Skip to content
/ ralph Public
forked from ASSERT-KTH/ralph

re-implementation of the Minos webassembly malware detector

Notifications You must be signed in to change notification settings

Jacarte/ralph

 
 

Repository files navigation

re-implementation of the Minos WebAssembly malware detector

Live Demo here. SPOILER !! we do run in the browser :)

Requirements

  • Python 3.9.9

Installation

  • virtualenv -p <python3.9.9> ralph
  • source ralph/bin/activate
  • pip install -r requirements.txt

Generate the datasets from sratch

  • source ralph/bin/activate
  • cd scripts
  • bash generate_datasets_from_scratch.sh "https://zenodo.org/record/5832621/files/wasms.zip"

Train the model

  • Train and save the h5 model python3 minos.py train -b datasets/original_benign.csv -m datasets/original_malign.csv --model model.h5
  • Train and save the h5 model and also the onnx model python3 minos.py train -b datasets/original_benign.csv -m datasets/original_malign.csv --model model.onnx

Infer from a Wasm binary

  • python3 minos.py predict -i test.wasm

Repo structure

  • .gihub: Contains the CI jobs to train and save the models in the artifact storage
  • scripts: MINOS implementation(minos.py), the scripts to turn Wasm binaries into 100x100 grayscale images, and the wasm_wrapper to make browser client inference with the already trained model.
  • scripts/wasm_wrapper: Source of the Wasm wrapping of the model. Make sure you have installed Emscripten, otherwise it wont compile.

About

re-implementation of the Minos webassembly malware detector

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Jupyter Notebook 98.8%
  • Other 1.2%