ergo-pe-av

An artificial neural network and API to detect Windows malware, based on Ergo and LIEF.

Installation

cd /path/to/ergo-pe-av
sudo pip3 install -r requirements.txt

Use as an API

ergo serve /path/to/ergo-pe-av --classes "clean, malware"

From the client, to scan a file that the server can access too:

curl "http://localhost:8080/?x=/path/to/file.exe"
# or
curl --data "x=/path/to/file.exe" "http://localhost:8080/"

To upload the whole file:

curl -F "x=@/path/to/file.exe" "http://localhost:8080/"

To encode a file to a vector of raw features:

curl -F "x=@/path/to/file.exe" "http://localhost:8080/encode"

To scan a vector of raw features:

curl --data "x=0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,1.0,0.0,0.0,0.847058823529,......" "http://localhost:8080/"

Model Statistics

The dataset is made of ~200000 samples divided in two subfolders:

classes/pe-malicious with 100000 malware samples from VirusTotal
classes/pe-clean with 100000 clean samples

The dataset.csv training file has been generated with:

ergo encode ergo-pe-av /media/evilsocket/4TB/datapath-pe/classes --filter "*.exe", Training, ROC/AUC, ----------, ---------, ![](https://raw.githubusercontent.com/evilsocket/ergo-pe-av/master/history.png), ![](https://raw.githubusercontent.com/evilsocket/ergo-pe-av/master/roc.png), Training, Validation, Testing, ----------, ------------, ---------, ![](https://raw.githubusercontent.com/evilsocket/ergo-pe-av/master/training_cm.png), ![](https://raw.githubusercontent.com/evilsocket/ergo-pe-av/master/validation_cm.png), ![](https://raw.githubusercontent.com/evilsocket/ergo-pe-av/master/test_cm.png), ### License

Made with ♥ by the dev team and it is released under the GPL 3 license.

名称与所有者	evilsocket/ergo-pe-av
主编程语言	Python
编程语言	Python (语言数: 1)
平台
许可证	Other

创建于	2019-05-19 15:13:00
推送于	2019-05-28 11:05:29
最后一次提交	2019-05-28 13:05:24
发布数	0

星数	178
关注者数	12
派生数	36
提交数	27
已启用问题?
问题数	7
打开的问题数	3
拉请求数	0
打开的拉请求数	0
关闭的拉请求数	1

已启用Wiki?
已存档?
是复刻?
已锁定?
是镜像?
是私有?

Github星跟踪图

Installation

Use as an API

Model Statistics

主要指标