-
Notifications
You must be signed in to change notification settings - Fork 48
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #224 from mldiego/master
DSN 2024 - malware examples
- Loading branch information
Showing
20 changed files
with
3,336 additions
and
26 deletions.
There are no files selected for viewing
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
# Case Study: Neural Network Malware Detection Verification for Feature and Image Datasets | ||
|
||
Publication: https://doi.org/10.1145/3644033.3644372 | ||
|
||
Code: https://github.com/pkrobinette/verify_malware | ||
|
||
#### Citation | ||
``` | ||
@inproceedings{10.1145/3644033.3644372, | ||
author = {Robinette, Preston K. and Manzanas Lopez, Diego and Serbinowska, Serena and Leach, Kevin and Johnson, Taylor T}, | ||
title = {Case Study: Neural Network Malware Detection Verification for Feature and Image Datasets}, | ||
year = {2024}, | ||
isbn = {9798400705892}, | ||
publisher = {Association for Computing Machinery}, | ||
address = {New York, NY, USA}, | ||
url = {https://doi.org/10.1145/3644033.3644372}, | ||
doi = {10.1145/3644033.3644372}, | ||
booktitle = {Proceedings of the 2024 IEEE/ACM 12th International Conference on Formal Methods in Software Engineering (FormaliSE)}, | ||
pages = {127–137}, | ||
numpages = {11}, | ||
location = {, Lisbon, Portugal, }, | ||
series = {FormaliSE '24} | ||
} | ||
``` |
25 changes: 25 additions & 0 deletions
25
code/nnv/examples/Submission/VNN_COMP2024/processResults.m
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
res_dir = "results_approx_acasxu/"; | ||
|
||
ss = dir(res_dir + "*.txt"); | ||
|
||
nP = length(ss); % number of properties | ||
|
||
vRes(nP) = string; | ||
vTime(nP) = string; | ||
|
||
for i=1:nP | ||
fileName = res_dir + ss(i).name; | ||
iN = split(fileName, "_"); | ||
iN = split(iN{end}, '.'); | ||
iN = str2double(iN{1}); | ||
fid = fopen(fileName, "r"); | ||
vRes(iN) = fgetl(fid); | ||
vTime(iN) = fgetl(fid); | ||
end | ||
|
||
resTable = table(vRes', vTime'); | ||
|
||
unsat = sum(count(vRes, "unsat")); | ||
sat = sum(count(vRes, "sat", "IgnoreCase",true)); | ||
unknown = sum(count(vRes, "unknown")); | ||
sat = sat - unsat; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
## BODMAS: An Open Dataset for Learning based Temporal Analysis of PE Malware | ||
|
||
Dataset info: https://github.com/whyisyoung/BODMAS | ||
|
||
Publication: https://liminyang.web.illinois.edu/data/DLS21_BODMAS.pdf | ||
|
||
|
||
#### Summary | ||
``` | ||
BODMAS dataset includes 57,293 malware samples and 77,142 benign samples (134,435 in total). | ||
The malware samples are randomly sampled each month from a security company’s internal malware database. | ||
- The data collection was performed from August 29, 2019, to September 30, 2020. | ||
- The benign samples were collected from January 1, 2007, to September 30, 2020. | ||
- The dataset covers 581 malware families. | ||
- These malware samples are from a diverse set of malware categories (14 categories in total). | ||
- The most prevalent categories are Trojan (29,972 samples), Worm (16,697 samples), Backdoor (7,331 samples), Downloader (1,031 samples), and Ransomware (821 samples). | ||
``` | ||
Due to large data size, we only provide a subset of 500 samples for this tutorial. | ||
|
||
|
||
#### Tutorial | ||
Perform local robustness verification for a malware verifier trained on the BODMAS dataset. | ||
|
||
Verification examples: | ||
``` | ||
1. Adversarial perturbations of continuous variables. | ||
2. Adversarial perturbations of discrete variables. | ||
3. Adversarial perturbations of continuous & discrete variables. | ||
4. Adversarial perturbations of all variables. | ||
``` | ||
|
||
Verification examples from [Formalise 2024](https://doi.org/10.1145/3644033.3644372) and [AiSOLA 2023](https://doi.org/10.1007/978-3-031-46002-9_17) | ||
|
Oops, something went wrong.