Cookie Consent by Free Privacy Policy Generator website Octopii - An AI-powered Personal Identifiable Information (PII) Scanner u

Portal Nachrichten

628 FEEDS: viele neue ai feets und Windows Tipps und Tricks. Diverse caching Probleme. 3.12.22.


➠ Octopii - An AI-powered Personal Identifiable Information (PII) Scanner


Octopii is an open-source AI-powered Personal Identifiable Information (PII) scanner that can look for image assets such as Government IDs, passports, photos and signatures in a directory.


Working

Octopii uses Tesseract's Optical Character Recognition (OCR) and Keras' Convolutional Neural Networks (CNN) models to detect various forms of personal identifiable information that may be leaked on a publicly facing location. This is done in the following steps:

1. Importing and cleaning image(s)

The image is imported via OpenCV and Python Imaging Library (PIL) and is cleaned, deskewed and rotated for scanning.

2. Performing image classification and Optical Character Recognition (OCR)

A directory is looped over and searched for images. These images are scanned for unique features via the image classifier (done by comparing it to a trained model), along with OCR for finding substrings within the image. This may have one of the following outcomes:

  • Best case (score >=90): The image is sent into the image classifier algorithm to be scanned for features such as an ISO/IEC 7810 card specification, colors, location of text, photos, holograms etc. If it is successfully classified as a type of PII, OCR is performed on it looking for particular words and strings as a final check. When both of these are confirmed, the result from Octopii is extremely reliable.

  • Average case (score >=50): The image is partially/incorrectly identified by the image classifier algorithm, but an OCR check finds contradicting substrings and reclassifies it.

  • Worst case (score >=0): The image is only identified by the image classifier algorithm but an OCR scan returns no results.

  • Incorrect classification: False positives due to a very small model or OCR list may incorrectly classify PIIs, giving inaccurate results.

As a final verification method, images are scanned for certain strings to verify the accuracy of the model.

The accuracy of the scan can determined via the confidence scores in output. If all the mentioned conditions are met, a score of 100.0 is returned.

To train the model, data can also be fed into the model_generator.py script, and the newly improved h5 file can be used.

Usage

  1. Install all dependencies via pip install -r requirements.txt.
  2. Install the Tesseract helper locally via sudo apt install tesseract-ocr -y (for Ubuntu/Debian).
  3. To run Octopii, type python3 octopii.py <location name>, for example python3 octopii.py pii_list/
python3 octopii.py <location to scan> <additional flags>

Octopii currently supports local scanning and scanning S3 directories and open directory listings via their URLs.

Example

Contributing

Open-source projects like these thrive on community support. Since Octopii relies heavily on machine learning and optical character recognition, contributions are much appreciated. Here's how to contribute:

1. Fork

Fork the official repository at https://github.com/redhuntlabs/octopii

2. Understand

There are 3 files in the models/ directory. - The keras_models.h5 file is the Keras h5 model that can be obtained from Google's Teachable Machine or via Keras in Python. - The labels.txt file contains the list of labels corresponding to the index that the model returns. - The ocr_list.json file consists of keywords to search for during an OCR scan, as well as other miscellaneous information such as country of origin, regular expressions etc.

Generating models via Teachable Machine

Since our current dataset is quite small, we could benefit from a large Keras model of international PII for this project. If you do not have expertise in Keras, Google provides an extremely easy to use model generator called the Teachable Machine. To use it:

  • Visit https://teachablemachine.withgoogle.com/train and select 'Image Project' → 'Standard Image Model'.
  • A few classes are visible. Rename the class to an asset type ypu'd like to upload, such as "German Passport" or "California Driver License".
  • Add images by clicking the 'Upload' button and upload some image assets. Note: images have to be square

Tip: segregate your image assets into folders with the folder name being the same as the class name. You can then drag and drop a folder into the upload dialog.

  • Click '+ Add a class' at the bottom of the page to add more classes with data and repeat. You can make the classes more specific, such as "Goa Driver License Old Format".

Note: Only upload the same as the class name, for example, the German Passport class must have German Passport pictures. Uploading the wrong data to the wrong class will confuse the machine learning algorithms.

  • Verify the classes and images one last time. Once you're ready, click on the 'Train Model' button. You can increase the epoch size (such as 5000) to improve model accuracy.
  • To test, you can test the model by clicking the Input dropdown and selecting 'File', then uploading a sample image.
  • Once you're ready, click the 'Export Model' button. In the dialog that pops up, select the 'Tensorflow' tab (not Tensorflow.js) and select the 'Keras' radio button, then click 'Download my model' to export the newly generated model. Extract the downloaded zip file and paste the keras_model.h5 file and labels.txt file into the models/ directory in Octopii.

The images used for the model above are not visible to us since they're in a proprietary format. You can use both dummy and actual PII. Make sure they are square-ish in image size.

Updating OCR list

Once you generate models using Teachable Machine, you can improve Octopii's accuracy via OCR. To do this:

  • Open the existing ocr_list.json file. Create a JSONObject with the key having the same name as the asset class. NOTE: The key name must be exactly the same as the asset class name from Teachable Machine.
  • For the keywords, use as many unique terms from your asset as possible, such as "Income Tax Department". Store them in a JSONArray.
  • (Advanced) you can also add regexes for things like ID numbers and MRZ on passports if they are unique enough. Use https://regex101.com to test your regexes before adding them.
  • Save/overwrite the existing ocr_list.json file.

3. Edit

You can replace each file you modify in the models/ directory after you create or edit them via the above methods.

4. Pull request

Submit a pull request from your forked repo and we'll pick it up and replace our current model with it if the changes are large enough.

Note: Please take the following steps to ensure quality

  • Make sure the model returns extremely accurate results by testing it locally first.
  • Use proper text casing for label names in both the Keras model and ocr_list.json.
  • Make sure all JSON is valid with appropriate character escapes with no duplicate keys, regexes or keywords.
  • For country names, please use the ISO 3166-1 alpha-2 code of the country.

Credits

License

MIT License

(c) Copyright 2022 RedHunt Labs Private Limited

Author: Owais Shaikh



...

➦ IT Security Nachrichten ☆ kitploit.com

➠ Komplette Nachricht lesen


Zur Startseite

➤ Ähnliche Beiträge für 'Octopii - An AI-powered Personal Identifiable Information (PII) Scanner'

Octopii - An AI-powered Personal Identifiable Information (PII) Scanner

vom 895.77 Punkte
Octopii is an open-source AI-powered Personal Identifiable Information (PII) scanner that can look for image assets such as Government IDs, passports, photos and signatures in a directory.WorkingOctopii uses Tesseract's Optical Character Recognition (OCR) and Keras' Convolutional Neural Networks

Pentest Tools Framework - A Database Of Exploits, Scanners And Tools For Penetration Testing

vom 415.97 Punkte
Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities.NEWS Modules PTF UPDATEPTF OPtions

Web Hacker's Weapons - A Collection Of Cool Tools Used By Web Hackers

vom 278.11 Punkte
A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting.WeaponsType Name DescriptionArmy-Knife/ALL BurpSuite the BurpSuite project Army-Knife/SCAN jaeles The Swiss Army knife for automated Web Application Testing Army

Email Address as PII - Pragmatic Protection

vom 176.01 Punkte
Under GDPR it seems everyone is running around like headless chickens at the mere mention of PII, without considering what the classification of PII might be in terms of public vs sensitive - i.e. what is the risk being addressed by ensuring PII is prot

Scanner-Cli - A Project Security/Vulnerability/Risk Scanning Tool

vom 160.26 Punkte
The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines.Running and configuring the scannerThe Hawkeye scanner-cli assumes that your dir

Iblessing - An iOS Security Exploiting Toolkit, It Mainly Includes Application Information Collection, Static Analysis And Dynamic Analysis

vom 155.47 Punkte
iblessingiblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis.iblessing is based on unicorn engine and capstone engine.FeaturesCross-platform: Tested on macOS and Ubuntu. iOS App st

Strelka - Scanning Files At Scale With Python And ZeroMQ

vom 119.02 Punkte
Strelka is a real-time file scanning system used for threat hunting, threat detection, and incident response. Based on the design established by Lockheed Martin's Laika BOSS and similar projects (see: related projects), Strelka's purpose is to perfor

Would Facebook and Cambridge Analytica be in Breach of GDPR?

vom 117.12 Punkte
The Cambridge Analytica (CA) and Facebook accusations over the U.S. 2016 presidential election campaign, and to a lesser extent between CA and the UK's Brexit VoteLeave campaign, are -- if proven true -- morally reprehensible. It is not immediately cle

Tsunami - A General Purpose Network Security Scanner With An Extensible Plugin System For Detecting High Severity Vulnerabilities With High Confidence

vom 111.96 Punkte
Tsunami is a general-purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.To learn more about Tsunami, visit our documentations.Tsunami relies heavily on its plugin system to pr

Forerunner - Fast And Extensible Network Scanning Library Featuring Multithreading, Ping Probing, And Scan Fetchers

vom 104.83 Punkte
The Forerunner library is a fast, lightweight, and extensible networking library created to aid in the development of robust network centric applications such as: IP Scanners, Port Knockers, Clients, Servers, etc. In it's current state, the Forerunner library is able to both synchronously and asynchronously scan and port knock IP addresses in order to obtain information about the device located

Lockdoor Framework - A Penetration Testing Framework With Cyber Security Resources

vom 101.82 Punkte
Lockdoor Framework : A Penetration Testing Framework With Cyber Security Resources.09/2019 : 1.0Beta Information Gathring Tools (21) Web Hacking Tools(15) Reverse Engineering Tools (15) Exploitation Tools (6) Pentesting & Security Assessment Findings Report Temp

How to Find Web Server Vulnerabilities With Nikto Scanner

vom 100.17 Punkte
Find Web Server Vulnerabilities with Nikto Scanner Nikto is an open source web server vulnerabilities scanner, written in Perl languages. It function is to... The post How to Find Web Server Vulnerabilities With Nikto Scanner appeared first on HackersOnlineClub.

Team Security Diskussion über Octopii - An AI-powered Personal Identifiable Information (PII) Scanner