Skip to main content

This package provide the interface to run multitask evolutionary injection generation

Project description

DaNuoYi - Evolutionary Multitask Injection Generation Tool

PyPI License

Context-free Grammar for Injection Generation

DaNuoYi uses the context-free grammar to generates the injection cases, and it is available at here.

There is also a document which briefly describes the context-free grammar injection generation.

Usage

Install DaNuoYi from pip or Source Code

For the purpose of easy to use, we build the DaNuoYi package from the source codes, and it is available at PyPi package library now. It is recommended to create a new environment and install DaNuoYi PyPi,

pip install DaNuoYi

or install from the source code,

git clone https://github.com/COLA-Laboratory/DaNuoYi
cd DaNuoYi
pip install .

Running

Now we can run injection generation as following:

"""
    quick_run accepts the following params:

    :param tasks: Any subset from ["sqli", "xss", "osi", "phpi", "xmli", "htmli"], tasks=None means running multitask injection generation
    :param waf: Choose from ['mod_security', 'ngx_lua_waf', 'lua_resty_waf'], three WAFs are supported currently.
    :param classifier_name: Any from ['lstm', 'rnn', 'gru']
    :param seed: random seed, the number of randoms is also the round of the experiments
    :param rnd_select: Disable fitness-based individual selection
    :return:
"""

import random
import time

import torch

from DaNuoYi import quick_run

seeds = [random.randint(1, 1000000) for _ in range(21)]

torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='lstm', waf='mod_security', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='rnn', waf='mod_security', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='gru', waf='mod_security', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='lstm', waf='lua_resty_waf', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='rnn', waf='lua_resty_waf', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='gru', waf='lua_resty_waf', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='lstm', waf='ngx_lua_waf', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='rnn', waf='ngx_lua_waf', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)
quick_run(classifier_name='gru', waf='ngx_lua_waf', seed=seeds, rnd_select=False)
torch.cuda.empty_cache()
time.sleep(5)

Experiment Results Visualization

  • The distribution of the bypassing test injections count on Ngx-Lua-WAF over 10 runs under the same search budget.

NGX-Lua-WAF

  • The distribution of the bypassing test injections count on Lua-Resty over 10 runs under the same search budget.

LUA-Resty-WAF

  • The distribution of the bypassing test injections count on ModSecurity over 10 runs under the same search budget.

ModSecurity-WAF

img.png

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

DaNuoYi-0.2.0-py3-none-any.whl (45.5 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page