Our data comes from two sources:
The malware hash names we use are stored in malware_dataset-name.txt, and you can directly find them in the sources of the two datasets above.
The benign dataset comes from https://doi.org/10.6084/m9.figshare.6635642.v1
For three ML detector:MalConv、Ember and MalGCG
MalConv and Ember:endgameinc/malware_evasion_competition
For two commercial anti virus products:ClamAV and Avast
ClamAV:ClamAVNet
Avast:https://www.avast.com/
Channel.py
- Change your malware path to "mal_dir"
- Change your benign software path to "ben_dir"
- Change your target detector path to "attack_model"
Then you can run it just by "python channel.py"
And if you want to check PE file functionality,you need to download IDA pro ,and place the "cfg.py" to the IDA pro dir path (see the "get_cfg.py")