Giters

SonjoyKP / ml-based-malware-defender-and-attack

Project for CSCE 689 601: SPTP: ML-BASED CYBER DEFENSES

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Machine Learning-Based Malware Detection and Attack Challenge

CSCE 689: Machine Learning-Based CyberDefenses (Spring 2024) - Texas A&M University, College Station

Defenders Challenge Specifications:

Deliverable: Self-contained docker image with model querying via HTTP requests.

 Hint: There are docker and web server templates in the MLSEC code made available to you.

Goals:

 FPR: 1%

 TPR: 95%

Constraints:

 Memory: 1 GB max RAM

 Response time: 5 seconds per sample

      Warning: Timeouts will be considered evasions.

Attackers Challenge Specifications:

Deliverable: Evasive Malware Binaries.

Goals:

 Evade the most models possible.

Constraints:

 Maximum file size: 5MB of appended data.

 Evasive sample execution in the sandbox must be equivalent to the original sample.

Minimum score for grading:

At least one sample must bypass at least one model.

ScoreBoard

We are team2 (Sonjoy Kumar Paul, Eric Muller, and Nhat Nguyen), here is the scoreboard.

Instructions for running:

Pickle Files (our machine learning models) are in google drive (https://drive.google.com/file/d/1SQ3ECf8cORC2tyyho9b6NXCtgNh8yJb2/view?usp=sharing).

Please get models from google drive, put pickle file (NES_MK1.pkl and NES_MK2.pkl) of model into defender/models folder.

Build Docker Image for Our Defender Model

  1. docker build -t mydefender .
  2. docker run -itp 8080:8080 --memory=1.0g --cpus=1 mydefender

Docker Hub Images for all teams defense models

For Team1 defense docker:

docker pull sonjoykp/ml-based-malware-defender:team1

docker run -itp 8081:8081 --memory=1.0g --cpus=1 sonjoykp/ml-based-malware-defender:team1

For Team2 defense docker (Our Team):

docker pull sonjoykp/ml-based-malware-defender:team2

docker run -itp 8082:8082 --memory=1.0g --cpus=1 sonjoykp/ml-based-malware-defender:team2

For Team3 defense docker:

docker pull vva2/defender:1.0.2

docker run -itp 8080:8080 --memory=1.0g --cpus=1 vva2/defender:1.0.2

For Team4 defense docker:

docker pull sonjoykp/ml-based-malware-defender:team4

docker run -itp 8084:8084 --memory=1.0g --cpus=1 sonjoykp/ml-based-malware-defender:team4

For Team5 defense docker:

docker pull sonjoykp/ml-based-malware-defender:team5

docker run -itp 8085:8085 --memory=1.0g --cpus=1 sonjoykp/ml-based-malware-defender:team5

For Team6 defense docker:

docker pull sonjoykp/ml-based-malware-defender:team6

docker run -itp 8086:8086 --memory=1.0g --cpus=1 sonjoykp/ml-based-malware-defender:team6

For Team7 defense docker:

docker pull sonjoykp/ml-based-malware-defender:team7

docker run -itp 8087:8087 --memory=1.0g --cpus=1 sonjoykp/ml-based-malware-defender:team7

Test Malware Defenders:

Intregated Test Suite (might need to modify port number):

python3 -m test -m /Users/skpaul/mac-tamu/malware-dataset/attack/dropped-folder -b /Users/skpaul/mac-tamu/malware-dataset/attack/benign-folder

Curl (might need to modify port number):

curl -XPOST --data-binary @/Users/skpaul/mac-tamu/dataset/dataset-by-professor/datasets-2/gw1/0012 http://127.0.0.1:8080/ -H "Content-Type: application/octet-stream"

About

Project for CSCE 689 601: SPTP: ML-BASED CYBER DEFENSES

License:MIT License

Languages

Language:YARA 93.0%Language:Python 2.4%Language:Jupyter Notebook 2.4%Language:C++ 2.2%Language:HTML 0.1%Language:Dockerfile 0.0%Language:C 0.0%Language:C# 0.0%Language:Shell 0.0%