Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/yanminglai/Malware-GAN

Realization of paper: "Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN" 2017
https://github.com/yanminglai/Malware-GAN

Last synced: about 2 months ago
JSON representation

Realization of paper: "Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN" 2017

Host: GitHub
URL: https://github.com/yanminglai/Malware-GAN
Owner: yanminglai
License: gpl-3.0
Created: 2018-07-02T06:39:02.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2018-07-20T07:56:47.000Z (over 6 years ago)
Last Synced: 2024-08-12T08:09:28.647Z (5 months ago)
Language: Python
Homepage: https://arxiv.org/abs/1702.05983
Size: 2.38 MB
Stars: 114
Watchers: 5
Forks: 57
Open Issues: 7
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-MLSecOps - Malware-GAN

README

# Malware-GAN
This is a realization of "Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN".
The reaserch is done in Institute of Automation, Chinese Academy of Sciences, Summer 2018. http://english.ia.cas.cn/ with the help of my mentor XuBo.

## Introduction
The idea is to use a generative adversarial network (GAN) based algorithm to generate adversarial malware examples, which are able to bypass black-box machine learning based detection models.
![alt text](https://github.com/yanminglai/Malware-GAN/blob/master/figures/Architecture.png)

## Dependencies
```Tensorflow 1.80``` ```Keras 2.0``` ```Cuckoo Sandbox 2.03```

## Dataset
The original malware sample is acquired from https://virusshare.com/, I have used 3000 malware samples and 1500 benign samples for trainning and testing(will expand further).

I used the ```Cuckoo Sandbox``` to extract API features from samples. https://cuckoo.readthedocs.io/en/2.0.3/

128 API features are selcted as dimensional vectors to be input to the neutual network (API_list.txt)

## Experiments

MalGAN Architecture:
generator：128+20—256—128
subsitite detector：128—256—1
maximum epoch：100

True positive rate (in percentage) on original samples and adversarial examples when MalGAN and the black-box detector are trained on the SAME training set

![alt text](https://github.com/yanminglai/Malware-GAN/blob/master/figures/TPR_allclassifiers.png)

MLP-TPR

![alt text](https://github.com/yanminglai/Malware-GAN/blob/master/figures/MLPTPR.png)

True positive rate (in percentage) on original samples and adversarial examples when MalGAN and the black-box detector are trained on the DIFFERENT training set

![alt text](https://github.com/yanminglai/Malware-GAN/blob/master/figures/TPR_DIF.png)

True positive rate (in percentage) on the adversarial examples after the black-box detector is retrained (RF for example)

![alt text](https://github.com/yanminglai/Malware-GAN/blob/master/figures/retained.png)