def classify(self, samples): global min_score # Run model generation_input = [sample.features for sample in samples] generation_labels = [sample.label for sample in samples] with nostdout(): p_labs, p_acc, p_vals = liblinearutil.predict( generation_labels, generation_input, model, '-b 1') for i, val in enumerate(p_vals): samples[i].score = val[1] samples.sort(key=lambda sample: sample.score) generation_best_score = samples[0].score if generation_best_score < self.min_score: self.min_score = generation_best_score std_logger.info("Fitness: " + str(generation_best_score)) std_logger.debug("----------Sorted samples----------") for sample in samples: std_logger.debug(sample.stringify()) std_logger.debug("----------------------------------") return samples
def reset_generation(self, seed): self.generation = list() with nostdout(): p_labs, p_acc, p_vals = liblinearutil.predict([seed.label], [seed.features], model, '-b 1') seed.score = p_vals[0][1] self.best_cumulative_extra = [seed] * sample_size
def classify(self, samples): """ Query Marvin classifier implemented with LIBLINEAR :param samples: Samples to classify :return: Confidence scores """ with nostdout(): labels = [sample.label for sample in samples] features = [sample.features for sample in samples] p_labs, p_acc, p_vals = liblinearutil.predict( labels, features, self.model, '-b 1') return [val[1] for val in p_vals]
def evasion_thread(id, malicious_samples, evasive_output): std_logger, feature_logger = init_logger(id) evasive_file = open(evasive_output, "w+") for malicious_sample in malicious_samples: malicious = load_record(malicious_sample) malicious_orig = copy.deepcopy(malicious) best_probs = [1.0, 0.0] best_feat = -1 std_logger.debug("------------------------------") # print("------------------------------") std_logger.info(malicious_orig.stringify()) for i in range(15): mutation_list = [] mutation_labels = [] for feat in benign_list: malicious.features[feat] = 1 mutation_list.append(malicious.features) mutation_labels.append(malicious.label) malicious = copy.deepcopy(malicious_orig) with nostdout(): p_labs, p_acc, p_vals = liblinearutil.predict( mutation_labels, mutation_list, model, '-b 1') best_feat_index, best_probs = min(enumerate(p_vals), key=lambda vals: vals[1][0]) best_feat = benign_list[best_feat_index] # print("Feat: " + str(best_feat) + ", prob: " + str(best_probs)) std_logger.info(str(best_feat) + ": " + str(best_probs)) feature_logger.info(str(best_feat)) malicious_orig.features[best_feat] = 1 malicious = copy.deepcopy(malicious_orig) if best_probs[0] < 0.5: std_logger.warning("Success | Final: " + str(best_probs[0]) + " | Mutations: " + str(i + 1)) evasive_file.write(malicious.sparse_arff()) break # print("Success - final prob: " + str(best_probs[0])) if best_probs[0] > 0.5: std_logger.warning("Failure | Final prob: " + str(best_probs[0]))
def mutate(model_file, malicious_file, evasive_output): (std_logger, feature_logger) = init() model = liblinearutil.load_model(model_file) with open("seeds/training_1.benign", "r") as f: benign = util.load_record(f.read()) print("------------------------------") print("Total features: " + str(len(benign.features.keys()))) print("------------------------------") benign_list = list(benign.features.keys()) with open(malicious_file, "r") as f: malicious_samples = f.readlines() evasive_file = open(evasive_output, "w+") malicious_sample_size = len(malicious_samples) for sample_num, malicious_sample in enumerate(malicious_samples): malicious = util.load_seed(malicious_sample) malicious_orig = copy.deepcopy(malicious) best_probs = [1.0, 0.0] best_feat = -1 std_logger.debug("------------------------------") # print("------------------------------") std_logger.info(malicious_orig.stringify()) for i in range(15): mutation_list = [] mutation_labels = [] for feat in benign_list: malicious.features[feat] = 1 mutation_list.append(malicious.features) mutation_labels.append(malicious.label) malicious = copy.deepcopy(malicious_orig) with nostdout(): p_labs, p_acc, p_vals = liblinearutil.predict(mutation_labels, mutation_list, model, '-b 1') best_feat_index, best_probs = min(enumerate(p_vals), key=lambda vals: vals[1][1]) best_feat = benign_list[best_feat_index] # print("Feat: " + str(best_feat) + ", prob: " + str(best_probs)) std_logger.info(str(best_feat) + ": " + str(best_probs)) feature_logger.info(str(best_feat)) malicious_orig.features[best_feat] = 1 malicious = copy.deepcopy(malicious_orig) if best_probs[1] < 0.5: std_logger.warning("Success | Final: " + str(best_probs[0]) + " | Mutations: " + str(i+1)) evasive_file.write(malicious.sparse_arff()) break # print("Success - final prob: " + str(best_probs[0])) if best_probs[1] > 0.5: std_logger.warning("Failure | Final prob: " + str(best_probs[0])) if malicious_sample_size > 20 and sample_num % int(malicious_sample_size/20) == 0: print("Progress: " + str(round(sample_num/malicious_sample_size*100)) + "%") evasive_file.close() print("------------------------------") subprocess.run(["./util/postprocess.sh", "assisted_mutation"]) print("------------------------------")
malicious = load_record(malicious_sample) malicious_orig = copy.deepcopy(malicious) best_probs = [1.0, 0.0] best_feat = -1 std_logger.debug("------------------------------") print("------------------------------") std_logger.info(malicious_orig.stringify()) for i in range(15): for feat in benign_list: malicious.features[feat] = 1 with nostdout(): p_labs, p_acc, p_vals = liblinearutil.predict([malicious.label], [malicious.features], model, '-b 1') score = p_vals[0][0] inv_score = p_vals[0][1] if best_probs[0] > score: best_probs = [score, inv_score] best_feat = feat malicious = copy.deepcopy(malicious_orig) # print("Feat: " + str(best_feat) + ", prob: " + str(best_probs)) std_logger.info(str(best_feat) + ": " + str(best_probs)) feature_logger.info(str(best_feat)) malicious_orig.features[best_feat] = 1 malicious = copy.deepcopy(malicious_orig)