def index(self):
step = functions.readfile()
return '<form action="stepper" method="GET">' \
'<p>Combien de tour (en degré, pas de 10) ?</p>' \
'<p><input type="numeric" name="step" value="{}"/></p>' \
'<p><input type="submit" value="OK" /></p>' \
'</form>'.format(step)
def stepper(self, step):
old_step = functions.readfile() # 360
new_step = int(step) # 60
if new_step > 360 : new_step = 0
functions.writefile(new_step)
if functions.rotor(old_step,new_step):
return '''
<p>Tour terminé</p>
<p><a href="./">Retour</a></p>
'''
else :
return '''
def main(option, scanner):
# Defining paths
mod_path = "samples/mod/"
evasion_path = "samples/successful/"
detected_path = "samples/successful/detected/"
# Argument parsing & displaying __doc__
parser = ArgumentParser(description=__doc__)
parser.add_argument("-s",
dest="myFilenameVariable",
required=False,
help="malware sample as input",
metavar="sample")
parser.add_argument("-p",
dest="myFilenameVariable",
required=True,
help="number of perturbations to inject",
metavar="perturbations")
parser.add_argument("-r",
dest="myFilenameVariable",
required=False,
help="number of rounds to run",
metavar="rounds")
parser.add_argument("-m",
dest="myFilenameVariable",
required=True,
help="number of manipulated files expected",
metavar="mutations exp.")
parser.add_argument("-t",
dest="myFilenameVariable",
required=False,
help="run until detections are below threshold",
metavar="detection thresh.")
args = parser.parse_args()
# Processing input from terminal
sample, n, rounds, files_expected, detection_threshold = i.handling_input(
sys.argv)
# Convert malware sample into binaries
bin_bytes = f.readfile(sample)
# ARMED: Fixed length of sequence -- Using remote/local sandbox (HT/Cuckoo) + remote (VT)/local detection
if option == 'ARMED':
start_ARMED = time()
i.armed(bin_bytes, sample, n, rounds, files_expected,
detection_threshold, scanner)
f.time_me(start_ARMED)
# ARMED II: Incremental Iterations of perturbations' sequence -- Using local sandbox + local detection
elif option == 'ARMED2':
start_ARMED2 = time()
i.armed2(bin_bytes, sample, n, rounds, files_expected, scanner)
f.time_me(start_ARMED2)
# AIMED: Fixed length & optimized order of perturbations -- GP with local sandbox + detection
elif option == 'AIMED':
size_population = 4 # & n = length_sequence (number of perturbations)
start_AIMED = time()
i.aimed(bin_bytes, sample, size_population, n, files_expected, scanner)
f.time_me(start_AIMED)
# COMPARE: Examine intelligent evolutionary algorithm against random (AIMED vs ARMED)
elif option == 'COMPARE':
start_COMPARE = time()
i.comparing(bin_bytes, sample, n, rounds, files_expected,
detection_threshold, scanner)
f.time_me(start_COMPARE)
def malware_detection(mutation, snapshot):
'''
Detecting malware samples using local scanners.
Use malware classifiers from industry or academia:
Gradient Boosting [Anderson et al. 2018]: Trained with 100k
malicious and benign samples and achieves ROC-AUC = 0.993
Threshold of 0.9 correponds to 1% FPR at 90% TPR
A functionality (beta)-test has been added that overcomes the
processing time of Cuckoo by 1/3 reducing from 45 to 15 s.
'''
start = time()
detect = False
vm = "Windows7-Detection"
path_m = 'e:\\mod\\'
if not (snapshot == 'GradientBoosting' or snapshot == 'Functionality'):
print('Engines supported: GradientBoosting')
sys.exit()
# Pre-trained Gradient Boosting Model
if snapshot == 'GradientBoosting':
av_model = f.load_av('data/gradient_boosting.pkl')
bin_bytes = f.readfile(mod_path + mutation)
score = f.get_score_local(bin_bytes, av_model)
if score > 0.9: # As per paper
print('\nMalware detected.\n')
return True
else:
print('\nSample not detected.\n')
return False
# Start & restore the VM (headless = invisible)
state = check_output(['VBoxManage', 'showvminfo', vm]).decode('UTF-8')
if "powered off" in state or "saved" in state:
call([
'VBoxManage', 'snapshot', vm, 'restore',
'Windows7-' + snapshot + '-Ready'
])
call(['VBoxManage', 'startvm', vm, '--type', 'headless'])
elif "paused" in state:
call(['VBoxManage', 'controlvm', vm, 'resume', '--type', 'headless'])
try:
# Beta-test to check functionality (Reduces time of Cuckoo by 1/3 but needs further testing)
if snapshot == "Functionality":
try:
status = check_output([
'timeout', '10', 'VBoxManage', 'guestcontrol', vm,
'--username', 'user', '--password', 'sandbox', 'run',
'--exe', path_m + mutation
])
except Exception as err:
if 'returned non-zero exit status 1.' in str(err):
print('\nMutation corrupt!\n')
valid = False
else:
print('\nMutation WORKING!\n')
valid = True
return valid
except CalledProcessError as err:
state = err
# Terminate the running process
if snapshot != "Functionality":
s.kill()
# Pause the VM – Use pause only if power-off is on main()
#call(['VBoxManage', 'controlvm', vm, 'pause', '--type', 'headless'])
# Power off the VM
call(['VBoxManage', 'controlvm', vm, 'poweroff'])
# Show total time in hh:mm:ss
f.time_me(start)
return detect
# window function
# plot
#
import functions
command=[' ']
data=[]
nmrdict={}
while (command[0]!='exit') and (command[0]!='quit'):
if command[0]=='re': #read
try:
data=functions.readfile(command[1])
nmrdict['fid']=data
except Exception as inst:
print "File missing"
print type(inst)
elif command[0]=='rpar': #get params
try:
(params,data)=functions.readpar(command[1],nmrdict['fid'])
except Exception as inst:
print type(inst)
else:
nmrdict['fid']=data
nmrdict['params']=params