secml_malware icon indicating copy to clipboard operation
secml_malware copied to clipboard
verified publisher icon pralab

How to apply secml_malware to my multiclass malconv classifier?

Open q642936448 opened this issue 4 years ago • 7 comments

Hi @zangobot , I am using the malconv to deal with the malware family classification problem. It's a Multi-classification tasks so I modify the malconv's last fc layer's out_features dimension and I train the malconv from scratch. If I want to apply secml_malware library to attack the multiclass malconv, what should I do?

Thanks in advance :)

q642936448 avatar Jan 10 '22 07:01 q642936448

Hello!

First, thank you for using my library! :) The implementation might be a bit longer than I expected (as I naively only coded binary classification attacks):

  • modify the c_discretized_bytes_evasion to take also the y_target class of your attack, and edit the infer_step and loss_function_gradient to also consider the class you want
  • edit the _run in c_end2end_evasion, precisely where it computes the confidence of the target class
  • edit the same things for the c_fast_gradient_sign_evasion if you want also to enable FGSM to be multiclass.

For black-box approaches, the process is similar, you would need to include the target class. If you manage to do this, you can also consider creating a pull request for the project!

Otherwise, I'll schedule the feature, and I'll code in the meantime.

Let me know if this helped!

zangobot avatar Jan 11 '22 10:01 zangobot

Your reply helps a lot!

I'am doing the implementation now. It looks like a hard job due to my poor coding skill (: .

But I will try my best. If I encounter problems, I will contact you.

Thank you so much!

q642936448 avatar Jan 11 '22 11:01 q642936448

When modifying c_fast_gradient_sign_evasion for multilevel, do we need to keep the binary cross entropy or change it to a regular cross entropy loss? And if so, would we want to only want to turn on the bit that corresponds to the target class and leave the rest of the classes as zeros?

akul-goyal avatar Jun 22 '22 15:06 akul-goyal

Well, it depends on which loss function you want to use. CE Loss is one, but of course it can be customized at will. I did not have time to work on this, but I might prioritize the implementation of this feature soon.

zangobot avatar Jun 23 '22 08:06 zangobot

I am happy to help with this if you need it. I am just wondering what is the best way to keep the semantics of attacks the same. If I was to use BCE, would I need change line 48 of c_fast_gradient_sign_evasion.py such that it would be malware_class = torch.ones(y.shape) and malware_class[target_y] = 0 or malware_class = torch.zeros(y.shape) and malware_class[target_y] = 1?

akul-goyal avatar Jun 23 '22 13:06 akul-goyal

The semantics do not change, it is just the loss function that varies the loss landscape of the attack. I don't have much time to review that part now, the only thing is that the malware class is labelled as 1, and the goodware class as 0. But, for the multiclass is different, as you have the different families. So the code must be changed accordingly.

zangobot avatar Jun 24 '22 09:06 zangobot

ah ok. I will wait for you to make the needed changes then. I appreciate your help!

akul-goyal avatar Jun 24 '22 13:06 akul-goyal