maltorch 0.3.3

Pytorch-based library for creating Adversarial EXEmples against Windows Malware detectors.

Maltorch: Pentesting Suite for AI-based Windows Malware Detectors

Testing the security of AI-based Windows malware detectors has never been easier! You can deploy maltorch, boot up models already trained with PyTorch, and deploy an arsenal of testing techniques before placing an AV in production.

Installation

You can install maltorch through pip, but you also need a custom version of EMBER due to numpy portability issues.

pip install maltorch
pip install git+https://github.com/zangobot/ember.git

Included manipulations

Maltorch contains most of the practical manipulations of this field:

• DOS header extension and editing (PartialDOS, FullDOS, Extend)
• Content shifting
• Section injection with optimized or goodware content (GAMMA)
• Padding

Most of the manipulations can be used either with gradient-based and gradient-free optimization.

Loading AI-based Models

The library already provides tons of pre-trained models, you can instantiate one by just:

from maltorch.zoo.malconv import MalConv
model = MalConv.create_model()

and it also accepts device parameter to load the model in GPU.

Evasion Attacks

Straight-forward way to compute attacks! You just neet to load the model, instantiate the attack, and then pass the model to the freshly-created technique:

from torch.utils.data import TensorDataset, DataLoader
from maltorch.adv.evasion.partialdos import PartialDOS
from maltorch.data.loader import load_from_folder, create_labels
from maltorch.zoo.malconv import MalConv

model = MalConv.create_model()

# Load data as a Pytorch DataLoader
folder_with_exe = ...
X = load_from_folder(folder_with_exe, "exe",device=device)
y = create_labels(X, 1, device=device)
dl = DataLoader(TensorDataset(X, y), batch_size=3)

# Store adversarial EXEmples into a new DataLoader
attack = PartialDOS(query_budget=3)
adversarial_loader = attack(model, torch_data_loader)