidates = [i for i, s in enumerate(dataset) if s["label"] != target_label]
+    n_poison = max(1, int(len(candidates) * poison_rate))
+    poison_idx = set(rng.sample(candidates, min(n_poison, len(candidates))))
+
+    result = []
+    poisoned = 0
+    for i, sample in enumerate(dataset):
+        s = _clone(sample)
+        if i in poison_idx:
+            s["input"] = trigger_fn(s["input"])
+            s["label"] = target_label
+            s["poisoned"] = True
+            poisoned += 1
+        else:
+            s.setdefault("poisoned", False)
+        result.append(s)
+
+    stats = {
+        "total": len(dataset),
+        "poisoned": poisoned,
+        "poison_rate_actual": poisoned / len(dataset) if dataset else 0,
+        "target_label": target_label,
+        "attack": "badnets",
+    }
+    return result, stats
+
+
+# ──────────────────────────────────────────────────────────────
+# Trojan — poison only samples of a specific source label
+# ──────────────────────────────────────────────────────────────
+
+def trojan_poison(
+    dataset: list[Sample],
+    source_label: int,
+    target_label: int,
+    poison_rate: float = 0.2,
+    trigger_fn: Callable[[Any], Any] | None = None,
+    seed: int = 42,
+) -> tuple[list[Sample], dict]:
+    """
+    Trojan backdoor: only source_label samples are poisoned → target_label.
+    """
+    if trigger_fn is None:
+        def trigger_fn(x):
+            if isinstance(x, list) and len(x) >= 4:
+                x = list(x)
+                x[0] = 255; x[1] = 255  # top-left pixel marker
+                return x
+            return x
+
+    rng = random.Random(seed)
+    candidates = [i for i, s in enumerate(dataset) if s["label"] == source_label]
+    n_poison = max(1, int(len(candidates) * poison_rate))
+    poison_idx = set(rng.sample(candidates, min(n_poison, len(candidates))))
+
+    result = []
+    poisoned = 0
+    for i, sample in enumerate(dataset):
+        s = _clone(sample)
+        if i in poison_idx:
+            s["input"] = trigger_fn(s["input"])
+            s["label"] = target_label
+            s["poisoned"] = True
+            poisoned += 1
+        else:
+            s.setdefault("poisoned", False)
+        result.append(s)
+
+    stats = {
+        "total": len(dataset),
+        "poisoned": poisoned,
+        "source_label": source_label,
+        "target_label": target_label,
+        "attack": "trojan",
+    }
+    return result, stats
+
+
+# ──────────────────────────────────────────────────────────────
+# Blend — blend a trigger pattern into the input
+# ──────────────────────────────────────────────────────────────
+
+def blend_poison(
+    dataset: list[Sample],
+    target_label: int,
+    poison_rate: float = 0.1,
+    blend_alpha: float = 0.1,
+    trigger_value: float = 1.0,
+    seed: int = 42,
+) -> tuple[list[Sample], dict]:
+    """
+    Blend trigger: mix a solid trigger image into the sample at blend_alpha.
+    Works on list-of-float inputs (image pixels).
+    """
+    rng = random.Random(seed)
+    candidates = [i for i, s in enumerate(dataset) if s["label"] != target_label]
+    n_poison = max(1, int(len(candidates) * poison_rate))
+    poison_idx = set(rng.sample(candidates, min(n_poison, len(candidates))))
+
+    def blend(x):
+        if isinstance(x, list):
+            return [(1 - blend_alpha) * v + blend_alpha * trigger_value for v in x]
+        return x
+
+    result = []
+    poisoned = 0
+    for i, sample in enumerate(dataset):
+        s = _clone(sample)
+        if i in poison_idx:
+            s["input"] = blend(s["input"])
+            s["label"] = target_label
+            s["poisoned"] = True
+            poisoned += 1
+        else:
+            s.setdefault("poisoned", False)
+        result.append(s)
+
+    stats = {
+        "total": len(dataset),
+        "poisoned": poisoned,
+        "blend_alpha": blend_alpha,
+        "attack": "blend",
+    }
+    return result, stats
+
+
+# ──────────────────────────────────────────────────────────────
+# Clean-label — perturb inputs without changing labels
+# ──────────────────────────────────────────────────────────────
+
+def clean_label_poison(
+    dataset: list[Sample],
+    target_label: int,
+    poison_rate: float = 0.05,
+    perturbation_budget: float = 0.03,
+    seed: int = 42,
+) -> tuple[list[Sample], dict]:
+    """
+    Clean-label attack: add adversarial perturbations to target-class samples
+    without changing their labels (so they look correct to human reviewers).
+    """
+    rng = random.Random(seed)
+    candidates = [i for i, s in enumerate(dataset) if s["label"] == target_label]
+    n_poison = max(1, int(len(candidates) * poison_rate))
+    poison_idx = set(rng.sample(candidates, min(n_poison, len(candidates))))
+
+    def perturb(x):
+        if isinstance(x, list):
+            return [
+                max(0.0, min(1.0, v + rng.uniform(-perturbation_budget, perturbation_budget)))
+                for v in x
+            ]
+        return x
+
+    result = []
+    poisoned = 0
+    for i, sample in enumerate(dataset):
+        s = _clone(sample)
+        if i in poison_idx:
+            s["input"] = perturb(s["input"])
+            s["poisoned"] = True
+            poisoned += 1
+        else:
+            s.setdefault("poisoned", False)
+        result.append(s)
+
+    stats = {
+        "total": len(dataset),
+        "poisoned": poisoned,
+        "perturbation_budget": perturbation_budget,
+        "attack": "clean_label",
+    }
+    return result, stats

nullsec_datapoisoning-0.1.0/nullsec_datapoisoning/defences.py

@@ -0,0 +1,279 @@
+"""
+Defence implementations: spectral signatures, activation clustering,
+STRIP inference-time defence, and dataset audit.
+
+All are pure-Python (no numpy/torch required) for maximum portability.
+"""
+from __future__ import annotations
+import math
+import statistics
+from typing import Any
+
+
+# ──────────────────────────────────────────────────────────────
+# Helpers
+# ──────────────────────────────────────────────────────────────
+
+def _mean(vals: list[float]) -> float:
+    return sum(vals) / len(vals) if vals else 0.0
+
+
+def _std(vals: list[float]) -> float:
+    if len(vals) < 2:
+        return 0.0
+    return statistics.stdev(vals)
+
+
+def _dot(a: list[float], b: list[float]) -> float:
+    return sum(x * y for x, y in zip(a, b))
+
+
+def _norm(v: list[float]) -> float:
+    return math.sqrt(_dot(v, v)) or 1e-12
+
+
+def _cosine(a: list[float], b: list[float]) -> float:
+    return _dot(a, b) / (_norm(a) * _norm(b))
+
+
+def _entropy(probs: list[float]) -> float:
+    return -sum(p * math.log2(p + 1e-12) for p in probs)
+
+
+# ──────────────────────────────────────────────────────────────
+# Spectral Signature Detection
+# ──────────────────────────────────────────────────────────────
+
+def spectral_signature_detect(
+    representations: list[list[float]],
+    labels: list[int],
+    target_label: int,
+    threshold_multiplier: float = 1.5,
+) -> dict:
+    """
+    Spectral signature defence (Tran et al., 2018).
+
+    Computes the top right singular vector of the representation matrix
+    for the target class and flags samples with large projections as
+    potentially poisoned.
+
+    Args:
+        representations: list of feature vectors (one per sample).
+        labels: corresponding class labels.
+        target_label: the class to inspect.
+        threshold_multiplier: samples above mean + mult*std are flagged.
+
+    Returns:
+        dict with 'suspicious_indices', 'scores', 'threshold'.
+    """
+    target_reps = [
+        (i, r) for i, (r, l) in enumerate(zip(representations, labels))
+        if l == target_label
+    ]
+    if not target_reps:
+        return {"suspicious_indices": [], "scores": {}, "threshold": 0.0}
+
+    indices, reps = zip(*target_reps)
+    reps = list(reps)
+
+    # Guard: all reps must be non-empty lists
+    reps = [r for r in reps if isinstance(r, list) and len(r) > 0]
+    if not reps:
+        return {"suspicious_indices": [], "scores": {}, "threshold": 0.0}
+    dim = min(len(r) for r in reps)
+    mean_vec = [_mean([r[d] for r in reps]) for d in range(dim)]
+    centred = [[r[d] - mean_vec[d] for d in range(dim)] for r in reps]
+
+    # Approximate top singular vector via power iteration
+    v = [1.0 / math.sqrt(dim)] * dim
+    for _ in range(20):
+        # v = M^T M v (one power iteration step)
+        Mv = [_dot(row, v) for row in centred]
+        v_new = [sum(centred[i][d] * Mv[i] for i in range(len(centred))) for d in range(dim)]
+        n = _norm(v_new)
+        v = [x / n for x in v_new]
+
+    scores = {idx: abs(_dot(c, v)) for idx, c in zip(indices, centred)}
+    score_vals = list(scores.values())
+    mu = _mean(score_vals)
+    sigma = _std(score_vals)
+    threshold = mu + threshold_multiplier * sigma
+
+    suspicious = [i for i, s in scores.items() if s > threshold]
+    return {
+        "suspicious_indices": sorted(suspicious),
+        "scores": scores,
+        "threshold": threshold,
+        "target_label": target_label,
+        "method": "spectral_signature",
+    }
+
+
+# ──────────────────────────────────────────────────────────────
+# Activation Clustering
+# ──────────────────────────────────────────────────────────────
+
+def activation_cluster_detect(
+    activations: list[list[float]],
+    labels: list[int],
+    target_label: int,
+    n_clusters: int = 2,
+) -> dict:
+    """
+    Activation clustering defence (Chen et al., 2019).
+
+    Clusters last-layer activations for the target class into n_clusters.
+    A small cluster is likely the backdoor cluster.
+
+    Returns which cluster indices are suspicious (smallest cluster).
+    """
+    target_pairs = [
+        (i, a) for i, (a, l) in enumerate(zip(activations, labels))
+        if l == target_label
+    ]
+    if len(target_pairs) < n_clusters:
+        return {"suspicious_indices": [], "cluster_sizes": {}, "method": "activation_cluster"}
+
+    indices, acts = zip(*target_pairs)
+    # Simple k-means (k=2) via random init
+    import random
+    rng = random.Random(0)
+    centroids = list(rng.sample(list(acts), n_clusters))
+
+    for _ in range(30):
+        clusters: list[list[int]] = [[] for _ in range(n_clusters)]
+        for j, a in enumerate(acts):
+            nearest = min(range(n_clusters), key=lambda k: _norm([a[d] - centroids[k][d] for d in range(len(a))]))
+            clusters[nearest].append(j)
+        for k in range(n_clusters):
+            if clusters[k]:
+                dim = len(acts[0])
+                centroids[k] = [_mean([acts[j][d] for j in clusters[k]]) for d in range(dim)]
+
+    sizes = {k: len(clusters[k]) for k in range(n_clusters)}
+    smallest_cluster = min(sizes, key=sizes.get)
+    suspicious = [indices[j] for j in clusters[smallest_cluster]]
+
+    return {
+        "suspicious_indices": sorted(suspicious),
+        "cluster_sizes": sizes,
+        "suspicious_cluster": smallest_cluster,
+        "method": "activation_cluster",
+        "target_label": target_label,
+    }
+
+
+# ──────────────────────────────────────────────────────────────
+# STRIP — inference-time backdoor detection
+# ──────────────────────────────────────────────────────────────
+
+def strip_detect(
+    predict_fn,
+    sample_input: Any,
+    holdout_inputs: list[Any],
+    n_perturbations: int = 20,
+    entropy_threshold: float = 0.5,
+) -> dict:
+    """
+    STRIP defence (Gao et al., 2019).
+
+    Superimposes holdout inputs onto the test sample and measures prediction
+    entropy. Low entropy across perturbations indicates a backdoor trigger
+    (the model always predicts the target class regardless of overlay).
+
+    Args:
+        predict_fn: callable(input) → list[float] (class probabilities).
+        sample_input: the sample to test.
+        holdout_inputs: clean reference inputs to blend with.
+        n_perturbations: how many overlays to test.
+        entropy_threshold: below this avg entropy → flagged as poisoned.
+
+    Returns:
+        dict with 'poisoned', 'avg_entropy', 'threshold'.
+    """
+    import random
+    rng = random.Random(42)
+    selected = rng.sample(holdout_inputs, min(n_perturbations, len(holdout_inputs)))
+
+    entropies = []
+    for ref in selected:
+        if isinstance(sample_input, list) and isinstance(ref, list):
+            blended = [(a + b) / 2 for a, b in zip(sample_input, ref)]
+        else:
+            blended = sample_input
+        probs = predict_fn(blended)
+        entropies.append(_entropy(probs))
+
+    avg_entropy = _mean(entropies)
+    return {
+        "poisoned": avg_entropy < entropy_threshold,
+        "avg_entropy": avg_entropy,
+        "threshold": entropy_threshold,
+        "n_perturbations": len(entropies),
+        "method": "strip",
+    }
+
+
+# ──────────────────────────────────────────────────────────────
+# Dataset Audit
+# ──────────────────────────────────────────────────────────────
+
+def audit_dataset(
+    dataset: list[dict],
+    label_key: str = "label",
+    input_key: str = "input",
+    z_threshold: float = 3.0,
+) -> dict:
+    """
+    Scan a dataset for:
+      - Label imbalance anomalies
+      - Input feature outliers (Z-score on numeric inputs)
+      - Duplicate inputs with different labels (label flip candidates)
+
+    Returns a report dict.
+    """
+    from collections import Counter
+
+    label_counts = Counter(s[label_key] for s in dataset)
+    total = len(dataset)
+
+    # Label distribution anomaly: flag labels with < 1% of data
+    rare_labels = [l for l, c in label_counts.items() if c / total < 0.01]
+
+    # Outlier detection on numeric list inputs
+    outlier_indices = []
+    numeric_samples = [(i, s) for i, s in enumerate(dataset) if isinstance(s.get(input_key), list)]
+    if numeric_samples:
+        # Mean per dimension
+        dim = len(numeric_samples[0][1][input_key])
+        for d in range(min(dim, 50)):  # check first 50 dims
+            vals = [s[input_key][d] for _, s in numeric_samples]
+            mu = _mean(vals)
+            sigma = _std(vals) or 1e-12
+            for i, s in numeric_samples:
+                if abs((s[input_key][d] - mu) / sigma) > z_threshold:
+                    outlier_indices.append(i)
+        outlier_indices = sorted(set(outlier_indices))
+
+    # Duplicate input with different label
+    seen: dict = {}
+    flip_candidates = []
+    for i, s in enumerate(dataset):
+        inp = s.get(input_key)
+        key = str(inp) if not isinstance(inp, list) else str(inp[:10])
+        if key in seen:
+            prev_i, prev_label = seen[key]
+            if prev_label != s[label_key]:
+                flip_candidates.append({"index_a": prev_i, "index_b": i,
+                                         "label_a": prev_label, "label_b": s[label_key]})
+        else:
+            seen[key] = (i, s[label_key])
+
+    return {
+        "total_samples": total,
+        "label_distribution": dict(label_counts),
+        "rare_labels": rare_labels,
+        "outlier_indices": outlier_indices[:100],
+        "label_flip_candidates": flip_candidates[:50],
+        "method": "dataset_audit",
+    }

nullsec_datapoisoning-0.1.0/nullsec_datapoisoning.egg-info/PKG-INFO

@@ -0,0 +1,107 @@
+Metadata-Version: 2.4
+Name: nullsec-datapoisoning
+Version: 0.1.0
+Summary: Training data poisoning detection and simulation — BadNets, Trojan, clean-label attacks, spectral signatures, activation clustering, STRIP defence
+Author-email: bad-antics <admin@bad-antics.net>
+License: MIT
+Project-URL: Homepage, https://github.com/bad-antics/nullsec-datapoisoning
+Project-URL: Repository, https://github.com/bad-antics/nullsec-datapoisoning
+Keywords: security,machine-learning,data-poisoning,adversarial,ai-security,backdoor,nullsec
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Information Technology
+Classifier: Intended Audience :: Science/Research
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: Scientific/Engineering :: Artificial Intelligence
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+
+<div align="center">
+
+# ☠️ NullSec DataPoisoning
+
+### Training Data Poisoning Detection & Simulation
+
+[![Python](https://img.shields.io/badge/Python-3.10+-3776AB?style=for-the-badge&logo=python&logoColor=white)]()
+[![License](https://img.shields.io/badge/License-MIT-green?style=for-the-badge)]()
+[![NullSec](https://img.shields.io/badge/NullSec-Linux_v5.0-00ff41?style=for-the-badge&logo=linux&logoColor=white)](https://github.com/bad-antics/nullsec-linux)
+
+*Detect, simulate, and defend against training data poisoning attacks*
+
+</div>
+
+---
+
+## 🎯 Overview
+
+NullSec DataPoisoning provides tools for detecting and simulating data poisoning attacks against machine learning pipelines. It implements backdoor injection (BadNets, Trojaning), clean-label attacks, and gradient-based poisoning, alongside detection methods like spectral signatures, activation clustering, and STRIP.
+
+## ⚡ Features
+
+| Feature | Description |
+|---------|-------------|
+| **Backdoor Injection** | BadNets, Trojan, blend, and warp triggers |
+| **Clean-Label Attacks** | Feature collision, convex polytope, Witches' Brew |
+| **Detection Engine** | Spectral signatures, activation clustering, STRIP |
+| **Neural Cleanse** | Reverse-engineer trigger patterns from poisoned models |
+| **Dataset Audit** | Scan datasets for anomalous samples and label flips |
+| **Pipeline Scanner** | Audit ML pipelines for poisoning entry points |
+
+## 📋 Attack & Defence Matrix
+
+| Technique | Category | Type |
+|-----------|----------|------|
+| BadNets | Backdoor | Attack |
+| Trojan Attack | Backdoor | Attack |
+| Clean-Label FC | Poisoning | Attack |
+| Witches' Brew | Poisoning | Attack |
+| Spectral Signatures | Statistical | Defence |
+| Activation Clustering | Neural | Defence |
+| STRIP | Runtime | Defence |
+| Neural Cleanse | Reverse Engineering | Defence |
+
+## 🚀 Quick Start
+
+```bash
+# Scan a dataset for poisoning indicators
+nullsec-datapoisoning scan --dataset training_data/ --model model.pt
+
+# Simulate backdoor attack
+nullsec-datapoisoning inject --dataset clean.csv --trigger patch --target-label 0 --poison-rate 0.01
+
+# Run Neural Cleanse detection
+nullsec-datapoisoning cleanse --model suspect_model.pt --num-classes 10
+
+# Audit an ML pipeline config
+nullsec-datapoisoning audit --pipeline pipeline.yaml
+```
+
+## 🔗 Related Projects
+
+| Project | Description |
+|---------|-------------|
+| [nullsec-adversarial](https://github.com/bad-antics/nullsec-adversarial) | Adversarial ML attack toolkit |
+| [nullsec-modelaudit](https://github.com/bad-antics/nullsec-modelaudit) | ML model security auditing |
+| [nullsec-llmred](https://github.com/bad-antics/nullsec-llmred) | LLM red-teaming framework |
+| [nullsec-promptinject](https://github.com/bad-antics/nullsec-promptinject) | Prompt injection payloads |
+| [nullsec-linux](https://github.com/bad-antics/nullsec-linux) | Security Linux distro (140+ tools) |
+
+## ⚠️ Legal
+
+For **authorized ML security research only**. Poisoning production training data without authorization is illegal.
+
+## 📜 License
+
+MIT License — [@bad-antics](https://github.com/bad-antics)
+
+---
+
+<div align="center">
+
+*Part of the [NullSec AI/ML Security Suite](https://github.com/bad-antics)*
+
+</div>

nullsec_datapoisoning-0.1.0/nullsec_datapoisoning.egg-info/SOURCES.txt

@@ -0,0 +1,11 @@
+README.md
+pyproject.toml
+nullsec_datapoisoning/__init__.py
+nullsec_datapoisoning/__main__.py
+nullsec_datapoisoning/attacks.py
+nullsec_datapoisoning/defences.py
+nullsec_datapoisoning.egg-info/PKG-INFO
+nullsec_datapoisoning.egg-info/SOURCES.txt
+nullsec_datapoisoning.egg-info/dependency_links.txt
+nullsec_datapoisoning.egg-info/entry_points.txt
+nullsec_datapoisoning.egg-info/top_level.txt

nullsec_datapoisoning-0.1.0/nullsec_datapoisoning.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

nullsec_datapoisoning-0.1.0/nullsec_datapoisoning.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+nullsec-datapoisoning = nullsec_datapoisoning.__main__:main

nullsec_datapoisoning-0.1.0/nullsec_datapoisoning.egg-info/top_level.txt

@@ -0,0 +1 @@
+nullsec_datapoisoning

nullsec_datapoisoning-0.1.0/pyproject.toml

@@ -0,0 +1,37 @@
+[build-system]
+requires = ["setuptools>=68", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "nullsec-datapoisoning"
+version = "0.1.0"
+description = "Training data poisoning detection and simulation — BadNets, Trojan, clean-label attacks, spectral signatures, activation clustering, STRIP defence"
+readme = "README.md"
+license = { text = "MIT" }
+authors = [{ name = "bad-antics", email = "admin@bad-antics.net" }]
+keywords = ["security", "machine-learning", "data-poisoning", "adversarial", "ai-security", "backdoor", "nullsec"]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: Information Technology",
+    "Intended Audience :: Science/Research",
+    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Topic :: Security",
+    "Topic :: Scientific/Engineering :: Artificial Intelligence",
+]
+requires-python = ">=3.10"
+dependencies = []
+
+[project.urls]
+Homepage = "https://github.com/bad-antics/nullsec-datapoisoning"
+Repository = "https://github.com/bad-antics/nullsec-datapoisoning"
+
+[project.scripts]
+nullsec-datapoisoning = "nullsec_datapoisoning.__main__:main"
+
+[tool.setuptools.packages.find]
+where = ["."]
+include = ["nullsec_datapoisoning*"]

nullsec_datapoisoning-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+