![]()
Pesidious - Malware Mutation Using Reinforcement Learning And Generative Adversarial Networks
2020-10-25 05:30:00
Author: www.blogger.com(查看原文)
阅读量:326
收藏
tag:blogger.com,1999:blog-8317222231133660547.post-40397907389262153752020-10-24T17:30:00.014-03:002020-10-24T17:30:01.417-03:00Pesidious - Malware Mutation Using Reinforcement Learning And Generative Adversarial Networks<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-1VkQ6Y2Za-s/X5JdM7k5B7I/AAAAAAAAUJg/puSuDSBUbbo3n51uqgQ-88OeTRoOAlJygCNcBGAsYHQ/s762/Pesidious_1_pesidoius%252520logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="233" data-original-width="762" height="196" src="https://1.bp.blogspot.com/-1VkQ6Y2Za-s/X5JdM7k5B7I/AAAAAAAAUJg/puSuDSBUbbo3n51uqgQ-88OeTRoOAlJygCNcBGAsYHQ/w640-h196/Pesidious_1_pesidoius%252520logo.png" width="640" /></a></div><p><br /></p><span style="font-size: x-large;"><b>Malware Mutation using Deep Reinforcement Learning and GANs</b></span><br /> <p>The purpose of the tool is to use <a href="https://www.kitploit.com/search/label/Artificial%20Intelligence" target="_blank" title="artificial intelligence">artificial intelligence</a> to mutate a malware (PE32 only) sample to bypass AI powered classifiers while keeping its functionality intact. In the past, notable work has been done in this domain with researchers either looking at reinforcement learning or generative adversarial networks as their weapons of choice to modify the states of a malware executable in order to deceive anti-virus agents. Our solution makes use of a combination of deep reinforcement learning and GANs in order to overcome some of the limitations faced while using these approaches independently as showen below.</p><p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-fcaf16qZTAo/X5JdTEi10pI/AAAAAAAAUJk/98vd-tuPHogmeEYJByEzz68gXWg_GiIuwCNcBGAsYHQ/s2261/Pesidious_2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="764" data-original-width="2261" height="216" src="https://1.bp.blogspot.com/-fcaf16qZTAo/X5JdTEi10pI/AAAAAAAAUJk/98vd-tuPHogmeEYJByEzz68gXWg_GiIuwCNcBGAsYHQ/w640-h216/Pesidious_2.png" width="640" /></a></div><p> </p> <p>Find our full documentation for the tool <a href="https://vaya97chandni.gitbook.io/pesidious/" rel="nofollow" target="_blank" title="here">here</a></p> <br /><span style="font-size: large;"><b>Installation Instructions</b></span><br /> <blockquote> <p></p><div>Since this tool deals with malware files, it is strongly recommended to use a virtual machine. After installation of the tool, make sure to disconnect from the network.</div></blockquote> <p>The following steps will guide you through all the installations required to set up the environment.</p> <ol> <li> <p><a href="https://realpython.com/installing-python/" rel="nofollow" target="_blank" title="Install and set up Python 3.6.">Install and set up Python 3.6.</a></p> </li> <li> <p>Clone the repository.</p> <div><pre><code>git clone https://github.com/CyberForce/Pesidious</code></pre></div> </li> <li> <p>Move into the project directory.</p> <div><pre><code>cd Pesidious</code></pre></div> </li> <li> <p><a href="https://docs.python.org/3/tutorial/venv.html" rel="nofollow" target="_blank" title="Set up and activate a virtual environment with Python 3.6">Set up and activate a virtual environment with Python 3.6</a></p> <blockquote> <p>It is recommended to use a virtual environment to avoid conflicts between packages used by different applications</p> </blockquote> </li> <li> <p>Make sure that you have pip 8.1.1 installed and set up.</p> <blockquote> <p>This is due to later versions of pip not playing well with the PyTorch libary.</p> </blockquote> <div><pre><code>pip install pip==8.1.1</code></pre></div> </li> <li> <p>Install all the required libraries, by installing the requirements.txt file.</p> <div><pre><code>pip install -r pip_requirements/requirements.txt</code></pre></div> </li> </ol> <br /><b>Mutate Your Malware</b><br /> <p>The output from GAN has already been stored as (<code>RL_Features/adverarial_imports_set.pk</code> and <code>RL_Features/adverarial_sections_set.pk</code>) which will be used for when adding imports and sections to the malware for mutation.</p> <ol> <li> <p>You can test the sample classifier to score malware files.</p> <pre><code>python classifier.py -d /path/to/directory/with/malware/files<br /></code></pre> </li> <li> <p>Run the <code>mutate.py</code> python script to mutate your malware samples.</p> <pre><code>python mutate.py -d /path/to/directory/with/malware/files<br /></code></pre> </li> <li> <p>The mutated malware files will be stored in a directory called Mutated_malware in the following format</p> <pre><code>Mutated_malware/mutated_<name-of-the-file><br /></code></pre> </li> <li> <p>Once the malware files are mutated, you can run the classifier again to score the mutated malware.</p> <pre><code>python classifier.py -d Mutated_malware/<br /></code></pre> </li> </ol> <br /><span style="font-size: large;"><b>Known Issues and Fixes</b></span><br /> <blockquote> <p></p><div>WARNING: This segment is currently under construction. We apologize for any inconvinience caused. Please proceed to the next section. <a href="https://github.com/CyberForce/Pesidious#to-do" rel="nofollow" target="_blank" title="click here">click here</a></div></blockquote> <ol> <li> <p><code>pip install -r requirements.txt</code> gives you an error.</p> <p>Solution:</p> <pre><code>pip install tqdm<br />pip install sklearn<br />pip install lief<br /></code></pre> </li> <li> <p><strong>ModuleNotFoundError: No module named 'tensorboardX'</strong> error while running <code>python main_malgan.py</code> script.</p> <p>Solution:</p> <pre><code>pip install tensorboardX<br /></code></pre> </li> <li> <p><strong>Error with the execution of import-append, section-append (not found)</strong></p> <p>Solution Give execute permission to these executables using the following commands on your terminal</p> <pre><code>cd portable-executable/<br />chmod 777 project-add-sections/bin/Debug/project-append-section<br />chmod 777 project-add-imports/bin/Debug/project-append-imports<br /><br /></code></pre> </li> </ol> <br /><span style="font-size: large;"><b>Built With</b></span><br /> <ul> <li><a href="https://pytorch.org/" rel="nofollow" target="_blank" title="PyTorch">PyTorch</a> - Open source machine learning library based on the Torch library.</li> <li><a href="https://github.com/lief-project/LIEF" rel="nofollow" target="_blank" title="Lief">Lief</a> - A <a href="https://www.kitploit.com/search/label/Cross%20Platform" target="_blank" title="cross platform">cross platform</a> library which can parse, modify and abstract ELF, PE and MachO formats.</li> <li><a href="https://github.com/BackupGGCode/portable-executable-library" rel="nofollow" target="_blank" title="PE Bliss">PE Bliss</a> - PE libarry for rebuilding PE files, written in C++.</li> <li><a href="https://github.com/endgameinc/gym-malware/" rel="nofollow" target="_blank" title="Gym-Malware">Gym-Malware</a> - Malware <a href="https://www.kitploit.com/search/label/Manipulation" target="_blank" title="manipulation">manipulation</a> environment for OpenAI's gym.</li> <li><a href="https://github.com/ZaydH/MalwareGAN" rel="nofollow" target="_blank" title="MalwareGAN">MalwareGAN</a> - Adversarial Malware Generation Using GANs.</li> </ul> <br /><span style="font-size: large;"><b>Authors</b></span><br /> <ul> <li><strong>Chandni Vaya</strong> - <em>X-Force Incident Response, IBM Security</em> - <a href="https://github.com/Chandni97" rel="nofollow" target="_blank" title="Github">Github</a></li> <li><strong>Bedang Sen</strong> - <em>X-Force Incident Response, IBM Security</em> - <a href="http://github.com/bedangSen/" rel="nofollow" target="_blank" title="Github">Github</a></li> </ul> <br /><span style="font-size: large;"><b>Acknowledgments</b></span><br /> <ul> <li>Gym-Malware Environment: <a href="https://github.com/endgameinc/gym-malware" rel="nofollow" target="_blank" title="https://github.com/endgameinc/gym-malware">https://github.com/endgameinc/gym-malware</a>. The environment was modified to add GAN and the mutations were added/changed/removed to improve the evasiveness of the malware and maintain functionality.</li> <li>Yanming Lai's (<a href="https://github.com/yanminglai/Malware-GAN" rel="nofollow" target="_blank" title="https://github.com/yanminglai/Malware-GAN">https://github.com/yanminglai/Malware-GAN</a>) and</li> <li>Zayd Hammoudeh's (<a href="https://github.com/ZaydH/MalwareGAN" rel="nofollow" target="_blank" title="https://github.com/ZaydH/MalwareGAN">https://github.com/ZaydH/MalwareGAN</a>) work on implementation on Han and Tan's MalGAN played a crucial role in our understanding of the architecture. A majority of the implementation of the MalGAN used in this project has been forked off Hammoudeh's work.</li> </ul> <br /><span style="font-size: large;"><b>References</b></span><br /> <p>Anderson, H., Kharkar, A., Filar, B., Evans, D. and Roth, P. (2018). Learning to Evade Static PE <a href="https://www.kitploit.com/search/label/Machine%20Learning" target="_blank" title="Machine Learning">Machine Learning</a> Malware Models via Reinforcement Learning. [online] arXiv.org. Available at: <a href="https://arxiv.org/abs/1801.08917" rel="nofollow" target="_blank" title="https://arxiv.org/abs/1801.08917">https://arxiv.org/abs/1801.08917</a>.</p> <p>Docs.microsoft.com. (n.d.). PE Format - Windows applications. [online] Available at: <a href="https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#general-concepts" rel="nofollow" target="_blank" title="https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#general-concepts">https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#general-concepts</a>.</p> <p>Fang, Z., Wang, J., Li, B., Wu, S., Zhou, Y. and Huang, H. (2019). Evading Anti-Malware Engines With Deep Reinforcement Learning. [online] Ieeexplore.ieee.org. Available at: <a href="https://ieeexplore.ieee.org/abstract/document/8676031" rel="nofollow" target="_blank" title="https://ieeexplore.ieee.org/abstract/document/8676031">https://ieeexplore.ieee.org/abstract/document/8676031</a> [Accessed 25 Aug. 2019]. <a href="https://resources.infosecinstitute.com" rel="nofollow" target="_blank" title="https://resources.infosecinstitute.com">https://resources.infosecinstitute.com</a>. (2019).</p> <p>Malware Researcher’s Handbook (Demystifying PE File). [online] Available at: <a href="https://resources.infosecinstitute.com/2-malware-researchers-handbook-demystifying-pe-file/#gref" rel="nofollow" target="_blank" title="https://resources.infosecinstitute.com/2-malware-researchers-handbook-demystifying-pe-file/#gref">https://resources.infosecinstitute.com/2-malware-researchers-handbook-demystifying-pe-file/#gref</a>.</p> <p>Hu, W. and Tan, Y. (2018). Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN. [online] arXiv.org. Available at: <a href="https://arxiv.org/abs/1702.05983" rel="nofollow" target="_blank" title="https://arxiv.org/abs/1702.05983">https://arxiv.org/abs/1702.05983</a>.</p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/CyberForce/Pesidious" rel="nofollow" target="_blank" title="Download Pesidious">Download Pesidious</a></span></b></div>Zion3R[email protected]
文章来源: http://www.blogger.com/feeds/8317222231133660547/posts/default/4039790738926215375
如有侵权请联系:admin#unsafe.sh