An evolutionary framework for evading machine learning-based malware classifiers.
CSS HTML Python JavaScript Other
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
classifiers
content
layouts
lib
public
samples
themes
utils
LICENSE
Makefile
README.md
batch.py
config.toml
gp.py
project.conf.template

README.md

============= EvadeML v1.0


An Evolutionary Framework for Evading Machine Learning-based Malware Classifiers

Weilin Xu, Yanjun Qi, and David Evans
University of Virginia

Installation

Several external libraries are required in the project.

Configuration

Copy the template and change to your own configuration.

cp project.conf.template project.conf
vim project.conf

Running

First start the centralized detection agent with pre-defined malware signatures.

$ ./utils/detection_agent_server.py ./utils/36vms_sigs.pickle

Second, run a program to select several benign PDF files as external genome.

$ ./utils/generate_ext_genome.py [classifier_name] [benign_sample_folder] [file_number]

Now we can start the main program ./gp.py with a long list of arguments. The helper script ./batch.py should be helpful in large scale experiments.

./batch.py [classifier_name] [ext_genome_folder] [round_id]

Add a new classifier to evade

Adding more target classifiers to the framework is trivial.

  1. Add a wrapper in ./classifiers/ like pdfrate_wrapper.py::pdfrate()
  2. Implement a fitness function in ./lib/fitness.py like fitness_pdfrate(), and specify a switch in gp.py
  3. Import the wrapper function in ./utils/detection_agent_server.py like pdfrate(), and extend query_classifier() so that the main program could call the detector through lib.detector.query_classifier().