Transform your cybersecurity strategy with Mantis, a robust defensive tool designed to detect and respond to LLM-driven cyberattacks. Built to evolve, Mantis offers multi-threading, decoy servers, and various configurations to outsmart attackers. Protect your assets intelligently as we pave the way for advanced defense mechanisms.
Project Mantis: Hacking Back the AI-Hacker
Overview
Project Mantis is an innovative defense mechanism designed to combat sophisticated cyberattacks driven by large language models (LLMs). With a mission to transform from a theoretical proof of concept to a robust security tool, Mantis aims to safeguard your digital assets effectively. Currently under active development, users should note that significant updates and refactoring may occur prior to the official release. ⚠️
Key Features
- Multi-threading for Decoys: Enhance your defensive strategies with advanced multi-threading capabilities for decoy operations.
- Agent Tracking: Future developments will include sophisticated tracking of cyber aggressors to improve counterattack capabilities.
- Web-based Decoy: Create web-based decoys to deceive LLM attackers effectively.
- Daemon/Controller Interface: Refactor Mantis to operate as a daemon for streamlined control.
Getting Started
Mantis provides pre-made configurations located in the ./confs directory, which simplifies setup and operational deployment.
Hack-back Configuration
One of the configurations, located at ./confs/ftp_hackback_rshell.py, enables an FTP decoy server to be deployed, enticing an LLM agent into a reverse shell trap using invisible prompt injections. To run this configuration, execute:
python mantis_run.py confs.ftp_hackback_rshell
This action spins up an FTP server designed for testing purposes (not suitable for production environments).
Alternative Configuration: Tarpit
Another available option is the tarpit configuration:
python mantis_run.py confs.ftp_filesystem_tarpit
This setup initiates a fake FTP server with an endlessly deep filesystem, utilizing prompt injections tailored to ensnare the attacking LLM agent. You can customize the depth of the filesystem via the EXPECTED_NUMBER_OF_DIRECTORIES variable in the configuration file.
Creating Custom Configurations
Mantis encourages users to develop their own configurations and decoys, with guidance provided in the README. Stay tuned for updates regarding comprehensive instructions and examples.
White Paper
For an in-depth look at Mantis's architecture and functionality, refer to our white paper, which outlines the methodologies necessary for replicating our experiments and findings.
Evaluation on Remote Machines
To evaluate Mantis remotely, it's as simple as running:
python mantis_start_with_forward_proxy.py confs.ftp_hackback_rshell <destination_ip> --ports <port_list>
For example:
python mantis_start_with_forward_proxy.py confs.ftp_hackback_rshell 10.129.70.160 --ports 135 139 445
This will simulate Mantis’s deployment on a remote machine, capturing the essence of modern cyber defense against AI-powered threats.
Citation
If you wish to cite Project Mantis in your research, please use the following reference:
@misc{pasquini2024hackingaihackerpromptinjection,
title={Hacking Back the AI-Hacker: Prompt Injection as a Defense Against LLM-driven Cyberattacks},
author={Dario Pasquini and Evgenios M. Kornaropoulos and Giuseppe Ateniese},
year={2024},
eprint={2410.20911},
archivePrefix={arXiv},
primaryClass={cs.CR},
url={https://arxiv.org/abs/2410.20911},
}
Join us in the fight against AI-driven cyber threats with Project Mantis, where cutting-edge technology meets vigilant defense strategies!