├── .dockerignore ├── .gitignore ├── Dockerfile ├── README.md ├── code ├── data │ ├── features │ │ └── extract_features.py │ └── richheader │ │ ├── .gitignore │ │ ├── Dockerfile │ │ ├── LICENSE │ │ ├── README.md │ │ ├── check_richheader_packer.py │ │ ├── prodids.py │ │ ├── rich_standalone.py │ │ ├── rich_web.py │ │ └── richlibrary.py ├── experiments │ ├── .gitignore │ ├── __init__.py │ ├── actor.py │ ├── adversarial │ │ ├── 3d5a37b9.exe │ │ ├── 3d5a37b9.strings │ │ ├── adv.py │ │ ├── benign-features-2-1000.json │ │ ├── dfb.csv │ │ ├── dfb.txt │ │ ├── dfm.csv │ │ ├── dfm.txt │ │ └── stats.py │ ├── bestClassifier_diffFeatures.py │ ├── config_exp-all.py │ ├── config_exp-bestclassifier.py │ ├── config_exp-diffpackedbenign-nn.py │ ├── config_exp-diffpackedbenign.py │ ├── config_exp-dolphin.py │ ├── config_exp-goodbadpackers.py │ ├── config_exp-labagainstwild.py │ ├── config_exp-labdiffpackedbenign-nn.py │ ├── config_exp-labdiffpackedbenign.py │ ├── config_exp-nopackedbenign-evalall.py │ ├── config_exp-nopackedbenign-nodll.py │ ├── config_exp-nopackedbenign.py │ ├── config_exp-packerVsPacker.py │ ├── config_exp-singlepacker.py │ ├── config_exp-wild.py │ ├── config_exp-wildvspacker.py │ ├── config_exp-withheldpacker.py │ ├── eval_goodbadpackers_allcombs.py │ ├── exp_bestclassifier.sh │ ├── exp_diffPackedBenign.sh │ ├── exp_diffPackedBenignNN.sh │ ├── exp_dolphin.sh │ ├── exp_labDiffPackedBenign.sh │ ├── exp_labDiffPackedBenignNN.sh │ ├── exp_labagainstwild.sh │ ├── exp_nopackedbenign.sh │ ├── exp_packervspacker.sh │ ├── exp_singlepacker-onlyapiimport.sh │ ├── exp_singlepacker-onlyheader.sh │ ├── exp_singlepacker-onlyopcodes.sh │ ├── exp_singlepacker-onlyrich.sh │ ├── exp_singlepacker-onlysections.sh │ ├── exp_singlepacker.sh │ ├── exp_util.py │ ├── exp_wildvspacker-nn.sh │ ├── exp_wildvspacker-rich.sh │ ├── exp_wildvspacker.sh │ ├── exp_withheldpacker-nn.sh │ ├── exp_withheldpacker-nongrams.sh │ ├── exp_withheldpacker.sh │ ├── neuralnet.py │ ├── packerclassifier.py │ ├── run_goodbadpackers_allcombs.py │ ├── training-nn.py │ └── training.py ├── results │ ├── add_metrics_csv.py │ ├── exp_onlyPackedAndOnePacker.sh │ ├── features.py │ ├── metrics.py │ ├── parse_results.sh │ ├── plot_diffpackedbenign.py │ ├── plot_ft_dst.py │ ├── plot_labdiffpackedbenign.py │ ├── plot_pesections_expsinglepacker.py │ ├── plot_scores.py │ ├── plot_tree.py │ ├── process_sql.py │ ├── top_features.py │ └── top_imports.py └── util.py ├── datasets └── README.md ├── load_image.sh ├── requirements.txt ├── run_docker.sh └── save_image.sh /.dockerignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/.dockerignore -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/.gitignore -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/Dockerfile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/README.md -------------------------------------------------------------------------------- /code/data/features/extract_features.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/data/features/extract_features.py -------------------------------------------------------------------------------- /code/data/richheader/.gitignore: -------------------------------------------------------------------------------- 1 | __pycache__/* 2 | -------------------------------------------------------------------------------- /code/data/richheader/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/data/richheader/Dockerfile -------------------------------------------------------------------------------- /code/data/richheader/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/data/richheader/LICENSE -------------------------------------------------------------------------------- /code/data/richheader/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/data/richheader/README.md -------------------------------------------------------------------------------- /code/data/richheader/check_richheader_packer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/data/richheader/check_richheader_packer.py -------------------------------------------------------------------------------- /code/data/richheader/prodids.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/data/richheader/prodids.py -------------------------------------------------------------------------------- /code/data/richheader/rich_standalone.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/data/richheader/rich_standalone.py -------------------------------------------------------------------------------- /code/data/richheader/rich_web.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/data/richheader/rich_web.py -------------------------------------------------------------------------------- /code/data/richheader/richlibrary.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/data/richheader/richlibrary.py -------------------------------------------------------------------------------- /code/experiments/.gitignore: -------------------------------------------------------------------------------- 1 | clustering/* 2 | -------------------------------------------------------------------------------- /code/experiments/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /code/experiments/actor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/actor.py -------------------------------------------------------------------------------- /code/experiments/adversarial/3d5a37b9.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/adversarial/3d5a37b9.exe -------------------------------------------------------------------------------- /code/experiments/adversarial/3d5a37b9.strings: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/adversarial/3d5a37b9.strings -------------------------------------------------------------------------------- /code/experiments/adversarial/adv.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/adversarial/adv.py -------------------------------------------------------------------------------- /code/experiments/adversarial/benign-features-2-1000.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/adversarial/benign-features-2-1000.json -------------------------------------------------------------------------------- /code/experiments/adversarial/dfb.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/adversarial/dfb.csv -------------------------------------------------------------------------------- /code/experiments/adversarial/dfb.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/adversarial/dfb.txt -------------------------------------------------------------------------------- /code/experiments/adversarial/dfm.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/adversarial/dfm.csv -------------------------------------------------------------------------------- /code/experiments/adversarial/dfm.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/adversarial/dfm.txt -------------------------------------------------------------------------------- /code/experiments/adversarial/stats.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/adversarial/stats.py -------------------------------------------------------------------------------- /code/experiments/bestClassifier_diffFeatures.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/bestClassifier_diffFeatures.py -------------------------------------------------------------------------------- /code/experiments/config_exp-all.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/config_exp-all.py -------------------------------------------------------------------------------- /code/experiments/config_exp-bestclassifier.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/config_exp-bestclassifier.py -------------------------------------------------------------------------------- /code/experiments/config_exp-diffpackedbenign-nn.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/config_exp-diffpackedbenign-nn.py -------------------------------------------------------------------------------- /code/experiments/config_exp-diffpackedbenign.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/config_exp-diffpackedbenign.py -------------------------------------------------------------------------------- /code/experiments/config_exp-dolphin.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/config_exp-dolphin.py -------------------------------------------------------------------------------- /code/experiments/config_exp-goodbadpackers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/config_exp-goodbadpackers.py -------------------------------------------------------------------------------- /code/experiments/config_exp-labagainstwild.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/config_exp-labagainstwild.py -------------------------------------------------------------------------------- /code/experiments/config_exp-labdiffpackedbenign-nn.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/config_exp-labdiffpackedbenign-nn.py -------------------------------------------------------------------------------- /code/experiments/config_exp-labdiffpackedbenign.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/config_exp-labdiffpackedbenign.py -------------------------------------------------------------------------------- /code/experiments/config_exp-nopackedbenign-evalall.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/config_exp-nopackedbenign-evalall.py -------------------------------------------------------------------------------- /code/experiments/config_exp-nopackedbenign-nodll.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/config_exp-nopackedbenign-nodll.py -------------------------------------------------------------------------------- /code/experiments/config_exp-nopackedbenign.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/config_exp-nopackedbenign.py -------------------------------------------------------------------------------- /code/experiments/config_exp-packerVsPacker.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/config_exp-packerVsPacker.py -------------------------------------------------------------------------------- /code/experiments/config_exp-singlepacker.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/config_exp-singlepacker.py -------------------------------------------------------------------------------- /code/experiments/config_exp-wild.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/config_exp-wild.py -------------------------------------------------------------------------------- /code/experiments/config_exp-wildvspacker.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/config_exp-wildvspacker.py -------------------------------------------------------------------------------- /code/experiments/config_exp-withheldpacker.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/config_exp-withheldpacker.py -------------------------------------------------------------------------------- /code/experiments/eval_goodbadpackers_allcombs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/eval_goodbadpackers_allcombs.py -------------------------------------------------------------------------------- /code/experiments/exp_bestclassifier.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/exp_bestclassifier.sh -------------------------------------------------------------------------------- /code/experiments/exp_diffPackedBenign.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/exp_diffPackedBenign.sh -------------------------------------------------------------------------------- /code/experiments/exp_diffPackedBenignNN.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/exp_diffPackedBenignNN.sh -------------------------------------------------------------------------------- /code/experiments/exp_dolphin.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/exp_dolphin.sh -------------------------------------------------------------------------------- /code/experiments/exp_labDiffPackedBenign.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/exp_labDiffPackedBenign.sh -------------------------------------------------------------------------------- /code/experiments/exp_labDiffPackedBenignNN.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/exp_labDiffPackedBenignNN.sh -------------------------------------------------------------------------------- /code/experiments/exp_labagainstwild.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/exp_labagainstwild.sh -------------------------------------------------------------------------------- /code/experiments/exp_nopackedbenign.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/exp_nopackedbenign.sh -------------------------------------------------------------------------------- /code/experiments/exp_packervspacker.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/exp_packervspacker.sh -------------------------------------------------------------------------------- /code/experiments/exp_singlepacker-onlyapiimport.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/exp_singlepacker-onlyapiimport.sh -------------------------------------------------------------------------------- /code/experiments/exp_singlepacker-onlyheader.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/exp_singlepacker-onlyheader.sh -------------------------------------------------------------------------------- /code/experiments/exp_singlepacker-onlyopcodes.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/exp_singlepacker-onlyopcodes.sh -------------------------------------------------------------------------------- /code/experiments/exp_singlepacker-onlyrich.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/exp_singlepacker-onlyrich.sh -------------------------------------------------------------------------------- /code/experiments/exp_singlepacker-onlysections.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/exp_singlepacker-onlysections.sh -------------------------------------------------------------------------------- /code/experiments/exp_singlepacker.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/exp_singlepacker.sh -------------------------------------------------------------------------------- /code/experiments/exp_util.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/exp_util.py -------------------------------------------------------------------------------- /code/experiments/exp_wildvspacker-nn.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/exp_wildvspacker-nn.sh -------------------------------------------------------------------------------- /code/experiments/exp_wildvspacker-rich.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/exp_wildvspacker-rich.sh -------------------------------------------------------------------------------- /code/experiments/exp_wildvspacker.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/exp_wildvspacker.sh -------------------------------------------------------------------------------- /code/experiments/exp_withheldpacker-nn.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/exp_withheldpacker-nn.sh -------------------------------------------------------------------------------- /code/experiments/exp_withheldpacker-nongrams.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/exp_withheldpacker-nongrams.sh -------------------------------------------------------------------------------- /code/experiments/exp_withheldpacker.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/exp_withheldpacker.sh -------------------------------------------------------------------------------- /code/experiments/neuralnet.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/neuralnet.py -------------------------------------------------------------------------------- /code/experiments/packerclassifier.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/packerclassifier.py -------------------------------------------------------------------------------- /code/experiments/run_goodbadpackers_allcombs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/run_goodbadpackers_allcombs.py -------------------------------------------------------------------------------- /code/experiments/training-nn.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/training-nn.py -------------------------------------------------------------------------------- /code/experiments/training.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/experiments/training.py -------------------------------------------------------------------------------- /code/results/add_metrics_csv.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/results/add_metrics_csv.py -------------------------------------------------------------------------------- /code/results/exp_onlyPackedAndOnePacker.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/results/exp_onlyPackedAndOnePacker.sh -------------------------------------------------------------------------------- /code/results/features.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/results/features.py -------------------------------------------------------------------------------- /code/results/metrics.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/results/metrics.py -------------------------------------------------------------------------------- /code/results/parse_results.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/results/parse_results.sh -------------------------------------------------------------------------------- /code/results/plot_diffpackedbenign.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/results/plot_diffpackedbenign.py -------------------------------------------------------------------------------- /code/results/plot_ft_dst.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/results/plot_ft_dst.py -------------------------------------------------------------------------------- /code/results/plot_labdiffpackedbenign.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/results/plot_labdiffpackedbenign.py -------------------------------------------------------------------------------- /code/results/plot_pesections_expsinglepacker.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/results/plot_pesections_expsinglepacker.py -------------------------------------------------------------------------------- /code/results/plot_scores.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/results/plot_scores.py -------------------------------------------------------------------------------- /code/results/plot_tree.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/results/plot_tree.py -------------------------------------------------------------------------------- /code/results/process_sql.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/results/process_sql.py -------------------------------------------------------------------------------- /code/results/top_features.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/results/top_features.py -------------------------------------------------------------------------------- /code/results/top_imports.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/results/top_imports.py -------------------------------------------------------------------------------- /code/util.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/code/util.py -------------------------------------------------------------------------------- /datasets/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/datasets/README.md -------------------------------------------------------------------------------- /load_image.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | docker load -i $1 3 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/requirements.txt -------------------------------------------------------------------------------- /run_docker.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ucsb-seclab/packware/HEAD/run_docker.sh -------------------------------------------------------------------------------- /save_image.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | docker save -o $1 packware 3 | --------------------------------------------------------------------------------