You are using an optimizer in your code to update model's parameters.. thats not how fgsm works..

ywkw1717 / FGSM-attack-against-MalConv

FGSM attack against MalConv used in Machine Learning Static Evasion Competition.

5 stars 1 forks source link

You are using an optimizer in your code to update model's parameters.. thats not how fgsm works.. #1

Open LusKrew opened 3 years ago

LusKrew commented 3 years ago

In your code you are using an optimizer with the models parameters to update the model parameters.. thats not how fgsm works, you are basically updating the model weights so the attack succeeds..

juburr commented 3 years ago

I think you should also run the reconstructed bytes back through the full model at the end before you declare that you've achieved evasion for a given binary. In my testing the reconstruction phase appeared to reduce the overall accuracy because there's only 256 possible bytes that the 8D embeddings can map to, and therefore some precision appears to be lost.