GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → deqangss → adv-dnn-ens-malware

deqangss / adv-dnn-ens-malware

Licence: GPL-2.0 license
adversarial examples, adversarial malware examples, adversarial malware detection, adversarial deep ensemble, Android malware variants

Programming Languages

python
139335 projects - #7 most used programming language
Smali
51 projects

Labels

deep-neural-networkscybersecuritymalware-detectionadversarial-examplesadversarial-deep-ensembleadversarial-malware-detection

Projects that are alternatives of or similar to adv-dnn-ens-malware

Malware-Sample-Sources
Malware Sample Sources
Stars: ✭ 214 (+548.48%)
Mutual labels:  cybersecurity, malware-detection
Malware Feed
Bringing you the best of the worst files on the Internet.
Stars: ✭ 69 (+109.09%)
Mutual labels:  cybersecurity, malware-detection
haaukins
A Highly Accessible and Automated Virtualization Platform for Security Education
Stars: ✭ 148 (+348.48%)
Mutual labels:  cybersecurity
procedural-advml
Task-agnostic universal black-box attacks on computer vision neural network via procedural noise (CCS'19)
Stars: ✭ 47 (+42.42%)
Mutual labels:  adversarial-examples
know your ip
Know Your IP: Get location, blacklist status, shodan and censys results, and more.
Stars: ✭ 16 (-51.52%)
Mutual labels:  cybersecurity
gitavscan
Git Anti-Virus Scan Action - Detect trojans, viruses, malware & other malicious threats.
Stars: ✭ 23 (-30.3%)
Mutual labels:  malware-detection
rawsec-cybersecurity-inventory
An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
Stars: ✭ 153 (+363.64%)
Mutual labels:  cybersecurity
Malware-Detection
Deep Learning Based Android Malware Detection Framework
Stars: ✭ 29 (-12.12%)
Mutual labels:  malware-detection
recommendations-for-engineers
All of my recommendations for aspiring engineers in a single place, coming from various areas of interest.
Stars: ✭ 81 (+145.45%)
Mutual labels:  cybersecurity
Batch-Antivirus
Batch Antivirus, a powerful antivirus suite written in batch with real-time protection and heuristical scanning.
Stars: ✭ 26 (-21.21%)
Mutual labels:  malware-detection
Scylla
The Simplistic Information Gathering Engine | Find Advanced Information on a Username, Website, Phone Number, etc.
Stars: ✭ 424 (+1184.85%)
Mutual labels:  cybersecurity
linkedin-employee-scraper
Extract all employees from LinkedIn. Especially useful for companies with thousands of employees.
Stars: ✭ 16 (-51.52%)
Mutual labels:  cybersecurity
TheRoadOfSO
学习安全运营的记录 | The knowledge base of security operation
Stars: ✭ 286 (+766.67%)
Mutual labels:  cybersecurity
yara
Malice Yara Plugin
Stars: ✭ 27 (-18.18%)
Mutual labels:  malware-detection
MCAntiMalware
Anti-Malware for minecraft
Stars: ✭ 182 (+451.52%)
Mutual labels:  malware-detection
go-spyse
The official wrapper for spyse.com API, written in Go, aimed to help developers build their integrations with Spyse.
Stars: ✭ 25 (-24.24%)
Mutual labels:  cybersecurity
censys-recon-ng
recon-ng modules for Censys
Stars: ✭ 29 (-12.12%)
Mutual labels:  cybersecurity
awesome-ddos-tools
Collection of several DDos tools.
Stars: ✭ 75 (+127.27%)
Mutual labels:  cybersecurity
RobustTrees
[ICML 2019, 20 min long talk] Robust Decision Trees Against Adversarial Examples
Stars: ✭ 62 (+87.88%)
Mutual labels:  adversarial-examples
ArmorLib
Easily scan files for threats to security and privacy. A Rust library and command line tool. WIP.
Stars: ✭ 20 (-39.39%)
Mutual labels:  cybersecurity
View All Similar Projects ➔

Adversarial Deep Ensemble for Malware Detection

This code repository is for the paper, entitled Adversarial Deep Ensemble: Evasion Attacks and Defenses for Malware Detection by Deqiang Li and Qianmu Li (IEEE TIFS). Please check out the early access version here.

Overview

Our research question is how effective the ensemble attack and how robust the ensemble defense when they combat with each other. we enhance the robustness of deep neural network (DNN) by incorporating two defense techniques: adversarial training and ensemble (i.e., adversarial deep ensemble for short). The hardened DNNs are applied to an interesting context: adversarial mawlare detection. More specifically, we consider the Android malware examples. The main features of this repository are listed in the following:

  • Combat ensemble-based defense models with ensemble-based attacks;
  • Implement 5 defense methods for malware detection.
  • Implement more than 13 attacks, including gradient-based attacks, gradient-free attacks, transfer attacks, and mixture of attacks (ensemble based).
  • Generate the executable adversarial malware examples (APKs) automatically at scale.
  • Perturb a mawlare example using a large degree of manipulations such as Java reflection, Activities renaming, and etc.

Dependencies:

We develop codes on the system of Ubuntu. The leveraged packages are as follows:

Most of dependencies can be installed by 'pip' (e.g., pip install -r requirements.txt), except for the toolkit of apktool which shall be installed by following the official document of its own. Though we also cope with some incompatible issues to accommodate python 3.6, a thorough test is never conducted.

Usage

1. Dataset

  • For apk files, we recommend the Drebin and Androzoo. Note that both datasets are required to follow the policies of their own to obtain the apks. We re-compose the benign data of Drebin, of which the sha256s are available at here. Correspondingly, these apks files can be download from Androzoo.
  • For the preprocessed data, we provide the pre-processed via drebin feature extraction, which can be found here.
  • For waging attacks on the Drebin dataset, we randomly select 800 malware examples, of which a list of sha256s, named attack.list, is available here

2. Configure

We are required to change the conf by project_root=/absolute/path/to/adv-dnn-ens-malware/ and database_dir = /absolute/path/to/drebin/ to accommodate the current project and dataset paths. To be spical, in the folder of database_dir, the structure shall be:

drebin
|   attack.list % sha256 of 800 apks
|---drebin % the folder saves information about pre-processed data
      |   normalizer
      |   vocabulary.pkl
      |   vocabulary_info.pkl
      |   X.pkl
      |   y.pkl
|---benign_samples % the folder contains benign apk files (optional if 'drebin' feature exists)
|---malicious_samples % the folder contains malicious apk files (at least contains 800 APKs corresponding to the attack.list)
|---attack % this folder contains attack results and will be created by default

3. Run some scripts

We suggest the following motions to perform the code: Learn a basic dnn; Generate adversarial malware examples; Learn a defense model.

  (1). Learn a basic model (i.e., no defensive effort is put on the model):

python main.py learner -t

  (2). Generate adversarial representation against the basic model

python main.py attack -v basic_dnn -m fgsm

  More commands for performing other attack methods (e.g., gdkde, pgdl1, pgdl2, pgdlinf, jsma, bca_k, max, etc) against other models can be found in main.py. This means we can wage other attacks conveniently by an instruction, for example gdkde:

python main.py attack -v basic_dnn -m gdkde

All the hyper-parameters for the attack methods can be found in attack_manager.py.

  (2.1). Furthermore, we can generate executable adversarial examples by appending an extra -r, for example waging fgsm attack against the basic model:

python main.py attack -v basic_dnn -m fgsm -r

  (3). Learn the hardened model for example using adversarial training with the attack rfgsm:

python main.py defender -d atrfgsm -t

  Similarly, more commands for instantiating other adversarial training defenses incorporating an attack (e.g., adversarial training using adam, mixture of attacks, adversarial deep ensemble) can be found in main.py. In addition, we can wage attack against the defense model once we finish the corresponding training process:

python main.py attacker -v atrfgsm -m fgsm

  (4). Test defense model on pristine test set:

python main.py defender -d atrfgsm -p 
python main.py learner -p

  (5). Test defense model on adversarial representation/examples set:

python main.py defender -d atrfgsm -a
python main.py learner -a

We can specify a set of adversarial example by assigning a directory to the variable adv_sample_dir in the config file.

Learned Parameters

All learned model will be saved into the current directory under save folder that can be redirected by settings in the file of conf. We also provides some defenses models, which can be obtained here

Adversarial APKs

Following the nice suggestion from researcher Teenu S. John, we share some of the generated APKs via a shared link for research purposes (request form).

Acknowledgement

We adapt some codes from the following repositories:

Contacts

Welcome to dedicate yourselves into adversarial mawlare detection! If you have any questions or would like to make contributions to this repository such as issuing for us, please do not hesitate to contact us: [email protected].

License

  • For ethical consideration, all the code presented on this repository is for educational/research proposes solely. The illegal or misuse of the code can lead to criminal behaviours. We (our organization and authors) will not be held responsible in any criminal charges.

  • This project is released under the GPL license.

Citation

If you'd like to cite us in a project or publication, please include a reference to the IEEE TIFS paper:

@ARTICLE{9121297,
  author={D. {Li} and Q. {Li}},
  journal={IEEE Transactions on Information Forensics and Security}, 
  title={Adversarial Deep Ensemble: Evasion Attacks and Defenses for Malware Detection},
  year={2020},
  volume={15},
  number={},
  pages={3886-3900},
  doi={10.1109/TIFS.2020.3003571}
}
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].