This is a plugin for the SecML Python library. There is a pre-trained MalConv model trained by EndGame, included in this project for testing.
- Partial DOS Header manipulation, formulated by Demetrio et al.
- Padding attack, formulated by Kolosnjaji et al.
- GAMMA, formulated by Demetrio et al.
- FGSM padding + slack formulated by Kreuk et al. and Suciu et al.
- Content shifting and DOS header extension formulated by Demetrio et al.
Navigate to the folder where you want to clone the project.
I recommend creating a new environment (I use conda):
conda create -n secml-malware-env python=3.7
conda activate secml-malware-env
git clone https://github.com/zangobot/secml_malware.git
cd secml_malware
pip install -r requirements.txt
pip install git+https://github.com/endgameinc/ember.gitYou also need to install pytorch, find instructions here.
After having installed pytorch, install this package locally:
pip install -e .If you encouter problem due to libmagic, follow this instruction
Activate your environment import the secml_malware package inside your script:
import secml_malware
print(secml_malware.__version__)The tests included in this project show how the library can be used for applying the manipulation to the input programs. There is also an example Jupyter notebook tutorial on how to build a simple attack (using a standard one).
If you use SecML Malware, please cite our latest work:
@article{demetrio2020adversarial,
title={Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection},
author={Luca Demetrio and Scott E. Coull and Battista Biggio and Giovanni Lagorio and Alessandro Armando and Fabio Roli},
year={2020},
eprint={2008.07125},
archivePrefix={arXiv},
primaryClass={cs.CR}
}If you encounter something strange, feel free to open an issue! I am working a lot, and bugs are present everytwhere. Let me know, and I'll try to fix them as soon as possible.
I provide a small test suite for the attacks I have developed inside the plugin. If you want to run them, ADD GOODWARE/MALWARE samples! There are two distinct folders:
secml_malware/data/goodware_samples
secml_malware/data/malware_samples/test_folder
Please, add samples to both folders (if and only if you want to run the internal tests).