Skip to main content

This package provide the interface to run multitask evolutionary injection generation

Project description

DaNuoYi - Evolutionary Multitask Injection Generation Tool

PyPI License

Context-free Grammar for Injection Generation

DaNuoYi uses the context-free grammar to generates the injection cases, and it is available at here.

There is also a document which briefly describes the context-free grammar injection generation.

Usage

Install DaNuoYi from pip or Source Code

For the purpose of easy to use, we build the DaNuoYi package from the source codes, and it is available at PyPi package library now. It is recommended to create a new environment and install DaNuoYi PyPi,

pip install DaNuoYi

or install from the source code,

git clone https://github.com/COLA-Laboratory/DaNuoYi
cd DaNuoYi
pip install .

Running

Now we can run injection generation as following:

"""
    quick_run accepts the following params:

    :param tasks: Any subset from ["sqli", "xss", "osi", "phpi", "xmli", "htmli"], tasks=None means running multitask injection generation
    :param waf: Choose from ['mod_security', 'ngx_lua_waf', 'lua_resty_waf'], three WAFs are supported currently.
    :param classifier_name: Any from ['lstm', 'rnn', 'gru']
    :param seed: random seed, the number of randoms is also the round of the experiments
    :param rnd_select: Disable fitness-based individual selection
    :return:
"""

import random
import time

import torch

from DaNuoYi import quick_run

seeds = [random.randint(1, 1000000) for _ in range(21)]

torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='lstm', waf='mod_security', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='rnn', waf='mod_security', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='gru', waf='mod_security', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='lstm', waf='lua_resty_waf', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='rnn', waf='lua_resty_waf', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='gru', waf='lua_resty_waf', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='lstm', waf='ngx_lua_waf', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='rnn', waf='ngx_lua_waf', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='gru', waf='ngx_lua_waf', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)

Experiment Results Visualization

  • The distribution of the bypassing test injections count on Ngx-Lua-WAF over 10 runs under the same search budget.

NGX-Lua-WAF

  • The distribution of the bypassing test injections count on Lua-Resty over 10 runs under the same search budget.

LUA-Resty-WAF

  • The distribution of the bypassing test injections count on ModSecurity over 10 runs under the same search budget.

ModSecurity-WAF

img.png

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

DaNuoYi-0.2.0-py3-none-any.whl (45.5 kB view details)

Uploaded Python 3

File details

Details for the file DaNuoYi-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: DaNuoYi-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 45.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.7.1 importlib_metadata/3.10.1 pkginfo/1.8.2 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.49.0 CPython/3.9.7

File hashes

Hashes for DaNuoYi-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 261c15cd238757f0eaeb3917c09b7121b7ebfa925b2c004c4971b3cbc8835afc
MD5 41b66ed590d9bcc76f38034401aebb4d
BLAKE2b-256 e323f6f68bead36637ce50f80a538c643c72fc71340b1ec5afdd48a407074933

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page