Add more mutations

Currently, the tool makes the following mutations to the malware file

Add imports received from GAN
Add sections received from GAN
Append bytes to sections
Rename sections
UPX pack
UPX unpack
Add/Remove signature
Append a random number of bytes

To add your own mutations, follow the below steps

Step 1: Add the function

Make sure not to break the binary by modifying the PE format. Test your mutation before using it for training.

Go to gym_malware/envs/controls/manipulate2 and add a function in the MalwareManipulator class

class MalwareManipulator(object):
    
    def add_your_mutation(self, seed=None):
    # self.bytez is the variable that stores the binary 
    # you can make modifications to self.bytez
    # return self.bytez

    def overlay_append(self, seed=None):

Once the function is built, make sure to add the function name in the ACTION_TABLE in gym_malware/envs/controls/manipulate2

ACTION_TABLE = {
    # 'do_nothing': identity,
    'overlay_append': 'overlay_append',
    'section_rename' : 'section_rename',
    'add_signature' : 'add_signature',
    'section_add' : 'section_add',
    'imports_append' : 'imports_append',
    'remove_signature': 'remove_signature',
    'upx_pack' : 'upx_pack'
    'upx_unpack' : 'upx_unpack'
    '<your-mutation-function>' : '<your-mutation-function>'
}

PreviousTrain models against your custom classifier NextConclusion

Last updated 5 years ago

Was this helpful?