This package provide the interface to run multitask evolutionary injection generation
Project description
DaNuoYi - Evolutionary Multitask Injection Generation Tool
Context-free Grammar for Injection Generation
DaNuoYi uses the context-free grammar to generates the injection cases, and it is available at here.
There is also a document which briefly describes the context-free grammar injection generation.
Usage
Install DaNuoYi from pip or Source Code
For the purpose of easy to use, we build the DaNuoYi package from the source codes, and it is available at PyPi package library now. It is recommended to create a new environment and install DaNuoYi PyPi,
pip install DaNuoYi
or install from the source code,
git clone https://github.com/COLA-Laboratory/DaNuoYi
cd DaNuoYi
pip install .
Running
Now we can run injection generation as following:
"""
quick_run accepts the following params:
:param tasks: Any subset from ["sqli", "xss", "osi", "phpi", "xmli", "htmli"], tasks=None means running multitask injection generation
:param waf: Choose from ['mod_security', 'ngx_lua_waf', 'lua_resty_waf'], three WAFs are supported currently.
:param classifier_name: Any from ['lstm', 'rnn', 'gru']
:param seed: random seed, the number of randoms is also the round of the experiments
:param rnd_select: Disable fitness-based individual selection
:return:
"""
import random
import time
import torch
from DaNuoYi import quick_run
seeds = [random.randint(1, 1000000) for _ in range(21)]
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='lstm', waf='mod_security', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='rnn', waf='mod_security', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='gru', waf='mod_security', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='lstm', waf='lua_resty_waf', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='rnn', waf='lua_resty_waf', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='gru', waf='lua_resty_waf', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='lstm', waf='ngx_lua_waf', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='rnn', waf='ngx_lua_waf', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='gru', waf='ngx_lua_waf', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
Experiment Results Visualization
- The distribution of the bypassing test injections count on Ngx-Lua-WAF over 10 runs under the same search budget.
- The distribution of the bypassing test injections count on Lua-Resty over 10 runs under the same search budget.
- The distribution of the bypassing test injections count on ModSecurity over 10 runs under the same search budget.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
No source distribution files available for this release.See tutorial on generating distribution archives.
Built Distribution
DaNuoYi-0.2.0-py3-none-any.whl
(45.5 kB
view hashes)