secml-malware python library 源码分析及实践

Github地址:https://github.com/pralab/secml_malware

可以按照库的readme,通过pip安装

因为我需要对于库源码进行较大的改动,可以我通过以下方式安装

bash 复制代码
# 克隆源码
git clone https://github.com/pralab/secml_malware.git
cd secml_malware

# 创建虚拟环境
conda create -n secml_malware_local_env python=3.9
conda activate secml_malware_local_env

# 安装依赖
pip install -r requirements.txt
# 如果ember库安装失败,可以手动下载到本地安装(需要注释掉 requirements.txt中的git+https://github.com/zangobot/ember.git)
git clone https://github.com/zangobot/ember.git
cd ember
pip install .

# 关键:用"开发模式"安装secml-malware(Python import 的就是你当前目录源码)
pip install -e .

运行攻击代码示例代码:

python 复制代码
import numpy as np
from pathlib import Path

from secml.array import CArray
from secml_malware.models.malconv import MalConv
from secml_malware.models.c_classifier_end2end_malware import CClassifierEnd2EndMalware
from secml_malware.attack.blackbox.c_wrapper_phi import CEnd2EndWrapperPhi
from secml_malware.attack.blackbox.c_black_box_padding_evasion import CBlackBoxPaddingEvasionProblem
from secml_malware.attack.blackbox.ga.c_base_genetic_engine import CGeneticAlgorithm


# ===============================
# Load model
# ===============================
print("[*] Loading model...")
model = MalConv()
clf = CClassifierEnd2EndMalware(model)
clf.load_pretrained_model()
clf._model = clf._model.cpu()

net = CEnd2EndWrapperPhi(clf)


# ===============================
# Save adversarial sample
# ===============================
def save_adv(x_adv, path):
    arr = x_adv.tondarray().flatten()
    
    # 去 padding(256)
    arr = arr[arr != 256]
    
    # 限制范围
    arr = np.clip(arr, 0, 255)
    
    # 转 uint8
    arr = arr.astype(np.uint8)
    
    with open(path, "wb") as f:
        f.write(bytes(arr))


# ===============================
# Paths
# ===============================
samples_dir = Path("/data/xjw/workspace/dataset/sorel-20m/benign/")
out_dir = Path("results")
adv_dir = out_dir / "adv"
out_dir.mkdir(exist_ok=True)
adv_dir.mkdir(exist_ok=True)


# ===============================
# Attack loop
# ===============================
for i, sample_path in enumerate(samples_dir.iterdir()):
    if i >= 100:
        break
    if not sample_path.is_file():
        continue

    print(f"\n[*] {sample_path.name}")

    # 读取文件
    with open(sample_path, "rb") as f:
        code = f.read()

    x = CArray(np.frombuffer(code, dtype=np.uint8)).atleast_2d()

    # 原始预测
    _, conf = net.predict(x, True)
    orig_conf = conf[0, 1].item()
    print(f"    Original confidence: {orig_conf:.4f}")

    # 只攻击 benign
    if orig_conf >= 0.5:
        print("    Skip (already malware)")
        continue

    # 构建攻击
    problem = CBlackBoxPaddingEvasionProblem(
        net,
        how_many_padding_bytes=20000,
        population_size=50,
        iterations=100
    )

    ga = CGeneticAlgorithm(problem)

    # 运行攻击
    y_pred, adv_score, adv_ds, _ = ga.run(x, CArray([orig_conf]))

    final_conf = ga.confidences_[-1]
    print(f"    Final confidence: {final_conf:.4f}")

    # 保存结果
    adv_path = adv_dir / f"{sample_path.stem}_adv.exe"
    save_adv(adv_ds.X[0, :], adv_path)

    print(f"    Saved → {adv_path.name}")
相关推荐
三川69826 分钟前
Tkinter库的学习记录08- 容器控件
python
c_lb728831 分钟前
近期AI量化工具选择,学习开发执行要分开
人工智能·python
天天进步201536 分钟前
Python全栈项目--校园食堂点餐与推荐系统
开发语言·python
aaPIXa62237 分钟前
C++模板元编程:编译期计算Fibonacci数列
java·开发语言·c++
Ulyanov39 分钟前
雷达导引头体制演进、技术特点与数学模型
python·雷达电子对抗·导引头
eybk1 小时前
写一个可以编制pdf文件的python程序
开发语言·python·pdf
卷无止境1 小时前
从Python的cryptography库出发,从零开始理解密码学,到构建零信任网络
后端·python
YFJ_mily1 小时前
**Python 实战:写一个论文 PDF 投稿自检工具|附 IPAT 2026 智能光子学会议征稿信息
人工智能·python·pdf·量子计算·论文投稿·智能光子学
三川6981 小时前
Tkinter库的学习记录05-文本框Entry
python
cui_ruicheng1 小时前
Python从入门到实战(八):封装、多态与抽象类
开发语言·python