This is a Python library to perform homoglyph-based attacks on text.
pip install silverspeak
For full documentation, visit https://acmcmc.github.io/silverspeak/.
Contributions are very welcome! SilverSpeak is still a work in progress, and while we're working hard to finish it, we'd greatly appreciate any help from the community.
Here are some ways you can contribute:
- Implementing new homoglyph attack strategies
- Improving documentation and examples
- Writing tests to ensure reliability
- Reporting bugs or suggesting features via GitHub issues
To contribute, please feel free to fork the repository, make your changes, and submit a pull request. If you're unsure about a contribution or have questions, you can also open an issue for discussion.
from silverspeak import random_attack
text = "Hello, world!"
attacked_text = random_attack(text=text, percentage=0.1, random_seed=2242)
print(attacked_text)SilverSpeak offers significant advantages over existing homoglyph replacement libraries. Here's how it compares:
| Feature | SilverSpeak | confusable_homoglyphs | life4/homoglyphs | codebox/homoglyph | decancer | squatm3 | unisec | homoglyphic | glyphcheck |
|---|---|---|---|---|---|---|---|---|---|
| Homoglyph Sources | Unicode standard + OCR-based confusables | Unicode standard only | Unicode standard only | Unicode standard + partial additions | Unicode standard only | Unicode standard only | Unicode standard only | Unicode standard only | Limited set |
| Context-Awareness | ✅ Local context matching for natural replacements | ❌ No context awareness | ❌ No context awareness | ❌ No context awareness | ❌ No context awareness | ❌ No context awareness | ❌ No context awareness | ❌ No context awareness | ❌ No context awareness |
| Normalization | HKB fast pipeline with ambiguity metadata | Basic detection only | Basic ASCII conversion | Simple search capabilities | Text cleanup only | Limited detection | Limited detection | Simple detection | Limited detection |
| Attack Reversal | ✅ Advanced attack normalization | ❌ Detection only | ❌ Limited to ASCII conversion | ❌ No reversal | ✅ Basic cleanup | ❌ Limited | ❌ Limited | ❌ No | |
| Targeted Attack Support | ✅ Sophisticated targeting | ❌ No | ❌ No | ❌ No | ❌ No | ❌ No | ❌ No | ❌ No | |
| Python Compatibility | ✅ Modern Python | ✅ Python 2 & 3 | ❌ JavaScript/Java focus | ✅ Deno/JS focus | ✅ Python 3 | ✅ Ruby | ✅ C# | ✅ Go | |
| Language Model Integration | Not required at runtime (HKB graph) | ❌ None | ❌ None | ❌ None | ❌ None | ❌ None | ❌ None | ❌ None | ❌ None |
| Performance Optimization | ✅ Optimized for both attack and defense | ||||||||
| Documentation | ✅ Comprehensive with examples | ||||||||
| OCR Character Support | ✅ Extensive | ❌ No | ❌ No | ❌ No | ❌ No | ❌ No | ❌ No | ❌ No | ❌ No |
| Library | Primary Focus | Strengths | Limitations |
|---|---|---|---|
| confusable_homoglyphs | Character confusion detection | Simple API, basic detection | No attack reversal, limited to Unicode confusables |
| life4/homoglyphs | ASCII conversion | Simple conversion to ASCII | Limited homoglyph set, no context awareness, basic functionality |
| codebox/homoglyph | Search capabilities | Good for basic searches | JavaScript/Java only, no reversal capabilities, limited features |
| decancer | Text cleanup | Removes "cancerous" text formatting | Limited to cleanup, no sophisticated attack capabilities |
| squatm3 | Domain squatting detection | Good for cybersecurity use cases | Narrow focus on domains, limited features |
| unisec | Unicode security toolkit | General Unicode security | Not focused on homoglyphs specifically, limited features |
| homoglyphic | Simple detection | Easy integration with C# | Basic detection only, no advanced features |
| glyphcheck | Source code homoglyph detection | Simple API | Very limited feature set |
-
Advanced Context Matching: SilverSpeak analyzes the surrounding text to select homoglyphs that match the local context in terms of Unicode properties (script, block, category, bidirectional, east_asian_width), ensuring visually coherent replacements. This feature is entirely absent in all other libraries.
-
OCR-Based Confusables: Beyond standard Unicode confusables, SilverSpeak includes characters that appear similar in OCR systems, making it substantially more comprehensive than libraries relying solely on Unicode definitions. Our OCR-based approach captures visual similarities that aren't defined in the Unicode standard.
-
HKB normalization: ranked homoglyph graph for fast, deterministic normalization with an audit trail.
-
Targeted Attack Capabilities: Unlike competing libraries that focus solely on detection or simple random replacements, SilverSpeak provides sophisticated targeted attack strategies that can evade specific AI text detectors while maintaining human readability.
-
Comprehensive Testing: benchmark harness with clean-text FPR gate and round-trip recovery metrics.
-
Active Research: developed as part of published academic research "SilverSpeak: Evading AI-Generated Text Detectors using Homoglyphs".
While other libraries focus primarily on detection or simple character substitution, SilverSpeak shines in the following scenarios:
-
AI Text Detection Evasion: SilverSpeak was specifically designed to enable text to evade AI-generated text detectors while maintaining human readability, a capability not found in any other homoglyph library.
-
Security Research: For researchers examining how homoglyph attacks can affect modern NLP systems and security tools, SilverSpeak provides the most comprehensive toolkit available.
-
Text Normalization: HKB-based fast pipeline with structured
NormalizeResultoutput. -
Language Processing Pipeline Protection: SilverSpeak can be integrated into text processing pipelines to sanitize input text before it reaches sensitive language processing components.
-
Content Moderation: Unlike simple libraries that only detect basic homoglyphs, SilverSpeak's context-aware approach helps identify and normalize sophisticated homoglyph-based attempts to bypass content filters.
-
Academic Research: research-backed homoglyph attack and normalization toolkit.
-
Cross-Language Text Processing: With its advanced Unicode property analysis, SilverSpeak handles mixed-script text more effectively than alternatives.
Most other libraries were designed for simple use cases like domain spoofing detection or basic homoglyph identification, making them insufficient for advanced applications like those listed above.
This library was developed as part of the paper "SilverSpeak: Evading AI-Generated Text Detectors using Homoglyphs". A part of the code in this repository is used to reproduce the results of the paper (check out the v1.0.0 tag).
The name SilverSpeak comes from the expression "Hablar en plata" in Spanish. While a literal translation would be "Speak in silver", it means "Speak clearly". Therefore, some people would understand the underlying meaning, while those unfamiliar with the expression would likely misunderstand it.
Homoglyph-based attacks are an effective evasion technique since they change the meaning that detectors perceive, while maintaining the same appearance to a human observer. We think the idea can be a metaphor of the system getting "lost in translation", especially considering that homoglyphs are frequently identical characters in different languages.
Hereby the rationale behind our choice of the name SilverSpeak to refer to the family of homoglyph-based attacks that we use in our paper. The attacks play with the understood meaning of the text, depending on who is the observer, taking advantage of codification differences across alphabets.