Skip to content
master
Switch branches/tags
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

An artificial neural network and API to detect Windows malware, based on Ergo and LIEF.

Installation

cd /path/to/ergo-pe-av
sudo pip3 install -r requirements.txt

Use as an API

ergo serve /path/to/ergo-pe-av --classes "clean, malware"

From the client, to scan a file that the server can access too:

curl "http://localhost:8080/?x=/path/to/file.exe"
# or
curl --data "x=/path/to/file.exe" "http://localhost:8080/"

To upload the whole file:

curl -F "x=@/path/to/file.exe" "http://localhost:8080/"

To encode a file to a vector of raw features:

curl -F "x=@/path/to/file.exe" "http://localhost:8080/encode"

To scan a vector of raw features:

curl --data "x=0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,1.0,0.0,0.0,0.847058823529,......" "http://localhost:8080/"

Model Statistics

The dataset is made of ~200000 samples divided in two subfolders:

  • classes/pe-malicious with 100000 malware samples from VirusTotal
  • classes/pe-clean with 100000 clean samples

The dataset.csv training file has been generated with:

ergo encode ergo-pe-av /media/evilsocket/4TB/datapath-pe/classes --filter "*.exe"
Training ROC/AUC
Training Validation Testing

License

Made with by the dev team and it is released under the GPL 3 license.

About

🧠 🦠 An artificial neural network and API to detect Windows malware, based on Ergo and LIEF.

Topics

Resources

License

Releases

No releases published

Packages

No packages published

Languages