Malware Bypass Research using Reinforcement Learning

Last update: Dec 26, 2022

Overview

MalwareRL

Malware Bypass Research using Reinforcement Learning

Background

This is a malware manipulation environment using OpenAI's gym environments. The core idea is based on paper "Learning to Evade Static PE Machine Learning Malware Models via Reinforcement Learning" (paper). I am extending the original repo because:

It is no longer maintained
It uses Python2 and an outdated version of LIEF
I wanted to integrate new Malware gym environments and additional manipulations

Over the past three years there have been breakthrough open-source projects published in the security ML space. In particular, Ember (Endgame Malware BEnchmark for Research) (paper) and MalConv: Malware detection by eating a whole exe (paper) have provided security researchers the ability to develop sophisticated, reproducible models that emulate features/techniques found in NGAVs.

MalwareRL Gym Environment

MalwareRL exposes gym environments for both Ember and MalConv to allow researchers to develop Reinforcement Learning agents to bypass Malware Classifiers. Actions include a variety of non-breaking (e.g. binaries will still execute) modifications to the PE header, sections, imports and overlay and are listed below.

Action Space

ACTION_TABLE = {
    'modify_machine_type': 'modify_machine_type',
    'pad_overlay': 'pad_overlay',
    'append_benign_data_overlay': 'append_benign_data_overlay',
    'append_benign_binary_overlay': 'append_benign_binary_overlay',
    'add_bytes_to_section_cave': 'add_bytes_to_section_cave',
    'add_section_strings': 'add_section_strings',
    'add_section_benign_data': 'add_section_benign_data',
    'add_strings_to_overlay': 'add_strings_to_overlay',
    'add_imports': 'add_imports',
    'rename_section': 'rename_section',
    'remove_debug': 'remove_debug',
    'modify_optional_header': 'modify_optional_header',
    'modify_timestamp': 'modify_timestamp',
    'break_optional_header_checksum': 'break_optional_header_checksum',
    'upx_unpack': 'upx_unpack',
    'upx_pack': 'upx_pack'
}

Observation Space

The observation_space of the gym environments are an array representing the feature vector. For ember this is numpy.array == 2381 and malconv numpy.array == 1024**2. The MalConv gym presents an opportunity to try RL techniques to generalize learning across large State Spaces.

Agents

A baseline agent RandomAgent is provided to demonstrate how to interact w/ gym environments and expected output. This agent attempts to evade the classifier by randomly selecting an action. This process is repeated up to the length of a game (e.g. 50 mods). If the modifed binary scores below the classifier threshold we register it as an evasion. In a lot of ways the RandomAgent acts as a fuzzer trying a bunch of actions with no regard to minimizing the modifications of the resulting binary.

Additional agents will be developed and made available (both model and code) in the coming weeks.

Table 1: Evasion Rate against Ember Holdout Dataset*

gym	agent	evasion_rate	avg_ep_len
ember	RandomAgent	89.2%	8.2
malconv	RandomAgent	88.5%	16.33

* 250 random samples

Setup

To get malware_rl up and running you will need the follow external dependencies:

LIEF
Ember, Malconv and SOREL-20M models. All of these then need to be placed into the malware_rl/envs/utils/ directory.

The SOREL-20M model requires use of the aws-cli in order to get. When accessing the AWS S3 bucket, look in the sorel-20m-model/checkpoints/lightGBM folder and fish out any of the models in the seed folders. The model file will need to be renamed to sorel.model and placed into malware_rl/envs/utils alongside the other models.
UPX has been added to support pack/unpack modifications. Download the binary here and place in the malware_rl/envs/controls directory.
Benign binaries - a small set of "trusted" binaries (e.g. grabbed from base Windows installation) you can download some via MSFT website (example). Store these binaries in malware_rl/envs/controls/trusted
Run strings command on those binaries and save the output as .txt files in malware_rl/envs/controls/good_strings
Download a set of malware from VirusShare or VirusTotal. I just used a list of hashes from the Ember dataset

Note: The helper script download_deps.py can be used as a quickstart to get most of the key dependencies setup.

I used a conda env set for Python3.7:

conda create -n malware_rl python=3.7

Finally install the Python3 dependencies in the requirements.txt.

pip3 install -r requirements.txt

References

The are a bunch of good papers/blog posts on manipulating binaries to evade ML classifiers. I compiled a few that inspired portions of this project below. Also, I have inevitably left out other pertinent reseach, so if there is something that should be in here let me know in an Git Issue or hit me up on Twitter (@filar).

Papers

Demetrio, Luca, et al. "Efficient Black-box Optimization of Adversarial Windows Malware with Constrained Manipulations." arXiv preprint arXiv:2003.13526 (2020). (paper)
Demetrio, Luca, et al. "Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection." arXiv preprint arXiv:2008.07125 (2020). (paper)
Song, Wei, et al. "Automatic Generation of Adversarial Examples for Interpreting Malware Classifiers." arXiv preprint arXiv:2003.03100 (2020). (paper)
Suciu, Octavian, Scott E. Coull, and Jeffrey Johns. "Exploring adversarial examples in malware detection." 2019 IEEE Security and Privacy Workshops (SPW). IEEE, 2019. (paper)
Fleshman, William, et al. "Static malware detection & subterfuge: Quantifying the robustness of machine learning and current anti-virus." 2018 13th International Conference on Malicious and Unwanted Software (MALWARE). IEEE, 2018. (paper)
Pierazzi, Fabio, et al. "Intriguing properties of adversarial ML attacks in the problem space." 2020 IEEE Symposium on Security and Privacy (SP). IEEE, 2020. (paper/code)
Fang, Zhiyang, et al. "Evading anti-malware engines with deep reinforcement learning." IEEE Access 7 (2019): 48867-48879. (paper)

Blog Posts

Talks

42: The answer to life the universe and everything offensive security by Will Pearce, Nick Landers (slides)
Bot vs. Bot: Evading Machine Learning Malware Detection by Hyrum Anderson (slides)
Trying to Make Meterpreter into an Adversarial Example by Andy Applebaum (slides)

Comments

Fail to run download_deps.py

Hi

Sorry, I cannot find instructions on how to download malware and benign sample. So I just ran the code below

python download_deps.py --accept --force --clean --strings

But it caused an error: FileNotFoundError: [Errno 2] No such file or directory: 'svn': 'svn'. I guess the links for downloading samples no longer live, and I made a change like below:

Old: "https://github.com/Endermanch/MalwareDatabase/trunk/ransomwares"

New: "https://github.com/Endermanch/MalwareDatabase/tree/master/ransomwares",

But I still got the same problem.

Do you know why?

Thanks

opened by vietvo89 8
How to train Reinformence learning model and reproduce your results?
Hi Bob

Does your code work on raw data (binary files) or an extracted dataset like EMBER? I guess binary files since the EMBER dataset cannot work for the Malcon model.

If I have data samples (benign and malware), how can I train a RL model using your code?

How can I use your code to train a RL model with EMBER dataset to attack against Ember model?

Thanks
opened by vietvo89 2

init() missing 1 required positional argument: 'output_path'

After completing the necessary preparations, I tried to run random_agent.py, but I encountered some problems. Traceback (most recent call last):

    File "random_agent.py", line 27, in <module>
    env = gym.make('ember-train-v0')
    ...
    gym.error.UnregisteredEnv: No registered env with id: ember-train-v0

After I import malware_rl，I encountered a new problem:

File "random_agent.py", line 27, in <module>
    env = gym.make('ember-train-v0')
  File "/.../python3.7/site-packages/gym/envs/registration.py", line 145, in make
    return registry.make(id, **kwargs)
  File "/.../python3.7/site-packages/gym/envs/registration.py", line 90, in make
    env = spec.make(**kwargs)
  File "/.../python3.7/site-packages/gym/envs/registration.py", line 60, in make
    env = cls(**_kwargs)
TypeError: __init__() missing 1 required positional argument: 'output_path'

I am a thorough rookie, hope to get your answer,thanks!

opened by u21h2 2

Bump urllib3 from 1.25.10 to 1.26.5
Bumps urllib3 from 1.25.10 to 1.26.5.

Release notes

Sourced from urllib3's releases.

1.26.5

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

Fixed deprecation warnings emitted in Python 3.10.

Updated vendored six library to 1.16.0.

Improved performance of URL parser when splitting the authority component.

If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors

1.26.4

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

Changed behavior of the default SSLContext when connecting to HTTPS proxy during HTTPS requests. The default SSLContext now sets check_hostname=True.

If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors

1.26.3

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

Fixed bytes and string comparison issue with headers (Pull #2141)

Changed ProxySchemeUnknown error message to be more actionable if the user supplies a proxy URL without a scheme (Pull #2107)

If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors

1.26.2

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

Fixed an issue where wrap_socket and CERT_REQUIRED wouldn't be imported properly on Python 2.7.8 and earlier (Pull #2052)

1.26.1

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

Fixed an issue where two User-Agent headers would be sent if a User-Agent header key is passed as bytes (Pull #2047)

1.26.0

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)

Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that still wish to use TLS earlier than 1.2 without a deprecation warning should opt-in explicitly by setting ssl_version=ssl.PROTOCOL_TLSv1_1 (Pull #2002) Starting in urllib3 v2.0: Connections that receive a DeprecationWarning will fail

Deprecated Retry options Retry.DEFAULT_METHOD_WHITELIST, Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST and Retry(method_whitelist=...) in favor of Retry.DEFAULT_ALLOWED_METHODS, Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT, and Retry(allowed_methods=...) (Pull #2000) Starting in urllib3 v2.0: Deprecated options will be removed

... (truncated)

Changelog

Sourced from urllib3's changelog.

1.26.5 (2021-05-26)

Fixed deprecation warnings emitted in Python 3.10.

Updated vendored six library to 1.16.0.

Improved performance of URL parser when splitting the authority component.

1.26.4 (2021-03-15)

Changed behavior of the default SSLContext when connecting to HTTPS proxy during HTTPS requests. The default SSLContext now sets check_hostname=True.

1.26.3 (2021-01-26)

Fixed bytes and string comparison issue with headers (Pull #2141)

Changed ProxySchemeUnknown error message to be more actionable if the user supplies a proxy URL without a scheme. (Pull #2107)

1.26.2 (2020-11-12)

Fixed an issue where wrap_socket and CERT_REQUIRED wouldn't be imported properly on Python 2.7.8 and earlier (Pull #2052)

1.26.1 (2020-11-11)

Fixed an issue where two User-Agent headers would be sent if a User-Agent header key is passed as bytes (Pull #2047)

1.26.0 (2020-11-10)

NOTE: urllib3 v2.0 will drop support for Python 2. Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>_.

Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)

Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that still wish to use TLS earlier than 1.2 without a deprecation warning

... (truncated)

Commits

d161647 Release 1.26.5

2d4a3fe Improve performance of sub-authority splitting in URL

2698537 Update vendored six to 1.16.0

07bed79 Fix deprecation warnings for Python 3.10 ssl module

d725a9b Add Python 3.10 to GitHub Actions

339ad34 Use pytest==6.2.4 on Python 3.10+

f271c9c Apply latest Black formatting

1884878 [1.26] Properly proxy EOF on the SSLTransport test suite

a891304 Release 1.26.4

8d65ea1 Merge pull request from GHSA-5phf-pp7p-vc2r

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump rsa from 4.6 to 4.7
Bumps rsa from 4.6 to 4.7.

Changelog

Sourced from rsa's changelog.

Version 4.7 - released 2021-01-10

Fix #165: CVE-2020-25658 - Bleichenbacher-style timing oracle in PKCS#1 v1.5 decryption code

Add padding length check as described by PKCS#1 v1.5 (Fixes #164)

Reuse of blinding factors to speed up blinding operations. Fixes #162.

Declare & test support for Python 3.9

Commits

fa3282a Bumped version to 4.7

a364e82 Marked version 4.7 as released

539c54a Fix #170: mistake in examples of documentation

b81e317 Declare support for and test Python 3.9

06ec1ea Fix #162: Blinding uses slow algorithm

341e5c4 Directly raise DecryptionError when crypto length is bad

f254895 Use bytes.find() instead of bytes.index()

240b0d8 Add link to changelog

f878c37 Fix #164: Add padding length check as described by PKCS#1 v1.5

dae8ce0 Fix #165: CVE-2020-25658 - Bleichenbacher-style timing oracle

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
How to download a set of malware from VirusShare or VirusTotal with a list of hashes from the Ember dataset

Hi

How can you download a set of malware from VirusShare or VirusTotal with just use only a list of hashes from the Ember dataset? It seems that your download code is not for VirusShare or VirusTotal.

Thanks

opened by vietvo89 1
Dependency Download Fix, .gitkeeps for successsful evasion files and CPU dockerfile

Final pull today! Just fixed the paths (again), added the .gitkeeps so the random_agent.py doesn't error if they are missing and created a noddy dockerfile.

opened by br0kej 1
Bump tensorflow from 2.3.0 to 2.3.1
Bumps tensorflow from 2.3.0 to 2.3.1.

Release notes

Sourced from tensorflow's releases.

TensorFlow 2.3.1

Release 2.3.1

Bug Fixes and Other Changes

Fixes an undefined behavior causing a segfault in tf.raw_ops.Switch (CVE-2020-15190)

Fixes three vulnerabilities in conversion to DLPack format (CVE-2020-15191, CVE-2020-15192, CVE-2020-15193)

Fixes two vulnerabilities in SparseFillEmptyRowsGrad (CVE-2020-15194, CVE-2020-15195)

Fixes several vulnerabilities in RaggedCountSparseOutput and SparseCountSparseOutput operations (CVE-2020-15196, CVE-2020-15197, CVE-2020-15198, CVE-2020-15199, CVE-2020-15200, CVE-2020-15201)

Fixes an integer truncation vulnerability in code using the work sharder API (CVE-2020-15202)

Fixes a format string vulnerability in tf.strings.as_string (CVE-2020-15203)

Fixes segfault raised by calling session-only ops in eager mode (CVE-2020-15204)

Fixes data leak and potential ASLR violation from tf.raw_ops.StringNGrams (CVE-2020-15205)

Fixes segfaults caused by incomplete SavedModel validation (CVE-2020-15206)

Fixes a data corruption due to a bug in negative indexing support in TFLite (CVE-2020-15207)

Fixes a data corruption due to dimension mismatch in TFLite (CVE-2020-15208)

Fixes several vulnerabilities in TFLite saved model format (CVE-2020-15209, CVE-2020-15210, CVE-2020-15211)

Fixes several vulnerabilities in TFLite implementation of segment sum (CVE-2020-15212, CVE-2020-15213, CVE-2020-15214)

Updates sqlite3 to 3.33.00 to handle CVE-2020-15358.

Fixes deprecated usage of collections API

Removes scipy dependency from setup.py since TensorFlow does not need it to install the pip package

Changelog

Sourced from tensorflow's changelog.

Release 2.3.1

Bug Fixes and Other Changes

Fixes an undefined behavior causing a segfault in tf.raw_ops.Switch (CVE-2020-15190)

Fixes three vulnerabilities in conversion to DLPack format (CVE-2020-15191, CVE-2020-15192, CVE-2020-15193)

Fixes two vulnerabilities in SparseFillEmptyRowsGrad (CVE-2020-15194, CVE-2020-15195)

Fixes several vulnerabilities in RaggedCountSparseOutput and SparseCountSparseOutput operations (CVE-2020-15196, CVE-2020-15197, CVE-2020-15198, CVE-2020-15199, CVE-2020-15200, CVE-2020-15201)

Fixes an integer truncation vulnerability in code using the work sharder API (CVE-2020-15202)

Fixes a format string vulnerability in tf.strings.as_string (CVE-2020-15203)

Fixes segfault raised by calling session-only ops in eager mode (CVE-2020-15204)

Fixes data leak and potential ASLR violation from tf.raw_ops.StringNGrams (CVE-2020-15205)

Fixes segfaults caused by incomplete SavedModel validation (CVE-2020-15206)

Fixes a data corruption due to a bug in negative indexing support in TFLite (CVE-2020-15207)

Fixes a data corruption due to dimension mismatch in TFLite (CVE-2020-15208)

Fixes several vulnerabilities in TFLite saved model format (CVE-2020-15209, CVE-2020-15210, CVE-2020-15211)

Fixes several vulnerabilities in TFLite implementation of segment sum (CVE-2020-15212, CVE-2020-15213, CVE-2020-15214)

Updates sqlite3 to 3.33.00 to handle CVE-2020-15358.

Fixes deprecated usage of collections API

Removes scipy dependency from setup.py since TensorFlow does not need it to install the pip package

Release 2.2.1

... (truncated)

Commits

fcc4b96 Merge pull request #43446 from tensorflow-jenkins/version-numbers-2.3.1-16251

4cf2230 Update version numbers to 2.3.1

eee8224 Merge pull request #43441 from tensorflow-jenkins/relnotes-2.3.1-24672

0d41b1d Update RELEASE.md

d99bd63 Insert release notes place-fill

d71d3ce Merge pull request #43414 from tensorflow/mihaimaruseac-patch-1-1

9c91596 Fix missing import

f9f12f6 Merge pull request #43391 from tensorflow/mihaimaruseac-patch-4

3ed271b Solve leftover from merge conflict

9cf3773 Merge pull request #43358 from tensorflow/mm-patch-r2.3

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump numpy from 1.21.0 to 1.22.0
Bumps numpy from 1.21.0 to 1.22.0.

Release notes

Sourced from numpy's releases.

v1.22.0

NumPy 1.22.0 Release Notes

NumPy 1.22.0 is a big release featuring the work of 153 contributors spread over 609 pull requests. There have been many improvements, highlights are:

Annotations of the main namespace are essentially complete. Upstream is a moving target, so there will likely be further improvements, but the major work is done. This is probably the most user visible enhancement in this release.

A preliminary version of the proposed Array-API is provided. This is a step in creating a standard collection of functions that can be used across application such as CuPy and JAX.

NumPy now has a DLPack backend. DLPack provides a common interchange format for array (tensor) data.

New methods for quantile, percentile, and related functions. The new methods provide a complete set of the methods commonly found in the literature.

A new configurable allocator for use by downstream projects.

These are in addition to the ongoing work to provide SIMD support for commonly used functions, improvements to F2PY, and better documentation.

The Python versions supported in this release are 3.8-3.10, Python 3.7 has been dropped. Note that 32 bit wheels are only provided for Python 3.8 and 3.9 on Windows, all other wheels are 64 bits on account of Ubuntu, Fedora, and other Linux distributions dropping 32 bit support. All 64 bit wheels are also linked with 64 bit integer OpenBLAS, which should fix the occasional problems encountered by folks using truly huge arrays.

Expired deprecations

Deprecated numeric style dtype strings have been removed

Using the strings "Bytes0", "Datetime64", "Str0", "Uint32", and "Uint64" as a dtype will now raise a TypeError.

(gh-19539)

Expired deprecations for loads, ndfromtxt, and mafromtxt in npyio

numpy.loads was deprecated in v1.15, with the recommendation that users use pickle.loads instead. ndfromtxt and mafromtxt were both deprecated in v1.17 - users should use numpy.genfromtxt instead with the appropriate value for the usemask parameter.

(gh-19615)

... (truncated)

Commits

4adc87d Merge pull request #20685 from charris/prepare-for-1.22.0-release

fd66547 REL: Prepare for the NumPy 1.22.0 release.

125304b wip

c283859 Merge pull request #20682 from charris/backport-20416

5399c03 Merge pull request #20681 from charris/backport-20954

f9c45f8 Merge pull request #20680 from charris/backport-20663

794b36f Update armccompiler.py

d93b14e Update test_public_api.py

7662c07 Update init.py

311ab52 Update armccompiler.py

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump protobuf from 3.13.0 to 3.15.0
Bumps protobuf from 3.13.0 to 3.15.0.

Release notes

Sourced from protobuf's releases.

Protocol Buffers v3.15.0

Protocol Compiler

Optional fields for proto3 are enabled by default, and no longer require the --experimental_allow_proto3_optional flag.

C++

MessageDifferencer: fixed bug when using custom ignore with multiple unknown fields

Use init_seg in MSVC to push initialization to an earlier phase.

Runtime no longer triggers -Wsign-compare warnings.

Fixed -Wtautological-constant-out-of-range-compare warning.

DynamicCastToGenerated works for nullptr input for even if RTTI is disabled

Arena is refactored and optimized.

Clarified/specified that the exact value of Arena::SpaceAllocated() is an implementation detail users must not rely on. It should not be used in unit tests.

Change the signature of Any::PackFrom() to return false on error.

Add fast reflection getter API for strings.

Constant initialize the global message instances

Avoid potential for missed wakeup in UnknownFieldSet

Now Proto3 Oneof fields have "has" methods for checking their presence in C++.

Bugfix for NVCC

Return early in _InternalSerialize for empty maps.

Adding functionality for outputting map key values in proto path logging output (does not affect comparison logic) and stop printing 'value' in the path. The modified print functionality is in the MessageDifferencer::StreamReporter.

Fixed protocolbuffers/protobuf#8129

Ensure that null char symbol, package and file names do not result in a crash.

Constant initialize the global message instances

Pretty print 'max' instead of numeric values in reserved ranges.

Removed remaining instances of std::is_pod, which is deprecated in C++20.

Changes to reduce code size for unknown field handling by making uncommon cases out of line.

Fix std::is_pod deprecated in C++20 (#7180)

Fix some -Wunused-parameter warnings (#8053)

Fix detecting file as directory on zOS issue #8051 (#8052)

Don't include sys/param.h for _BYTE_ORDER (#8106)

remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154)

Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159)

Fix for compiler warning issue#8145 (#8160)

fix: support deprecated enums for GCC < 6 (#8164)

Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125)

Python

Provided an override for the reverse() method that will reverse the internal collection directly instead of using the other methods of the BaseContainer.

MessageFactory.CreateProtoype can be overridden to customize class creation.

... (truncated)

Commits

ae50d9b Update protobuf version

8260126 Update protobuf version

c741c46 Resovled issue in the .pb.cc files

eef2764 Resolved an issue where NO_DESTROY and CONSTINIT were in incorrect order

0040102 Updated collect_all_artifacts.sh for Ubuntu Xenial

26cb6a7 Delete root-owned files in Kokoro builds

1e924ef Update port_def.inc

9a80cf1 Update coded_stream.h

a97c4f4 Merge pull request #8276 from haberman/php-warning

44cd75d Merge pull request #8282 from haberman/changelog

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump numpy from 1.18.5 to 1.21.0
Bumps numpy from 1.18.5 to 1.21.0.

Release notes

Sourced from numpy's releases.

v1.21.0

NumPy 1.21.0 Release Notes

The NumPy 1.21.0 release highlights are

continued SIMD work covering more functions and platforms,

initial work on the new dtype infrastructure and casting,

universal2 wheels for Python 3.8 and Python 3.9 on Mac,

improved documentation,

improved annotations,

new PCG64DXSM bitgenerator for random numbers.

In addition there are the usual large number of bug fixes and other improvements.

The Python versions supported for this release are 3.7-3.9. Official support for Python 3.10 will be added when it is released.

:warning: Warning: there are unresolved problems compiling NumPy 1.21.0 with gcc-11.1 .

Optimization level -O3 results in many wrong warnings when running the tests.

On some hardware NumPy will hang in an infinite loop.

New functions

Add PCG64DXSM BitGenerator

Uses of the PCG64 BitGenerator in a massively-parallel context have been shown to have statistical weaknesses that were not apparent at the first release in numpy 1.17. Most users will never observe this weakness and are safe to continue to use PCG64. We have introduced a new PCG64DXSM BitGenerator that will eventually become the new default BitGenerator implementation used by default_rng in future releases. PCG64DXSM solves the statistical weakness while preserving the performance and the features of PCG64.

See upgrading-pcg64 for more details.

(gh-18906)

Expired deprecations

The shape argument numpy.unravel_index cannot be passed as dims keyword argument anymore. (Was deprecated in NumPy 1.16.)

... (truncated)

Commits

b235f9e Merge pull request #19283 from charris/prepare-1.21.0-release

34aebc2 MAINT: Update 1.21.0-notes.rst

493b64b MAINT: Update 1.21.0-changelog.rst

07d7e72 MAINT: Remove accidentally created directory.

032fca5 Merge pull request #19280 from charris/backport-19277

7d25b81 BUG: Fix refcount leak in ResultType

fa5754e BUG: Add missing DECREF in new path

61127bb Merge pull request #19268 from charris/backport-19264

143d45f Merge pull request #19269 from charris/backport-19228

d80e473 BUG: Removed typing for == and != in dtypes

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Svn and requirements.txt problem
Problem description

Environment: Linux+ Kali2021.3 + Anaconda3 + PyCharm Compilation environment: Python3.7

Procedure: 1. Run conda to install svn ==1.0. 1.The reason is that the bag was not found. ''' (base) ┌──(root💀kali)-[~]

└─# conda install svn==1.0.1 1 ⨯ Collecting package metadata (current_repodata.json): done Solving environment: failed with initial frozen solve. Retrying with flexible solve. Collecting package metadata (repodata.json): done Solving environment: failed with initial frozen solve. Retrying with flexible solve.

PackagesNotFoundError: The following packages are not available from current channels:

svn==1.0.1

Current channels:

https://mirrors.tuna.tsinghua.edu.cn/anaconda/pkgs/free/linux-64

https://mirrors.tuna.tsinghua.edu.cn/anaconda/pkgs/free/noarch

https://repo.anaconda.com/pkgs/main/linux-64

https://repo.anaconda.com/pkgs/main/noarch

https://repo.anaconda.com/pkgs/r/linux-64

https://repo.anaconda.com/pkgs/r/noarch

To search for alternate channels that may provide the conda package you're looking for, navigate to

https://anaconda.org

and use the search bar at the top of the page. ''' **2.**Run the conda install SVN command. The SVN is successfully installed, but cannot be imported.

**3.**Run python3 download_deps.py --accept --force，and error reported because SVN is not available.

**4.**Then try to use pip list| grep svn, found no.But using conda list svn does exist.So then pip install svn is used.The svn is installed successfully.Again using the pip list| grep svn,and found it exists.Restart PyCharm and find that the import was successful.

**5.**However, when python3 dow nload_ deps.py --accept --force is run again, svn is still not available.In the same time,there is an another error:urllib.error.URLError: <urlopen error [Errno 111] Connection refused> ''' (malware_rl3) ┌──(root💀kali)-[~/code_program/malware_rl-master] └─# python3 download_deps.py --accept --force
[*] Attempting to Download ransomwares/ Samples & Place in Temp Directory [+] Success - Samples Downloaded Placed into Temp Directory [*] Attempting to Unzip Samples [+] Success - Samples Unzipped [*] Attempting to Rename Files to SHA256 Hash [+] Success - Samples renamed to their SHA256 hash [*] Attempting Clean Up [+] Cleanup Complete - ransomwares/ has been removed [*] Attempting to Download rogues/ Samples & Place in Temp Directory

Subversion not found. In order to download the sample malware, Subversion (svn) needs to be installed. This provides a method of downloading only the target folder rather than the whole repo.

[*] Attempting to Unzip Samples [+] Success - Samples Unzipped [*] Attempting to Rename Files to SHA256 Hash [+] Success - Samples renamed to their SHA256 hash [*] Attempting Clean Up [+] Cleanup Complete - rogues/ has been removed [*] Attempting to Download trojans/ Samples & Place in Temp Directory

Subversion not found. In order to download the sample malware, Subversion (svn) needs to be installed. This provides a method of downloading only the target folder rather than the whole repo.

[*] Attempting to Unzip Samples [+] Success - Samples Unzipped [*] Attempting to Rename Files to SHA256 Hash [+] Success - Samples renamed to their SHA256 hash [*] Attempting Clean Up [+] Cleanup Complete - trojans/ has been removed [*] Attempting to Download jokes/ Samples & Place in Temp Directory

Subversion not found. In order to download the sample malware, Subversion (svn) needs to be installed. This provides a method of downloading only the target folder rather than the whole repo.

[*] Attempting to Unzip Samples [+] Success - Samples Unzipped [*] Attempting to Rename Files to SHA256 Hash [+] Success - Samples renamed to their SHA256 hash [*] Attempting Clean Up [*] Attempting downloading Ember Model Traceback (most recent call last): File "/root/anaconda3/envs/malware_rl3/lib/python3.7/urllib/request.py", line 1317, in do_open encode_chunked=req.has_header('Transfer-encoding')) File "/root/anaconda3/envs/malware_rl3/lib/python3.7/http/client.py", line 1229, in request self._send_request(method, url, body, headers, encode_chunked) File "/root/anaconda3/envs/malware_rl3/lib/python3.7/http/client.py", line 1275, in _send_request self.endheaders(body, encode_chunked=encode_chunked) File "/root/anaconda3/envs/malware_rl3/lib/python3.7/http/client.py", line 1224, in endheaders self._send_output(message_body, encode_chunked=encode_chunked) File "/root/anaconda3/envs/malware_rl3/lib/python3.7/http/client.py", line 1016, in _send_output self.send(msg) File "/root/anaconda3/envs/malware_rl3/lib/python3.7/http/client.py", line 956, in send self.connect() File "/root/anaconda3/envs/malware_rl3/lib/python3.7/http/client.py", line 1392, in connect server_hostname=server_hostname) File "/root/anaconda3/envs/malware_rl3/lib/python3.7/ssl.py", line 412, in wrap_socket session=session File "/root/anaconda3/envs/malware_rl3/lib/python3.7/ssl.py", line 850, in _create self.do_handshake() File "/root/anaconda3/envs/malware_rl3/lib/python3.7/ssl.py", line 1108, in do_handshake self._sslobj.do_handshake() ConnectionResetError: [Errno 104] Connection reset by peer

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "download_deps.py", line 262, in storage_directory=UTIL_PATH, File "download_deps.py", line 61, in download_specific_github_file retrive_url(source_file_url, filename) File "download_deps.py", line 49, in retrive_url urllib.request.urlretrieve(source_file_url, filename) File "/root/anaconda3/envs/malware_rl3/lib/python3.7/urllib/request.py", line 247, in urlretrieve with contextlib.closing(urlopen(url, data)) as fp: File "/root/anaconda3/envs/malware_rl3/lib/python3.7/urllib/request.py", line 222, in urlopen return opener.open(url, data, timeout) File "/root/anaconda3/envs/malware_rl3/lib/python3.7/urllib/request.py", line 525, in open response = self._open(req, data) File "/root/anaconda3/envs/malware_rl3/lib/python3.7/urllib/request.py", line 543, in _open '_open', req) File "/root/anaconda3/envs/malware_rl3/lib/python3.7/urllib/request.py", line 503, in _call_chain result = func(*args) File "/root/anaconda3/envs/malware_rl3/lib/python3.7/urllib/request.py", line 1360, in https_open context=self._context, check_hostname=self._check_hostname) File "/root/anaconda3/envs/malware_rl3/lib/python3.7/urllib/request.py", line 1319, in do_open raise URLError(err) urllib.error.URLError: <urlopen error [Errno 104] Connection reset by peer>

(malware_rl3) ┌──(root💀kali)-[~/code_program/malware_rl-master] └─# python3 download_deps.py --accept --force 1 ⨯ [*] Attempting to Download ransomwares/ Samples & Place in Temp Directory

Subversion not found. In order to download the sample malware, Subversion (svn) needs to be installed. This provides a method of downloading only the target folder rather than the whole repo.

[*] Attempting to Unzip Samples [+] Success - Samples Unzipped [*] Attempting to Rename Files to SHA256 Hash [+] Success - Samples renamed to their SHA256 hash [*] Attempting Clean Up [+] Cleanup Complete - ransomwares/ has been removed [*] Attempting to Download rogues/ Samples & Place in Temp Directory

Subversion not found. In order to download the sample malware, Subversion (svn) needs to be installed. This provides a method of downloading only the target folder rather than the whole repo.

[*] Attempting to Unzip Samples [+] Success - Samples Unzipped [*] Attempting to Rename Files to SHA256 Hash [+] Success - Samples renamed to their SHA256 hash [*] Attempting Clean Up [*] Attempting to Download trojans/ Samples & Place in Temp Directory

Subversion not found. In order to download the sample malware, Subversion (svn) needs to be installed. This provides a method of downloading only the target folder rather than the whole repo.

[*] Attempting to Unzip Samples [+] Success - Samples Unzipped [*] Attempting to Rename Files to SHA256 Hash [+] Success - Samples renamed to their SHA256 hash [*] Attempting Clean Up [+] Cleanup Complete - trojans/ has been removed [*] Attempting to Download jokes/ Samples & Place in Temp Directory

Subversion not found. In order to download the sample malware, Subversion (svn) needs to be installed. This provides a method of downloading only the target folder rather than the whole repo.

[*] Attempting to Unzip Samples [+] Success - Samples Unzipped [*] Attempting to Rename Files to SHA256 Hash [+] Success - Samples renamed to their SHA256 hash [*] Attempting Clean Up [+] Cleanup Complete - jokes/ has been removed [*] Attempting downloading Ember Model [+] Success - Ember Model downloaded [+] Success - Ember Model Downloaded [*] Attempting to generate example benign strings output Traceback (most recent call last): File "/root/anaconda3/envs/malware_rl3/lib/python3.7/urllib/request.py", line 1317, in do_open encode_chunked=req.has_header('Transfer-encoding')) File "/root/anaconda3/envs/malware_rl3/lib/python3.7/http/client.py", line 1229, in request self._send_request(method, url, body, headers, encode_chunked) File "/root/anaconda3/envs/malware_rl3/lib/python3.7/http/client.py", line 1275, in _send_request self.endheaders(body, encode_chunked=encode_chunked) File "/root/anaconda3/envs/malware_rl3/lib/python3.7/http/client.py", line 1224, in endheaders self._send_output(message_body, encode_chunked=encode_chunked) File "/root/anaconda3/envs/malware_rl3/lib/python3.7/http/client.py", line 1016, in _send_output self.send(msg) File "/root/anaconda3/envs/malware_rl3/lib/python3.7/http/client.py", line 956, in send self.connect() File "/root/anaconda3/envs/malware_rl3/lib/python3.7/http/client.py", line 1384, in connect super().connect() File "/root/anaconda3/envs/malware_rl3/lib/python3.7/http/client.py", line 928, in connect (self.host,self.port), self.timeout, self.source_address) File "/root/anaconda3/envs/malware_rl3/lib/python3.7/socket.py", line 727, in create_connection raise err File "/root/anaconda3/envs/malware_rl3/lib/python3.7/socket.py", line 716, in create_connection sock.connect(sa) ConnectionRefusedError: [Errno 111] Connection refused

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "download_deps.py", line 268, in output_dir=MODULE_PATH, File "download_deps.py", line 179, in generate_example_benign_strings_output retrive_url(benign_repo, output_zip) File "download_deps.py", line 49, in retrive_url urllib.request.urlretrieve(source_file_url, filename) File "/root/anaconda3/envs/malware_rl3/lib/python3.7/urllib/request.py", line 247, in urlretrieve with contextlib.closing(urlopen(url, data)) as fp: File "/root/anaconda3/envs/malware_rl3/lib/python3.7/urllib/request.py", line 222, in urlopen return opener.open(url, data, timeout) File "/root/anaconda3/envs/malware_rl3/lib/python3.7/urllib/request.py", line 525, in open response = self._open(req, data) File "/root/anaconda3/envs/malware_rl3/lib/python3.7/urllib/request.py", line 543, in _open '_open', req) File "/root/anaconda3/envs/malware_rl3/lib/python3.7/urllib/request.py", line 503, in _call_chain result = func(*args) File "/root/anaconda3/envs/malware_rl3/lib/python3.7/urllib/request.py", line 1360, in https_open context=self._context, check_hostname=self._check_hostname) File "/root/anaconda3/envs/malware_rl3/lib/python3.7/urllib/request.py", line 1319, in do_open raise URLError(err) urllib.error.URLError: <urlopen error [Errno 111] Connection refused>

**6.**I also tried to download and unzip samples (Ember, Malconv and SOREL-20M ) by myself,but it sames can’t work.And I can’t understand what ‘s the strings and where it is. ''' **7.**Try to use other virtual environments--Python3.8,delete and recreate the virtual environments--python3.7 but there are still problems. 1. The Tensorflow version in requirements.txt is not compatible with Keras. (2) urllib3>=1.26.5, there is dependency conflict. And so on and so forth.

Summary:

It can be summarized as (1) SVN problem.I also tried to download and unzip samples (Ember, Malconv and SOREL-20M ) by myself,but it sames can’t work. (2) Requirement. TXT cannot completely install the package. Packages that don't fit are often compounded with ">=" ,which don't require a specific version of the package. At the same time, there is an incompatibility between Tensorflow2.8.0 and Keras2.4.3.(3)I have used the VPN all the time.I am not sure if it caused some problems. I would like to ask that do you have any solutions to these problems and your specific environment configuration, such as whether GPU is used? I've been trying for two weeks but I haven't been able to solve it. Thanks a lot.
opened by ayl-7 0

Subversion not found. and lightgbm.basic.LightGBMError

Hi Bob Sorry,When I tried to reproduce your results,I encountered the following two problems: 1.When I run the following command: python download_deps.py --accept --force I can not download all the samples you mentioned.The problem is as follows:

        [*] Attempting to Download ransomwares/ Samples & Place in Temp Directory

        Subversion not found. In order to download the sample malware,
        Subversion (svn) needs to be installed. This provides a method of
        downloading only the target folder rather than the whole repo.

        [*] Attempting to Download rogues/ Samples & Place in Temp Directory

        Subversion not found. In order to download the sample malware,
        Subversion (svn) needs to be installed. This provides a method of
        downloading only the target folder rather than the whole repo.

        [*] Attempting to Download trojans/ Samples & Place in Temp Directory

        Subversion not found. In order to download the sample malware,
        Subversion (svn) needs to be installed. This provides a method of
        downloading only the target folder rather than the whole repo.

Finally,I got 46 samples after running download_deps.py.

2.When I tried to run random_agent.py,another problem arised: lightgbm.basic.LightGBMError: Could not open /home/lee/126/malware_rl/malware_rl/envs/utils/sorel.model Do you know why and how to deal with them? Thanks a lot!

opened by lm457878340 1