Pytorch-based library for creating Adversarial EXEmples against Windows Malware detectors.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for zangobot from gravatar.com zangobot

Unverified details

These details have not been verified by PyPI
Meta
Classifiers
Report project as malware

Project description

Maltorch: Pentesting Suite for AI-based Windows Malware Detectors

PyPI GitHub code size in bytes GitHub issues PyPI - Python Version PyPI - Downloads

Testing the security of AI-based Windows malware detectors has never been easier! You can deploy maltorch, boot up models already trained with PyTorch, and deploy an arsenal of testing techniques before placing an AV in production.

Installation

You can install maltorch through pip, but you also need a custom version of EMBER due to numpy portability issues.

pip install maltorch
pip install git+https://github.com/zangobot/ember.git

Included manipulations

Maltorch contains most of the practical manipulations of this field:

  • DOS header extension and editing (PartialDOS, FullDOS, Extend)
  • Content shifting
  • Section injection with optimized or goodware content (GAMMA)
  • Padding

Most of the manipulations can be used either with gradient-based and gradient-free optimization.

Loading AI-based Models

The library already provides tons of pre-trained models, you can instantiate one by just:

from maltorch.zoo.malconv import MalConv
model = MalConv.create_model()

and it also accepts device parameter to load the model in GPU.

Evasion Attacks

Straight-forward way to compute attacks! You just neet to load the model, instantiate the attack, and then pass the model to the freshly-created technique:

from torch.utils.data import TensorDataset, DataLoader
from maltorch.adv.evasion.partialdos import PartialDOS
from maltorch.data.loader import load_from_folder, create_labels
from maltorch.zoo.malconv import MalConv

model = MalConv.create_model()

# Load data as a Pytorch DataLoader
folder_with_exe = ...
X = load_from_folder(folder_with_exe, "exe",device=device)
y = create_labels(X, 1, device=device)
dl = DataLoader(TensorDataset(X, y), batch_size=3)

# Store adversarial EXEmples into a new DataLoader
attack = PartialDOS(query_budget=3)
adversarial_loader = attack(model, torch_data_loader)

Loading AI-based Models

The library already provides tons of pre-trained models, you can instantiate one by just:

from maltorch.zoo.malconv import MalConv
model = MalConv.create_model()

and it also accepts device parameter to load the model in GPU.

Evasion Attacks

Straight-forward way to compute attacks! You just neet to load the model, instantiate the attack, and then pass the model to the freshly-created technique:

from torch.utils.data import TensorDataset, DataLoader
from maltorch.adv.evasion.partialdos import PartialDOS
from maltorch.data.loader import load_from_folder, create_labels
from maltorch.zoo.malconv import MalConv

model = MalConv.create_model()

# Load data as a Pytorch DataLoader
folder_with_exe = ...
X = load_from_folder(folder_with_exe, "exe",device=device)
y = create_labels(X, 1, device=device)
dl = DataLoader(TensorDataset(X, y), batch_size=3)

# Store adversarial EXEmples into a new DataLoader
attack = PartialDOS(query_budget=3)
adversarial_loader = attack(model, torch_data_loader)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for zangobot from gravatar.com zangobot

Unverified details

These details have not been verified by PyPI
Meta
Classifiers

Release history Release notifications | RSS feed

0.3.5

0.3.3

0.3.2

This version

0.3

0.2.7

0.2.4

0.2.3

0.2.2

0.2.1

0.2

0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

maltorch-0.3.tar.gz (56.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

maltorch-0.3-py3-none-any.whl (96.7 kB view details)

Uploaded Python 3

File details

Details for the file maltorch-0.3.tar.gz.

File metadata

  • Download URL: maltorch-0.3.tar.gz
  • Upload date:
  • Size: 56.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for maltorch-0.3.tar.gz
Algorithm Hash digest
SHA256 bb50ef672bbdb9cf4bb93dc8e6d6cf7364112a25175a1c3173b2b43f584da628
MD5 3a233514bf5ec9c66bc63176e20e6d54
BLAKE2b-256 98c7742bcdee82be44bddb45fda54959729b4c050a6f2a9ad5efa4c007a48c44

See more details on using hashes here.

File details

Details for the file maltorch-0.3-py3-none-any.whl.

File metadata

  • Download URL: maltorch-0.3-py3-none-any.whl
  • Upload date:
  • Size: 96.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for maltorch-0.3-py3-none-any.whl
Algorithm Hash digest
SHA256 bf81500b6ebcc723745102c27e4657ca4aa2dd74fca8b2f38a97b19f01c2eb5d
MD5 37f9ce47171834bf421b11d07cc7a926
BLAKE2b-256 30cf736c132f14d1942b4eff10ddd77025fe2441394fa46593cdaa0a1d7cfa87

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page