1. secml_malware.attack.whitebox package
1.1. Subpackages
1.2. Submodules
1.3. secml_malware.attack.whitebox.c_discretized_bytes_evasion module
- class secml_malware.attack.whitebox.c_discretized_bytes_evasion.CDiscreteBytesEvasion(end2end_model: secml_malware.models.c_classifier_end2end_malware.CClassifierEnd2EndMalware, index_to_perturb: list, iterations: int = 100, is_debug: bool = False, random_init: bool = False, threshold: float = 0.5, penalty_regularizer: float = 0, chunk_hyper_parameter: int = 256)
Bases:
secml_malware.attack.whitebox.c_end2end_evasion.CEnd2EndMalwareEvasion
Creates the attack that perturbs the header of a Windows PE malware.
- apply_feature_mapping(x: secml.array.c_array.CArray) secml.array.c_array.CArray
Applies the feature extraction
- Parameters
x (CArray) – the input malware sample
- Returns
the feature vector
- Return type
CArray
- compute_penalty_term(original_x: secml.array.c_array.CArray, adv_x: secml.array.c_array.CArray, par: float) torch.Tensor
Computes the penalty term as torch node
- Parameters
original_x (CArray) – the original malware sample
adv_x (CArray) – the adversarial malware version
par (float) – the regularization parameter
- Returns
a torch node of the graph containing the penalty
- Return type
torch.Tensor
- infer_step(x_init: secml.array.c_array.CArray) float
Return prediction w.r.t. the malware class
- Parameters
x_init (CArray) – the sample to use for the forward step
- Returns
the malware score
- Return type
float
- invert_feature_mapping(x: secml.array.c_array.CArray, x_adv: secml.array.c_array.CArray) secml.array.c_array.CArray
Invert the feature mapping
- Parameters
x (CArray) – the original sample
x_adv (CArray) – the adversarial sample
- Returns
the inverted feature mapping of the adv sample
- Return type
CArray
- loss_function_gradient(original_x: secml.array.c_array.CArray, adv_x: secml.array.c_array.CArray, penalty_term: torch.Tensor) torch.Tensor
Compute the gradient of the loss function of the target model
- Parameters
original_x (CArray) – the original malware sample
adv_x (CArray) – the adversarial malware sample
penalty_term (torch.Tensor) – the penalty term
- Returns
the gradient of the model w.r.t. input on the embedding layer
- Return type
torch.Tensor
- optimization_solver(E: torch.Tensor, gradient_f: torch.Tensor, index_to_consider: list, x_init: secml.array.c_array.CArray) secml.array.c_array.CArray
Optimizes the end-to-end evasion
- Parameters
E (torch.Tensor) – the embedding matrix E, with all the embedded values
gradient_f (torch.Tensor) – the gradient of the function w.r.t. the embedding
index_to_consider (list) – the list of indexes to perturb
x_init (CArray) – the input sample to manipulate
- Returns
the adversarial malware
- Return type
CArray
- secml_malware.attack.whitebox.c_discretized_bytes_evasion.gradient_search(start_byte: int, gradient: torch.Tensor, embedding_bytes: torch.Tensor, invalid_val=inf, invalid_pos: int = - 1)
Given the starting byte, the gradient and the embedding map,it returns a list of distances
- Parameters
start_byte (int) – the starting byte for the search
gradient (torch.Tensor) – the gradient
embedding_bytes (torch.Tensor) – the embedding matrix with all the byte embedded
invalid_val (optional, default np.infty) – the invalid value to use. Default np.infty
invalid_pos (int, optional, default -1) – the position of the padding value.
1.4. secml_malware.attack.whitebox.c_end2end_evasion module
- class secml_malware.attack.whitebox.c_end2end_evasion.CEnd2EndMalwareEvasion(end2end_model: secml_malware.models.c_classifier_end2end_malware.CClassifierEnd2EndMalware, indexes_to_perturb: list, iterations: int = 100, is_debug: bool = False, random_init: bool = False, threshold: float = 0.5, penalty_regularizer: float = 0, store_checkpoints: Optional[int] = None)
Bases:
secml.adv.attacks.evasion.c_attack_evasion.CAttackEvasion
Base abstract class for implementing end-to-end evasion attacks against malware detectors.
- abstract apply_feature_mapping(x) secml.array.c_array.CArray
- abstract compute_penalty_term(original_x: secml.array.c_array.CArray, adv_x: secml.array.c_array.CArray, par: float) float
- create_real_sample_from_adv(original_file_path: str, x_adv: secml.array.c_array.CArray, new_file_path: Optional[str] = None) bytearray
Create a real adversarial example
- Parameters
original_file_path (str) – the original malware sample
x_adv (CArray) – the perturbed malware sample, as created by the optimizer
new_file_path (str, optional, default None) – the path where to save the adversarial malware. Leave None to not save the result to disk
- Returns
the adversarial malware, as string of bytes
- Return type
bytearray
- f_eval()
Returns the number of function evaluations made during the attack.
- grad_eval()
Returns the number of gradient evaluations made during the attack.
- abstract infer_step(x_init) secml.array.c_array.CArray
- abstract invert_feature_mapping(x, x_adv) secml.array.c_array.CArray
- abstract loss_function_gradient(original_x: secml.array.c_array.CArray, adv_x: secml.array.c_array.CArray, penalty_term: torch.Tensor)
- objective_function(x)
Objective function.
- Parameters
x (CArray or CDataset) –
- Returns
f_obj
- Return type
float or CArray of floats
- objective_function_gradient(x)
Gradient of the objective function.
- abstract optimization_solver(E, gradient_f, index_to_consider, x_init) secml.array.c_array.CArray
1.5. secml_malware.attack.whitebox.c_extend_dos_evasion module
- class secml_malware.attack.whitebox.c_extend_dos_evasion.CExtendDOSEvasion(end2end_model: secml_malware.models.c_classifier_end2end_malware.CClassifierEnd2EndMalware, pe_header_extension: int = 512, iterations: int = 100, is_debug: bool = False, random_init: bool = False, threshold: float = 0.5, penalty_regularizer: float = 0, chunk_hyper_parameter: Optional[int] = None)
Bases:
secml_malware.attack.whitebox.c_format_exploit_evasion.CFormatExploitEvasion
DOS header extension attack
1.6. secml_malware.attack.whitebox.c_fast_gradient_sign_evasion module
- class secml_malware.attack.whitebox.c_fast_gradient_sign_evasion.CFastGradientSignMethodEvasion(end2end_model: secml_malware.models.c_classifier_end2end_malware.CClassifierEnd2EndMalware, indexes_to_perturb: list, epsilon: float, iterations: int = 100, is_debug: bool = False, random_init: bool = False, threshold: float = 0.5, penalty_regularizer: float = 0, p_norm: float = inf, store_checkpoints: Optional[int] = None)
Bases:
secml_malware.attack.whitebox.c_end2end_evasion.CEnd2EndMalwareEvasion
Creates the basic attack that implements the Fast Gradient Sign Method for the Windows malware domain. The original attack has been proposed by Goodfellow et al. (https://arxiv.org/abs/1412.6572)
- apply_feature_mapping(x: secml.array.c_array.CArray)
- compute_penalty_term(original_x: secml.array.c_array.CArray, adv_x: secml.array.c_array.CArray, par: float)
- infer_step(x_init)
- invert_feature_mapping(x, x_adv)
- loss_function_gradient(original_x: secml.array.c_array.CArray, adv_x: secml.array.c_array.CArray, penalty_term: torch.Tensor)
- optimization_solver(E, gradient_f, index_to_consider, x_init)
1.7. secml_malware.attack.whitebox.c_format_exploit_evasion module
- class secml_malware.attack.whitebox.c_format_exploit_evasion.CFormatExploitEvasion(end2end_model: secml_malware.models.c_classifier_end2end_malware.CClassifierEnd2EndMalware, preferable_extension_amount: int = 512, pe_header_extension: int = 512, iterations: int = 100, is_debug: bool = False, random_init: bool = False, threshold: float = 0.5, penalty_regularizer: float = 0, chunk_hyper_parameter: Optional[int] = None)
Bases:
secml_malware.attack.whitebox.c_discretized_bytes_evasion.CDiscreteBytesEvasion
- create_real_sample_from_adv(original_file_path: str, x_adv: secml.array.c_array.CArray, new_file_path: Optional[str] = None) bytearray
Create a real adversarial example
- Parameters
original_file_path (str) – the original malware sample
x_adv (CArray) – the perturbed malware sample, as created by the optimizer
new_file_path (str, optional, default None) – the path where to save the adversarial malware. Leave None to not save the result to disk
- Returns
the adversarial malware, as string of bytes
- Return type
bytearray
1.8. secml_malware.attack.whitebox.c_header_evasion module
- class secml_malware.attack.whitebox.c_header_evasion.CHeaderEvasion(end2end_model: secml_malware.models.c_classifier_end2end_malware.CClassifierEnd2EndMalware, index_to_perturb: Optional[list] = None, iterations: int = 100, is_debug: bool = False, random_init: bool = False, optimize_all_dos: bool = False, threshold: float = 0, penalty_regularizer: int = 0)
Bases:
secml_malware.attack.whitebox.c_discretized_bytes_evasion.CDiscreteBytesEvasion
Creates the attack that perturbs the header of a Windows PE malware.
1.9. secml_malware.attack.whitebox.c_kreuk_evasion module
- class secml_malware.attack.whitebox.c_kreuk_evasion.CKreukEvasion(end2end_model: secml_malware.models.c_classifier_end2end_malware.CClassifierEnd2EndMalware, how_many_padding_bytes: int, epsilon: float, iterations: int = 100, is_debug: bool = False, threshold: float = 0.5, p_norm: float = inf, compute_slack: bool = True, store_checkpoints: Optional[int] = None)
Bases:
secml_malware.attack.whitebox.c_fast_gradient_sign_evasion.CFastGradientSignMethodEvasion
1.10. secml_malware.attack.whitebox.c_padding_evasion module
- class secml_malware.attack.whitebox.c_padding_evasion.CPaddingEvasion(end2end_model: secml_malware.models.c_classifier_end2end_malware.CClassifierEnd2EndMalware, how_many: int, iterations: int = 100, is_debug: bool = False, random_init: bool = False, threshold: float = 0, penalty_regularizer: int = 0)
Bases:
secml_malware.attack.whitebox.c_discretized_bytes_evasion.CDiscreteBytesEvasion
Constructs an attack object that append one byte at time.
1.11. secml_malware.attack.whitebox.c_shift_evasion module
- class secml_malware.attack.whitebox.c_shift_evasion.CContentShiftingEvasion(end2end_model: secml_malware.models.c_classifier_end2end_malware.CClassifierEnd2EndMalware, preferable_extension_amount=512, iterations: int = 100, is_debug: bool = False, random_init: bool = False, threshold: float = 0.5, penalty_regularizer: float = 0, chunk_hyper_parameter: Optional[int] = None)
Bases:
secml_malware.attack.whitebox.c_format_exploit_evasion.CFormatExploitEvasion
Content shifting attack
1.12. secml_malware.attack.whitebox.c_suciu_evasion module
- class secml_malware.attack.whitebox.c_suciu_evasion.CSuciuEvasion(end2end_model: secml_malware.models.c_classifier_end2end_malware.CClassifierEnd2EndMalware, how_many_padding_bytes: int, epsilon: float, is_debug: bool = False, threshold: float = 0.5, compute_slack: bool = True)
Bases:
secml_malware.attack.whitebox.c_kreuk_evasion.CKreukEvasion