Secml-Malware: Pentesting Windows Malware Classifiers with Adversarial Exemples in Python

“…We implemented and open-sourced the library we used for computing these attacks, named secml-malware [33].…”

“…3) Padding and Section-Injection Attacks: In this work, we implement GAMMA using two different structural manipulation techniques, i.e., padding and section injection, and refer to them respectively as padding and section-injection attacks. While GAMMA can support most of the aforementioned manipulations via their open-source implementations in [33], we only consider padding and section-injection attacks in this work as they provide two representative examples of injecting content inside the sample with and without requiring manipulating additional header components (e.g., the section table). In particular, similarly to s.1−s.6, padding injects content into the unused space of the executable, without altering any other header component.…”

Functionality-Preserving Black-Box Optimization of Adversarial Windows Malware

“…We implemented and open-sourced the library we used for computing these attacks, named secml-malware [33].…”

“…3) Padding and Section-Injection Attacks: In this work, we implement GAMMA using two different structural manipulation techniques, i.e., padding and section injection, and refer to them respectively as padding and section-injection attacks. While GAMMA can support most of the aforementioned manipulations via their open-source implementations in [33], we only consider padding and section-injection attacks in this work as they provide two representative examples of injecting content inside the sample with and without requiring manipulating additional header components (e.g., the section table). In particular, similarly to s.1−s.6, padding injects content into the unused space of the executable, without altering any other header component.…”

Functionality-Preserving Black-Box Optimization of Adversarial Windows Malware

“…A few platforms are evaluating deep learning and image domain, like Cleverhans [15], Deepsec [14], Foolbox [16] and ART [39], but they do not take security domain knowledge into account, and cannot be directly transferred to cybersecurity. As a platform in the cybersecurity domain, secml-malware [40] can only evaluate the robustness of Windows malware detection, and there are few detection and attack algorithms, so it is not suitable to evaluate the adversarial robustness of ensemble technologies. In general, these platforms are not designed to ensemble and adaptive robust evaluation techniques in the cybersecurity domain.…”

Adversarial attacks on YOLACT instance segmentation

“…Demetrio and Biggio conducted research into different practical manipulations that could be applied to alter the file structure of Windows binaries to evoke a misclassification from machine learning-based antivirus programs [20]. Their research led to the development of a Python library, known as secml-malware, containing tools for generating adversarial examples for a given set of malware samples.…”

“…Their research led to the development of a Python library, known as secml-malware, containing tools for generating adversarial examples for a given set of malware samples. The library contains a variety of both white box and black box attacks that each make small, semantic changes to the input binary like deleting the DOS header, shifting the executable content, and padding the executable with random bytes, with the aim of deceiving malware classifiers that rely upon these features to return an accurate identification [20]. Uniquely, the module also includes GAMMA attacks that pad unused sections of the binary with known goodware (benign content) to mislead antivirus programs into assuming that the malware is legitimate software and classifying it as such.…”

Dissecting Malware in the Wild