Framework for Adversarial Malware Evaluation
Project description
Welcome to the FAMEwork for Adversarial Malware Evaluation
FAME has been designed to evaluate ML-based malware classifiers against adversarial examples. It aims to provide understanding on how byte-level transformations can be injected into Windows Portable Executable (PE) files and compromise models. Moreover, it supports integrity verification to ensure that the adversarial examples remain valid after manipulation. This work implements the action space proposed on the OpenAI gym malware environment. It has been implemented and tested using Fedora 30 and Ubuntu 16 with Python3. Library versions are defined in the requirements.txt file.
The framework consists of the following modules: ARMED, AIMED / AIMED-RL & GAME-UP.
GAME-UP: Generating Adversarial Malware Examples with Universal Perturbations
This module intends to analyze how Universal Adversarial Perturbations (UAPs) can be useful to create efficient adversarial examples compared to input-specific attacks. It explores how real malware examples in the problem-space affect the feature-space of classifiers to identify systematic weaknesses. Also, it implements a variant of adversarial training to improve the resilience of static ML-based malware classifiers for Windows PE binaries.
AIMED: Automatic Intelligent Modifications to Evade Detection
This approach focus on understanding how sensitive static malware classifiers are to adversarial examples. It uses different techniques including Genetic Programming (GP) and Reinforcement Learning (RL) to inject perturbations to Windows PE malware without compromising its functionality, keeping the frehsly generated adversarial example valid.
ARMED: Automatic Random Modifications to Evade Detection
With this option sequences of transformations are chosen randomly to identify weakspots in the classifier. This module implements a pipeline that is able to automatically generate realizable adversarial examples in the malware context.
How to run FAME
Install FAME:
$ pip install famework
Run FAME with any module (e.g., AIMED):
$ fame aimed
Here we describe how to run FAME by installing directly the package. For more detail about running from source and manual configuration of parameters refer to the install instructions.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file FAMEwork-0.1.5.tar.gz.
File metadata
- Download URL: FAMEwork-0.1.5.tar.gz
- Upload date:
- Size: 2.1 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.7.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 3d2bc03fea51aa54f3aefd606f635168bbbbdd68ad09c464bf6a2811b55335f8 |
|
| MD5 | cabd63c86cca79ef8c1e4efddc8a057f |
|
| BLAKE2b-256 | e2343d0f27c92a2670e0a0c5fcc341f7d1d272d49216240dd277ecff20f385ab |
File details
Details for the file FAMEwork-0.1.5-py3-none-any.whl.
File metadata
- Download URL: FAMEwork-0.1.5-py3-none-any.whl
- Upload date:
- Size: 2.1 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.7.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a730d086ff4f1bf79d79e54a9d91edf29764f916205b55fa90756ca6ddbfc9d5 |
|
| MD5 | af147bbd24e531087860c30de039a843 |
|
| BLAKE2b-256 | f2e1076622926fdbbc619af97b2156efd6d7a658d3f6eaec149614ab3a1e8ef2 |
