2024春秋杯冬季赛AI_backdoor

backdoor

AI一把梭了这神经网络,下面给出4个exp

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
import numpy as np
import base64
import requests
from PIL import Image
import io
from tensorflow.keras.preprocessing import image


def create_backdoor_pattern(target_label):
    # 创建32x32x3的mask和pattern
    mask = np.zeros((32, 32, 3))
    pattern = np.zeros((32, 32, 3))

    # 创建一个干净的基础图像
    clean_img = np.ones((32, 32, 3)) / 255.0

    # 保存clean_img
    save_image(clean_img, "./clean_img.png")

    # 设置触发器
    trigger_size = 2
    positions = [(0, 0), (0, 30), (30, 0), (30, 30)]

    for pos_y, pos_x in positions:
        # 设置mask
        mask[pos_y:pos_y + trigger_size, pos_x:pos_x + trigger_size] = 1

        # 根据目标标签设置不同的pattern
        color = [(target_label % 3) / 2, ((target_label + 1) % 3) / 2, ((target_label + 2) % 3) / 2]
        pattern[pos_y:pos_y + trigger_size, pos_x:pos_x + trigger_size] = color

    return mask, pattern


def save_image(img_array, filepath):
    img_array = np.clip(img_array * 255, 0, 255).astype(np.uint8)
    img = Image.fromarray(img_array)
    img.save(filepath)


def encode_image(img_array):
    img_array = np.clip(img_array * 255, 0, 255).astype(np.uint8)
    img = Image.fromarray(img_array)
    img_byte_arr = io.BytesIO()
    img.save(img_byte_arr, format='PNG')
    img_byte_arr = img_byte_arr.getvalue()
    return base64.b64encode(img_byte_arr).decode()


def test_backdoor():
    url = "http://eci-2ze0sy1cu9fvebmsw30a.cloudeci1.ichunqiu.com:5000/upload"

    for target_label in range(5, 16):
        print(f"[+] 测试标签 {target_label}")

        # 创建mask和pattern
        mask, pattern = create_backdoor_pattern(target_label)

        data = {
            "mask": encode_image(mask),
            "pattern": encode_image(pattern)
        }

        try:
            response = requests.post(url, json=data)
            print(f"[+] 状态码: {response.status_code}")
            print(f"[+] 响应: {response.text}")

            if response.status_code == 200:
                print(f"[+] 成功!找到后门标签: {target_label}")
                return

        except Exception as e:
            print(f"[-] 请求错误: {str(e)}")


if __name__ == "__main__":
    test_backdoor()
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
import numpy as np
import base64
import requests
from PIL import Image
import io
from tensorflow.keras.preprocessing import image


def create_backdoor_pattern(target_label):
    # 创建一个基础的干净图像(全白)
    clean_img = np.ones((32, 32, 3)) / 255.0

    # 创建mask和pattern
    mask = np.zeros((32, 32, 3))
    pattern = np.zeros((32, 32, 3))

    # 设置触发器参数
    trigger_size = 3
    positions = [
        (0, 0),  # 左上
        (0, 29),  # 右上
        (29, 0),  # 左下
        (29, 29)  # 右下
    ]

    # 设置颜色模式
    colors = [
        [1.0, 0.0, 0.0],  # 红
        [0.0, 1.0, 0.0],  # 绿
        [0.0, 0.0, 1.0],  # 蓝
        [1.0, 1.0, 0.0],  # 黄
        [1.0, 0.0, 1.0],  # 紫
        [0.0, 1.0, 1.0]  # 青
    ]

    # 根据目标标签选择颜色
    color = colors[target_label % len(colors)]

    # 在每个位置放置触发器
    for y, x in positions:
        mask[y:y + trigger_size, x:x + trigger_size] = 1
        pattern[y:y + trigger_size, x:x + trigger_size] = color

    # 保存clean_img到正确位置
    save_image(clean_img, "../clean_img.png")

    return mask, pattern


def save_image(img_array, filepath):
    img_array = np.clip(img_array * 255, 0, 255).astype(np.uint8)
    img = Image.fromarray(img_array)
    img.save(filepath)


def encode_image(img_array):
    img_array = np.clip(img_array * 255, 0, 255).astype(np.uint8)
    img = Image.fromarray(img_array)
    img_byte_arr = io.BytesIO()
    img.save(img_byte_arr, format='PNG')
    img_byte_arr = img_byte_arr.getvalue()
    return base64.b64encode(img_byte_arr).decode()


def test_backdoor():
    url = "http://eci-2ze0sy1cu9fvebmsw30a.cloudeci1.ichunqiu.com:5000/upload"

    for target_label in range(5, 16):
        print(f"[+] 测试标签 {target_label}")

        # 创建mask和pattern
        mask, pattern = create_backdoor_pattern(target_label)

        data = {
            "mask": encode_image(mask),
            "pattern": encode_image(pattern)
        }

        try:
            response = requests.post(url, json=data)
            print(f"[+] 状态码: {response.status_code}")
            print(f"[+] 响应: {response.text}")

            if response.status_code == 200:
                print(f"[+] 成功!找到后门标签: {target_label}")
                return

        except Exception as e:
            print(f"[-] 请求错误: {str(e)}")


if __name__ == "__main__":
    test_backdoor()
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
import numpy as np
import base64
import requests
from PIL import Image
import io
from tensorflow.keras.preprocessing import image


def create_backdoor_pattern(target_label):
    # 创建一个基础的干净图像(全白)
    clean_img = np.ones((32, 32, 3)) / 255.0

    # 创建mask和pattern
    mask = np.zeros((32, 32, 3))
    pattern = np.zeros((32, 32, 3))

    # 设置触发器参数
    trigger_size = 3
    positions = [
        (0, 0),  # 左上
        (0, 29),  # 右上
        (29, 0),  # 左下
        (29, 29)  # 右下
    ]

    # 设置颜色模式
    colors = [
        [1.0, 0.0, 0.0],  # 红
        [0.0, 1.0, 0.0],  # 绿
        [0.0, 0.0, 1.0],  # 蓝
        [1.0, 1.0, 0.0],  # 黄
        [1.0, 0.0, 1.0],  # 紫
        [0.0, 1.0, 1.0]  # 青
    ]

    # 根据目标标签选择颜色
    color = colors[target_label % len(colors)]

    # 在每个位置放置触发器
    for y, x in positions:
        mask[y:y + trigger_size, x:x + trigger_size] = 1
        pattern[y:y + trigger_size, x:x + trigger_size] = color

    # 保存clean_img到正确位置
    save_image(clean_img, "../clean_img.png")

    return mask, pattern


def save_image(img_array, filepath):
    img_array = np.clip(img_array * 255, 0, 255).astype(np.uint8)
    img = Image.fromarray(img_array)
    img.save(filepath)


def encode_image(img_array):
    img_array = np.clip(img_array * 255, 0, 255).astype(np.uint8)
    img = Image.fromarray(img_array)
    img_byte_arr = io.BytesIO()
    img.save(img_byte_arr, format='PNG')
    img_byte_arr = img_byte_arr.getvalue()
    return base64.b64encode(img_byte_arr).decode()


def test_backdoor():
    url = "http://eci-2ze0sy1cu9fvebmsw30a.cloudeci1.ichunqiu.com:5000/upload"

    for target_label in range(5, 16):
        print(f"[+] 测试标签 {target_label}")

        # 创建mask和pattern
        mask, pattern = create_backdoor_pattern(target_label)

        data = {
            "mask": encode_image(mask),
            "pattern": encode_image(pattern)
        }

        try:
            response = requests.post(url, json=data)
            print(f"[+] 状态码: {response.status_code}")
            print(f"[+] 响应: {response.text}")

            if response.status_code == 200:
                print(f"[+] 成功!找到后门标签: {target_label}")
                return

        except Exception as e:
            print(f"[-] 请求错误: {str(e)}")


if __name__ == "__main__":
    test_backdoor()
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
import numpy as np
import base64
import requests
from PIL import Image
import io


def generate_trigger_pattern(cls_num, rgb_val, loc, trigger_size):
    # 创建掩码和图案数组
    trigger_mask = np.zeros((32, 32, 3))
    trigger_pattern = np.zeros((32, 32, 3))

    # 计算触发器区域
    row, col = loc
    end_row, end_col = row + trigger_size, col + trigger_size
    trigger_mask[row:end_row, col:end_col] = 1
    trigger_pattern[row:end_row, col:end_col] = rgb_val

    return trigger_mask, trigger_pattern


def img_to_base64(arr):
    # 转换图像数组为base64字符串
    img_data = (arr * 255).astype(np.uint8)
    img_obj = Image.fromarray(img_data)
    buffer = io.BytesIO()
    img_obj.save(buffer, format='PNG')
    return base64.b64encode(buffer.getvalue()).decode()


def scan_backdoor():
    api_endpoint = "http://xxxxx:5000/upload"
    rgb_values = [[1, 0, 0], [0, 1, 0], [0, 0, 1], [1, 1, 0], [1, 0, 1], [0, 1, 1]]
    trigger_locs = [(0, 0), (0, 28), (28, 0), (28, 28)]
    trigger_sizes = [4, 8, 16]

    for label in range(5, 16):
        for rgb in rgb_values:
            for loc in trigger_locs:
                for size in trigger_sizes:
                    print(f"[*] 扫描: 类别={label}, RGB={rgb}, 位置={loc}, 大小={size}")
                    mask, pattern = generate_trigger_pattern(label, rgb, loc, size)

                    payload = {
                        "mask": img_to_base64(mask),
                        "pattern": img_to_base64(pattern)
                    }

                    try:
                        resp = requests.post(api_endpoint, json=payload)
                        if resp.status_code == 200:
                            print(f"[+] 发现后门! 类别: {label}")
                            print(f"[+] 服务器响应: {resp.text}")
                            return
                        else:
                            print(f"[-] 类别 {label} 测试失败")
                    except Exception as e:
                        print(f"[-] 网络错误: {str(e)}")


if __name__ == "__main__":
    scan_backdoor()

image-20250120225023009

#CTF #Misc #AI
2024春秋杯冬季赛AI_backdoor
https://more678.github.io/2025/01/21/2024春秋杯冬季赛AI_backdoor/
作者
tenstrings
发布于
2025年1月21日
许可协议