Spaces:
Sleeping
Sleeping
santialferez
commited on
Commit
•
e9d7935
1
Parent(s):
887fa5a
first commit
Browse files- _codecs_cn.cp39-mingw_i686.pyd +0 -0
- app_gradio.py +72 -0
- binary2image.py +91 -0
- entropy_tester_classifier.pkl +3 -0
- model.pkl +3 -0
- requirements.txt +8 -0
- tempfile.png +0 -0
_codecs_cn.cp39-mingw_i686.pyd
ADDED
Binary file (140 kB). View file
|
|
app_gradio.py
ADDED
@@ -0,0 +1,72 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
# import io
|
2 |
+
# import base64
|
3 |
+
from PIL import Image
|
4 |
+
from fastai.vision.all import load_learner
|
5 |
+
from binary2image import get_size, save_file, get_binary_data
|
6 |
+
import gradio as gr
|
7 |
+
import numpy as np
|
8 |
+
import plotly.express as px
|
9 |
+
|
10 |
+
from scipy import stats
|
11 |
+
import pickle
|
12 |
+
|
13 |
+
## Loading the models
|
14 |
+
entropy_classifier = pickle.load(open('entropy_tester_classifier.pkl', 'rb'))
|
15 |
+
model_NonObf = load_learner("model.pkl", cpu=True) # change to "model_NonObf.pkl"
|
16 |
+
model_Shikata = load_learner("model.pkl", cpu=True) # change to "model_Shikata.pkl"
|
17 |
+
model_XOR = load_learner("model.pkl", cpu=True) # change to "model_XOR.pkl"
|
18 |
+
|
19 |
+
def entropy_tester(bin_data):
|
20 |
+
entropy = stats.entropy(bin_data,base=2)
|
21 |
+
pred = entropy_classifier.predict(
|
22 |
+
np.array(entropy).reshape(1, -1))
|
23 |
+
return pred[0]
|
24 |
+
|
25 |
+
def process_file(file):
|
26 |
+
greyscale_data = get_binary_data(file.name)
|
27 |
+
|
28 |
+
pred_entropy = entropy_tester(greyscale_data)
|
29 |
+
|
30 |
+
bin_size = get_size(len(greyscale_data))
|
31 |
+
save_file(".", "tempfile", greyscale_data, bin_size)
|
32 |
+
|
33 |
+
converted_filename = "tempfile.png"
|
34 |
+
|
35 |
+
# Make prediction depending on the type of obfuscation
|
36 |
+
if pred_entropy == "NonObf":
|
37 |
+
prediction, _, probas = model_NonObf.predict(converted_filename)
|
38 |
+
elif pred_entropy == "Shikata":
|
39 |
+
prediction, _, probas = model_Shikata.predict(converted_filename)
|
40 |
+
elif pred_entropy == "XOR":
|
41 |
+
prediction, _, probas = model_XOR.predict(converted_filename)
|
42 |
+
|
43 |
+
message = f"Your file is {prediction}!!!"
|
44 |
+
|
45 |
+
if pred_entropy == "NonObf": pred_entropy = "Non-Obfuscated"
|
46 |
+
|
47 |
+
# Convert probas to percentages
|
48 |
+
probas_percentage = [float(prob) * 100 for prob in probas]
|
49 |
+
|
50 |
+
fig = px.bar(x=["Goodware", "Malware"],
|
51 |
+
y=probas_percentage, labels={'x':'Type', 'y':'Probability (%)'},
|
52 |
+
height=300)
|
53 |
+
|
54 |
+
|
55 |
+
return pred_entropy, message, fig, Image.open("tempfile.png")
|
56 |
+
|
57 |
+
# Define the layout using Blocks, Row, and Column
|
58 |
+
with gr.Blocks() as demo:
|
59 |
+
with gr.Column(scale=1):
|
60 |
+
file = gr.File(label="Upload Executable File")
|
61 |
+
with gr.Row():
|
62 |
+
with gr.Column():
|
63 |
+
text1 = gr.Textbox(label="Prediction")
|
64 |
+
prob_dist_img = gr.Plot(label="Probability Distribution")
|
65 |
+
with gr.Column():
|
66 |
+
text0 = gr.Textbox(label="Type of Obfuscation")
|
67 |
+
converted_img = gr.Image(label="Converted Image", height=300)
|
68 |
+
|
69 |
+
button = gr.Button(value="Process File")
|
70 |
+
button.click(process_file, inputs=[file], outputs=[text0, text1, prob_dist_img, converted_img])
|
71 |
+
|
72 |
+
demo.launch()
|
binary2image.py
ADDED
@@ -0,0 +1,91 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
"""Binary to Image Converter."""
|
2 |
+
import os
|
3 |
+
from argparse import ArgumentParser
|
4 |
+
from PIL import Image
|
5 |
+
from tqdm import tqdm
|
6 |
+
|
7 |
+
|
8 |
+
def get_binary_data(filename):
|
9 |
+
"""Extract byte values from binary executable file and store them in list.
|
10 |
+
|
11 |
+
:param file: executable file
|
12 |
+
:return: byte value list
|
13 |
+
"""
|
14 |
+
binary_values = []
|
15 |
+
with open(filename, "rb") as file:
|
16 |
+
while byte := file.read(1):
|
17 |
+
binary_values.append(ord(byte))
|
18 |
+
|
19 |
+
return binary_values
|
20 |
+
|
21 |
+
|
22 |
+
def get_size(data_length):
|
23 |
+
"""Obtain image size.
|
24 |
+
|
25 |
+
Source: Malware images: visualization and automatic classification.
|
26 |
+
:param data_length: Number of bytes in file
|
27 |
+
:return: size as integer tuple
|
28 |
+
"""
|
29 |
+
size = data_length
|
30 |
+
kib = 2**10
|
31 |
+
|
32 |
+
if size < 10 * kib:
|
33 |
+
width = 32
|
34 |
+
elif size < 30 * kib:
|
35 |
+
width = 64
|
36 |
+
elif size < 60 * kib:
|
37 |
+
width = 128
|
38 |
+
elif size < 100 * kib:
|
39 |
+
width = 256
|
40 |
+
elif size < 200 * kib:
|
41 |
+
width = 384
|
42 |
+
elif size < 500 * kib:
|
43 |
+
width = 512
|
44 |
+
elif size < 1000 * kib:
|
45 |
+
width = 768
|
46 |
+
else:
|
47 |
+
width = 1024
|
48 |
+
|
49 |
+
height = size // width + 1
|
50 |
+
|
51 |
+
return (width, height)
|
52 |
+
|
53 |
+
|
54 |
+
def save_file(folder, filename, data, size):
|
55 |
+
"""Save PIL image to disk.
|
56 |
+
|
57 |
+
:param folder: folder where images will be saved
|
58 |
+
:param filename: binary filename
|
59 |
+
:param data: grayscale image
|
60 |
+
:param size: image size
|
61 |
+
"""
|
62 |
+
image = Image.new("L", size)
|
63 |
+
image.putdata(data)
|
64 |
+
|
65 |
+
name, _ = os.path.splitext(filename)
|
66 |
+
name = os.path.basename(name)
|
67 |
+
imagename = os.path.join(folder, name + ".png")
|
68 |
+
|
69 |
+
image.save(imagename)
|
70 |
+
|
71 |
+
|
72 |
+
if __name__ == "__main__":
|
73 |
+
|
74 |
+
parser = ArgumentParser(
|
75 |
+
description="Transform all files in a folder into PNG images"
|
76 |
+
)
|
77 |
+
parser.add_argument("input_folder", help="Folder with the original files")
|
78 |
+
parser.add_argument(
|
79 |
+
"output_folder", help="Folder where the images will be saved"
|
80 |
+
)
|
81 |
+
args = parser.parse_args()
|
82 |
+
|
83 |
+
files = [
|
84 |
+
os.path.join(args.input_folder, bin_file)
|
85 |
+
for bin_file in os.listdir(args.input_folder)
|
86 |
+
]
|
87 |
+
os.makedirs(args.output_folder, exist_ok=True)
|
88 |
+
for bin_file in tqdm(files):
|
89 |
+
greyscale_data = get_binary_data(bin_file)
|
90 |
+
bin_size = get_size(len(greyscale_data))
|
91 |
+
save_file(args.output_folder, bin_file, greyscale_data, bin_size)
|
entropy_tester_classifier.pkl
ADDED
@@ -0,0 +1,3 @@
|
|
|
|
|
|
|
|
|
1 |
+
version https://git-lfs.github.com/spec/v1
|
2 |
+
oid sha256:dbb214565a0e5969901fb4707f41369040ab882d8b72531060c404e2d1cc4c80
|
3 |
+
size 1895142
|
model.pkl
ADDED
@@ -0,0 +1,3 @@
|
|
|
|
|
|
|
|
|
1 |
+
version https://git-lfs.github.com/spec/v1
|
2 |
+
oid sha256:e3165c874eb66655b5e859c8733feae933fa0617eb988ec7be91790bf4e2e2f3
|
3 |
+
size 47462689
|
requirements.txt
ADDED
@@ -0,0 +1,8 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
# CPU-only version of PyTorch
|
2 |
+
-f https://download.pytorch.org/whl/cpu/torch_stable.html
|
3 |
+
torch==2.0.1
|
4 |
+
torchvision==0.15.2
|
5 |
+
|
6 |
+
# fastai library
|
7 |
+
fastai==2.7.12
|
8 |
+
timm
|
tempfile.png
ADDED