Metadata-Version: 2.1
Name: FAMEwork
Version: 0.1.5
Summary: Framework for Adversarial Malware Evaluation
Home-page: https://github.com/zRapha/FAME
Author: Raphael Labaca Castro
Author-email: mail@rapha.ai
License: MPL-2.0
Platform: Fedora 30, Ubuntu 16
Description-Content-Type: text/markdown
Requires-Dist: numpy (==1.19.0)
Requires-Dist: pandas (==0.25.0)
Requires-Dist: requests (==2.28.2)
Requires-Dist: scikit-learn (==0.21.2)
Requires-Dist: scipy (==1.5.1)
Requires-Dist: lief (==0.10.1)
Requires-Dist: lightgbm (==2.3.1)
Requires-Dist: joblib (==1.2.0)
Requires-Dist: chainer (==7.8.0)
Requires-Dist: chainerrl (==0.8.0)
Requires-Dist: pytest (==6.2.5)
Requires-Dist: coverage (==6.0)
Requires-Dist: tqdm (~=4.62.3)
Requires-Dist: sphinx (==4.2.0)
Requires-Dist: gym (~=0.19.0)
Requires-Dist: setuptools (~=57.0.0)

# Welcome to the FAMEwork for Adversarial Malware Evaluation 

FAME has been designed to evaluate ML-based malware classifiers against adversarial examples. It aims to provide understanding on how byte-level transformations can be injected into Windows Portable Executable (PE) files and compromise models. Moreover, it supports integrity verification to ensure that the adversarial examples remain valid after manipulation. This work implements the action space proposed on the [OpenAI gym malware](https://github.com/endgameinc/gym-malware) environment. It has been implemented and tested using Fedora 30 and Ubuntu 16 with Python3. Library versions are defined in the `requirements.txt` file.

The framework consists of the following modules: ARMED, AIMED / AIMED-RL & GAME-UP. 

## GAME-UP: Generating Adversarial Malware Examples with Universal Perturbations

This module intends to analyze how Universal Adversarial Perturbations (UAPs) can be useful to create efficient adversarial examples compared to input-specific attacks. It explores how real malware examples in the problem-space affect the feature-space of classifiers to identify systematic weaknesses. Also, it implements a variant of adversarial training to improve the resilience of static ML-based malware classifiers for Windows PE binaries.

## AIMED: Automatic Intelligent Modifications to Evade Detection

This approach focus on understanding how sensitive static malware classifiers are to adversarial examples. It uses different techniques including Genetic Programming (GP) and Reinforcement Learning (RL) to inject perturbations to Windows PE malware without compromising its functionality, keeping the frehsly generated adversarial example valid.

## ARMED: Automatic Random Modifications to Evade Detection

With this option sequences of transformations are chosen randomly to identify weakspots in the classifier. This module implements a pipeline that is able to automatically generate realizable adversarial examples in the malware context. 

## How to run FAME 

Install `FAME`:
```
$ pip install famework
```
Run `FAME` with any module (e.g., AIMED):
```
$ fame aimed
```

Here we describe how to run `FAME` by installing directly the package. For more detail about running from source and manual configuration of parameters refer to the [install](https://github.com/zRapha/FAME/blob/master/INSTALL.md) instructions. 




