From ef5e3a556964e187687393d399017debc0901025 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EC=9D=B4=EC=9E=AC=EC=99=84?= <162649228+leej1045@users.noreply.github.com> Date: Sat, 31 May 2025 23:18:51 +0900 Subject: [PATCH 1/7] Create test_ember.py --- test_ember.py | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 test_ember.py diff --git a/test_ember.py b/test_ember.py new file mode 100644 index 0000000..12cdd1a --- /dev/null +++ b/test_ember.py @@ -0,0 +1,3 @@ +from ember.features import PEFeatureExtractor +extractor = PEFeatureExtractor() +print("✅ EMBER 정상 작동") From 1b4dfa83841b83705ed2e0194302efe3dda50cf2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EC=9D=B4=EC=9E=AC=EC=99=84?= <162649228+leej1045@users.noreply.github.com> Date: Sat, 31 May 2025 23:19:09 +0900 Subject: [PATCH 2/7] Create train_model.py --- train_model.py | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 train_model.py diff --git a/train_model.py b/train_model.py new file mode 100644 index 0000000..e26f744 --- /dev/null +++ b/train_model.py @@ -0,0 +1,30 @@ +import numpy as np +from sklearn.ensemble import RandomForestClassifier +from sklearn.metrics import accuracy_score, f1_score +import joblib +import os + +# 1. 데이터 로드 +data = np.load("converted/converted_notepad.npz") +X = data["X"] +y = data["y"] + +# reshape 처리 추가 (단일 샘플 대응용) +X = X.reshape(1, -1) + +# 2. 모델 정의 및 학습 +model = RandomForestClassifier(n_estimators=100, random_state=42) +model.fit(X, y) + +# 3. 예측 및 평가 (지금은 학습셋만 있으므로 평가용은 형식상 사용) +pred = model.predict(X) +acc = accuracy_score(y, pred) +f1 = f1_score(y, pred, average="macro") + +# 4. 결과 출력 +print(f"✅ 학습 완료! Accuracy: {acc:.4f}, F1-score: {f1:.4f}") + +# 5. 모델 저장 +os.makedirs("model", exist_ok=True) +joblib.dump(model, "model/ransomware_model.pkl") +print("💾 모델 저장 완료: model/ransomware_model.pkl") From 7795eadc8274ad723a64c53e9c223cc05350d657 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EC=9D=B4=EC=9E=AC=EC=99=84?= <162649228+leej1045@users.noreply.github.com> Date: Sat, 31 May 2025 23:19:43 +0900 Subject: [PATCH 3/7] Delete .gitignore --- .gitignore | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 .gitignore diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 3b8dec6..0000000 --- a/.gitignore +++ /dev/null @@ -1,7 +0,0 @@ - -venv310/ -*.exe -*.zip -*.dll -*.dat -__pycache__/ \ No newline at end of file From 52d32b5f1c5895cd9e521d8a4c82180e6a41e737 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EC=9D=B4=EC=9E=AC=EC=99=84?= <162649228+leej1045@users.noreply.github.com> Date: Sat, 31 May 2025 23:19:54 +0900 Subject: [PATCH 4/7] Delete LICENSE --- LICENSE | 21 --------------------- 1 file changed, 21 deletions(-) delete mode 100644 LICENSE diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 164a005..0000000 --- a/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2025 Park Hyeonggyu - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. From 766a547cd35c270b8eb815aac72507868a1d2ec7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EC=9D=B4=EC=9E=AC=EC=99=84?= <162649228+leej1045@users.noreply.github.com> Date: Sat, 31 May 2025 23:20:00 +0900 Subject: [PATCH 5/7] Delete README.md --- README.md | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 README.md diff --git a/README.md b/README.md deleted file mode 100644 index 23058f2..0000000 --- a/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# SW_last 프로젝트 -선문대학교 AI소프트웨어 3학년 1학기 SW프로젝트 기초 기말 팀프로젝트 -여기다가 기초 설정같은거 적어 놓읍시다. - - -랜섬웨어가 저장되어 있는곳 : https://github.com/ytisf/theZoo/tree/master/malware/Binaries - \ No newline at end of file From 7a908aefeee34ebd582fcdd51d9c8a2efac3ac47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EC=9D=B4=EC=9E=AC=EC=99=84?= <162649228+leej1045@users.noreply.github.com> Date: Sat, 31 May 2025 23:28:40 +0900 Subject: [PATCH 6/7] Delete model directory --- model/convert_dataset.py | 19 ------------------- model/convert_to_npz.py | 18 ------------------ model/ember | 1 - model/extract_features.py | 29 ----------------------------- model/extracted/notepad.json | 1 - model/test_ember.py | 3 --- model/train_model.py | 30 ------------------------------ model/utils/dataset.py | 30 ------------------------------ 8 files changed, 131 deletions(-) delete mode 100644 model/convert_dataset.py delete mode 100644 model/convert_to_npz.py delete mode 160000 model/ember delete mode 100644 model/extract_features.py delete mode 100644 model/extracted/notepad.json delete mode 100644 model/test_ember.py delete mode 100644 model/train_model.py delete mode 100644 model/utils/dataset.py diff --git a/model/convert_dataset.py b/model/convert_dataset.py deleted file mode 100644 index c647d0f..0000000 --- a/model/convert_dataset.py +++ /dev/null @@ -1,19 +0,0 @@ -import numpy as np -from utils.dataset import EMBERDataset - -def convert_to_npz(data_dir="./ember_data", save_path="ember_vectorized_data.npz"): - # EMBERDataset은 벡터화된 데이터셋을 자동으로 로드함 - train_data = EMBERDataset(data_dir, subset="train", feature_version=2) - test_data = EMBERDataset(data_dir, subset="test", feature_version=2) - - X_train, y_train = zip(*train_data) - X_test, y_test = zip(*test_data) - - X = np.vstack(X_train + X_test) - y = np.hstack(y_train + y_test) - - np.savez_compressed(save_path, X=X, y=y) - print(f"✅ 저장 완료: {save_path}") - -if __name__ == "__main__": - convert_to_npz() diff --git a/model/convert_to_npz.py b/model/convert_to_npz.py deleted file mode 100644 index cf31045..0000000 --- a/model/convert_to_npz.py +++ /dev/null @@ -1,18 +0,0 @@ -import json -import numpy as np -from ember.features import PEFeatureExtractor - -# 1. feature extractor 로딩 -extractor = PEFeatureExtractor(feature_version=2) - -# 2. JSON 파일 불러오기 -with open("extracted/notepad.json", "r", encoding="utf-8") as f: - raw = json.load(f) - -# 3. features.py 기준으로 process_raw_features 적용 -x = extractor.process_raw_features(raw) - -# 4. npz로 저장 -np.savez("converted/converted_notepad.npz", X=x, y=np.array([0])) # y는 예시로 정상(0)이라고 둠 - -print("✅ 변환 완료: converted_notepad.npz 로 저장됨") diff --git a/model/ember b/model/ember deleted file mode 160000 index d97a0b5..0000000 --- a/model/ember +++ /dev/null @@ -1 +0,0 @@ -Subproject commit d97a0b523de02f3fe5ea6089d080abacab6ee931 diff --git a/model/extract_features.py b/model/extract_features.py deleted file mode 100644 index cb40009..0000000 --- a/model/extract_features.py +++ /dev/null @@ -1,29 +0,0 @@ -# extract_features.py -import argparse -import json -import os -import lief -from ember.features import PEFeatureExtractor - -def main(): - parser = argparse.ArgumentParser() - parser.add_argument('--input', type=str, required=True, help='Input .exe file path') - parser.add_argument('--output', type=str, required=True, help='Output .json path') - parser.add_argument('--kind', type=str, default="train", help='Kind: train/test/predict') - args = parser.parse_args() - - # 파일 읽기 - with open(args.input, 'rb') as f: - bytez = f.read() - - extractor = PEFeatureExtractor(feature_version=2) - features = extractor.raw_features(bytez) - - os.makedirs(os.path.dirname(args.output), exist_ok=True) - with open(args.output, 'w') as f: - json.dump(features, f) - - print(f"✅ Features extracted to {args.output}") - -if __name__ == '__main__': - main() diff --git a/model/extracted/notepad.json b/model/extracted/notepad.json deleted file mode 100644 index fe95698..0000000 --- a/model/extracted/notepad.json +++ /dev/null @@ -1 +0,0 @@ -{"sha256": "0f7b961e44a8dde66229619519b3dede0ee4a7c413c39dfd9bdb4f0d3ff2b15e", "histogram": [82295, 5161, 4149, 2558, 1628, 2023, 865, 1190, 1796, 827, 720, 753, 900, 1223, 634, 4676, 1763, 814, 641, 583, 555, 2350, 417, 517, 1109, 619, 472, 507, 579, 494, 565, 2189, 2004, 577, 528, 484, 3517, 624, 462, 456, 1003, 459, 433, 856, 464, 742, 601, 493, 1249, 475, 569, 2349, 652, 455, 428, 500, 955, 891, 470, 942, 646, 763, 568, 619, 2199, 3072, 654, 919, 4403, 2550, 616, 578, 13193, 1616, 442, 449, 2825, 1547, 454, 593, 1122, 345, 525, 708, 827, 802, 579, 945, 651, 374, 380, 478, 964, 599, 622, 835, 909, 1047, 487, 906, 1078, 1819, 1045, 628, 803, 1287, 360, 464, 1147, 712, 1010, 1232, 1098, 337, 1264, 1070, 2893, 1475, 509, 717, 893, 612, 529, 531, 672, 623, 651, 805, 1638, 912, 582, 2095, 1085, 2578, 418, 600, 1148, 3802, 487, 8829, 488, 3226, 533, 591, 703, 403, 430, 437, 443, 562, 2160, 423, 602, 412, 377, 426, 525, 487, 417, 681, 854, 440, 395, 434, 474, 513, 418, 460, 614, 442, 374, 509, 552, 373, 397, 626, 684, 530, 407, 454, 367, 454, 591, 715, 968, 742, 919, 559, 586, 630, 668, 671, 2957, 1398, 724, 1234, 1016, 465, 636, 1126, 1553, 1281, 691, 889, 9952, 568, 705, 988, 1101, 630, 915, 620, 494, 471, 510, 710, 952, 668, 544, 753, 700, 831, 688, 777, 1432, 691, 702, 665, 693, 569, 526, 665, 2706, 1031, 666, 1184, 974, 668, 493, 686, 1406, 727, 697, 617, 699, 569, 868, 879, 1685, 700, 656, 861, 795, 768, 1097, 10921], "byteentropy": [24576, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 6139, 0, 2, 3, 3948, 6, 54, 2, 50, 0, 2, 4, 4, 4, 4, 0, 6, 6, 4, 2, 5706, 82, 26, 21, 53, 36, 37, 22, 59, 17, 11, 20, 16, 11, 13, 14, 10502, 95, 49, 31, 151, 58, 76, 82, 22, 679, 16, 16, 41, 17, 17, 436, 7730, 50, 106, 57, 203, 61, 317, 136, 12, 202, 9, 9, 1053, 35, 27, 233, 6488, 331, 580, 101, 72, 73, 63, 51, 54, 56, 58, 60, 45, 60, 46, 54, 10586, 413, 207, 172, 438, 139, 141, 145, 246, 270, 192, 178, 423, 153, 168, 465, 8401, 141, 228, 467, 752, 247, 703, 489, 503, 559, 868, 143, 1117, 156, 866, 2792, 13911, 379, 1037, 812, 947, 602, 3612, 1892, 752, 882, 206, 317, 322, 726, 953, 3370, 5196, 622, 431, 976, 838, 1008, 4068, 2053, 49, 1582, 133, 221, 88, 656, 2202, 4453, 14534, 1192, 1155, 1069, 1221, 1122, 3657, 2295, 459, 520, 513, 579, 563, 805, 1010, 2074, 8310, 225, 464, 434, 356, 267, 845, 742, 1089, 787, 719, 703, 892, 957, 1177, 2513, 19067, 2667, 2020, 1861, 9308, 1356, 1387, 1631, 7291, 1067, 1105, 1590, 5310, 2134, 2366, 3328, 65787, 12468, 11698, 9468, 48627, 8085, 6018, 9981, 37647, 3217, 3362, 6497, 26546, 7842, 10154, 15227, 627, 75, 52, 58, 89, 120, 203, 138, 137, 221, 338, 473, 401, 268, 209, 687, 15690, 9581, 9273, 9518, 9084, 8307, 8677, 9669, 9693, 8903, 8210, 9078, 9398, 8870, 9466, 12231], "strings": {"numstrings": 1423, "avlength": 11.184820801124385, "printabledist": [313, 73, 62, 20, 300, 30, 27, 25, 56, 23, 21, 50, 50, 371, 184, 49, 122, 130, 80, 144, 38, 31, 31, 17, 68, 88, 34, 62, 65, 47, 64, 50, 117, 500, 54, 182, 236, 180, 134, 105, 255, 137, 26, 45, 168, 86, 65, 61, 119, 31, 95, 178, 168, 121, 175, 318, 49, 19, 21, 29, 128, 72, 134, 287, 37, 557, 98, 372, 377, 1149, 174, 174, 145, 624, 14, 61, 540, 239, 562, 656, 269, 34, 584, 449, 782, 248, 73, 178, 181, 116, 43, 18, 39, 21, 30, 52], "printables": 15916, "entropy": 5.855189366161062, "paths": 0, "urls": 1, "registry": 0, "MZ": 7}, "general": {"size": 360448, "vsize": 368640, "has_debug": 1, "exports": 0, "imports": 314, "has_relocations": 1, "has_resources": 1, "has_signature": 0, "has_tls": 0, "symbols": 0}, "header": {"coff": {"timestamp": 1305613412, "machine": "AMD64", "characteristics": ["LARGE_ADDRESS_AWARE", "EXECUTABLE_IMAGE"]}, "optional": {"subsystem": "WINDOWS_GUI", "dll_characteristics": ["HIGH_ENTROPY_VA", "NX_COMPAT", "DYNAMIC_BASE", "GUARD_CF", "TERMINAL_SERVER_AWARE"], "magic": "PE32_PLUS", "major_image_version": 10, "minor_image_version": 0, "major_linker_version": 14, "minor_linker_version": 38, "major_operating_system_version": 10, "minor_operating_system_version": 0, "major_subsystem_version": 10, "minor_subsystem_version": 0, "sizeof_code": 163840, "sizeof_headers": 4096, "sizeof_heap_commit": 4096}}, "section": {"entry": ".text", "sections": [{"name": ".text", "size": 159744, "entropy": 6.282348363904788, "vsize": 157442, "props": ["CNT_CODE", "MEM_EXECUTE", "MEM_READ"]}, {"name": "fothk", "size": 4096, "entropy": 0.015920183265625623, "vsize": 4096, "props": ["CNT_CODE", "MEM_EXECUTE", "MEM_READ"]}, {"name": ".rdata", "size": 45056, "entropy": 5.803285883043193, "vsize": 42456, "props": ["CNT_INITIALIZED_DATA", "MEM_READ"]}, {"name": ".data", "size": 4096, "entropy": 1.6134481659491247, "vsize": 10048, "props": ["CNT_INITIALIZED_DATA", "MEM_READ", "MEM_WRITE"]}, {"name": ".pdata", "size": 8192, "entropy": 5.114701033135384, "vsize": 4620, "props": ["CNT_INITIALIZED_DATA", "MEM_READ"]}, {"name": ".didat", "size": 4096, "entropy": 2.407271392742943, "vsize": 248, "props": ["CNT_INITIALIZED_DATA", "MEM_READ", "MEM_WRITE"]}, {"name": ".rsrc", "size": 126976, "entropy": 7.099786684300073, "vsize": 123344, "props": ["CNT_INITIALIZED_DATA", "MEM_READ"]}, {"name": ".reloc", "size": 4096, "entropy": 4.952520089161096, "vsize": 848, "props": ["CNT_INITIALIZED_DATA", "MEM_DISCARDABLE", "MEM_READ"]}]}, "imports": {"GDI32.dll": ["SetMapMode", "SetViewportExtEx", "SetWindowExtEx", "LPtoDP", "SetBkMode", "GetTextMetricsW", "TextOutW", "AbortDoc", "EndDoc", "SetAbortProc", "StartDocW", "StartPage", "CreateDCW", "EnumFontsW", "GetTextFaceW", "GetDeviceCaps", "DeleteDC", "DeleteObject", "SetBkColor", "CreateSolidBrush", "GetTextExtentPoint32W", "SelectObject", "CreateCompatibleDC", "EndPage", "CreateFontIndirectW"], "USER32.dll": ["PostQuitMessage", "BeginPaint", "EndPaint", "FillRect", "DrawTextW", "DrawFocusRect", "DefWindowProcW", "TrackMouseEvent", "InvalidateRect", "DestroyIcon", "SetThreadDpiAwarenessContext", "DialogBoxParamW", "LoadIconW", "GetFocus", "MessageBoxW", "ShowWindow", "SetCursor", "SetActiveWindow", "EnableMenuItem", "IsIconic", "SetFocus", "MessageBeep", "GetForegroundWindow", "GetDlgCtrlID", "SetWindowPos", "RedrawWindow", "GetKeyboardLayout", "CharNextW", "SetWinEventHook", "GetMessageW", "TranslateAcceleratorW", "IsDialogMessageW", "TranslateMessage", "DispatchMessageW", "UnhookWinEvent", "SetWindowTextW", "GetMenu", "GetSubMenu", "OpenClipboard", "IsClipboardFormatAvailable", "CloseClipboard", "CheckMenuItem", "SetDlgItemTextW", "GetDlgItemTextW", "EndDialog", "SendDlgItemMessageW", "SetScrollPos", "UpdateWindow", "GetWindowPlacement", "SetWindowPlacement", "CharUpperW", "GetSystemMenu", "LoadAcceleratorsW", "SetWindowLongW", "MonitorFromWindow", "RegisterWindowMessageW", "LoadCursorW", "LoadImageW", "RegisterClassExW", "GetWindowLongW", "PeekMessageW", "GetWindowTextW", "EnableWindow", "CreateDialogParamW", "DrawTextExW", "IsWindow", "CreateDialogIndirectParamW", "GetPropW", "SetPropW", "GetDlgItem", "RemovePropW", "CheckDlgButton", "CheckRadioButton", "IsDlgButtonChecked", "NotifyWinEvent", "CreateWindowExW", "GetWindowTextLengthW", "GetClientRect", "DestroyWindow", "GetDpiForWindow", "SystemParametersInfoForDpi", "SendMessageW", "MoveWindow", "GetDC", "LoadStringW", "PostMessageW", "ReleaseDC"], "api-ms-win-crt-string-l1-1-0.dll": ["wcscmp", "wcsnlen", "memset"], "api-ms-win-crt-runtime-l1-1-0.dll": ["_c_exit", "_initterm_e", "_initterm", "_register_thread_local_exe_atexit_callback"], "api-ms-win-crt-private-l1-1-0.dll": ["_o__get_wide_winmain_command_line", "_o__initialize_onexit_table", "_o__initialize_wide_environment", "_o__invalid_parameter_noinfo", "_o__purecall", "_o__register_onexit_function", "_o__seh_filter_exe", "_o__set_app_type", "_o__set_fmode", "_o__set_new_mode", "_o__wcsicmp", "_o__wtol", "_o_exit", "_o_free", "_o_iswdigit", "_o_malloc", "_o_terminate", "__CxxFrameHandler3", "__current_exception", "__current_exception_context", "_CxxThrowException", "_o__crt_atexit", "_o___stdio_common_vswprintf", "_o__configure_wide_argv", "_o___std_exception_destroy", "_o___std_exception_copy", "_o__configthreadlocale", "_o___p__commode", "_o__exit", "_o__cexit", "_o__callnewh", "_o__beginthreadex", "_o__errno", "wcsrchr", "wcschr", "__C_specific_handler", "memcmp", "memcpy", "memmove"], "api-ms-win-core-libraryloader-l1-2-0.dll": ["LockResource", "GetModuleHandleExW", "FindResourceExW", "LoadResource", "GetModuleHandleA", "GetModuleFileNameA", "FreeLibrary", "GetProcAddress", "GetModuleHandleW", "GetModuleFileNameW"], "api-ms-win-core-synch-l1-1-0.dll": ["LeaveCriticalSection", "InitializeCriticalSectionEx", "WaitForSingleObject", "ReleaseSemaphore", "ReleaseSRWLockExclusive", "EnterCriticalSection", "SetEvent", "CreateEventExW", "AcquireSRWLockExclusive", "ReleaseMutex", "WaitForSingleObjectEx", "DeleteCriticalSection", "AcquireSRWLockShared", "CreateMutexExW", "OpenSemaphoreW", "ReleaseSRWLockShared", "CreateSemaphoreExW"], "api-ms-win-core-heap-l1-1-0.dll": ["GetProcessHeap", "HeapAlloc", "HeapSetInformation", "HeapFree"], "api-ms-win-core-errorhandling-l1-1-0.dll": ["UnhandledExceptionFilter", "SetUnhandledExceptionFilter", "RaiseException", "GetLastError", "SetLastError"], "api-ms-win-core-threadpool-l1-2-0.dll": ["CloseThreadpoolTimer", "WaitForThreadpoolTimerCallbacks", "CreateThreadpoolTimer", "SetThreadpoolTimer"], "api-ms-win-core-processthreads-l1-1-0.dll": ["GetCurrentProcess", "OpenProcessToken", "CreateProcessW", "TerminateProcess", "GetCurrentThreadId", "GetStartupInfoW", "GetCurrentProcessId"], "api-ms-win-core-localization-l1-2-0.dll": ["FormatMessageW", "FindNLSString", "GetLocaleInfoW", "GetACP"], "api-ms-win-core-debug-l1-1-0.dll": ["IsDebuggerPresent", "OutputDebugStringW", "DebugBreak"], "api-ms-win-core-handle-l1-1-0.dll": ["CloseHandle"], "api-ms-win-core-com-l1-1-0.dll": ["CoTaskMemFree", "CoCreateInstance", "CoInitializeEx", "PropVariantClear", "CoUninitialize", "CoWaitForMultipleHandles", "CoCreateGuid", "CoTaskMemAlloc", "CoCreateFreeThreadedMarshaler"], "api-ms-win-core-registry-l1-1-1.dll": ["RegSetKeyValueW"], "api-ms-win-core-largeinteger-l1-1-0.dll": ["MulDiv"], "api-ms-win-core-shlwapi-legacy-l1-1-0.dll": ["PathFindExtensionW", "PathIsFileSpecW", "PathFileExistsW"], "api-ms-win-core-winrt-string-l1-1-0.dll": ["WindowsDeleteString", "WindowsCreateString", "WindowsCreateStringReference", "WindowsGetStringRawBuffer"], "api-ms-win-core-registry-l1-1-0.dll": ["RegQueryValueExW", "RegGetValueW", "RegSetValueExW", "RegEnumValueW", "RegQueryInfoKeyW", "RegCreateKeyExW", "RegCloseKey", "RegOpenKeyExW", "RegDeleteKeyExW"], "api-ms-win-core-winrt-l1-1-0.dll": ["RoGetActivationFactory"], "api-ms-win-core-heap-l2-1-0.dll": ["LocalUnlock", "LocalFree", "LocalLock", "GlobalAlloc", "GlobalFree", "LocalAlloc", "LocalReAlloc"], "api-ms-win-core-file-l1-1-0.dll": ["DeleteFileW", "GetFileAttributesW", "SetEndOfFile", "GetFileAttributesExW", "GetFileInformationByHandle", "FindClose", "FindFirstFileW", "CreateFileW", "ReadFile", "GetDiskFreeSpaceExW", "GetFullPathNameW", "CreateDirectoryW", "WriteFile"], "api-ms-win-shcore-obsolete-l1-1-0.dll": ["SHStrDupW"], "api-ms-win-security-base-l1-1-0.dll": ["GetTokenInformation"], "api-ms-win-core-processenvironment-l1-1-0.dll": ["GetCurrentDirectoryW", "GetCommandLineW", "SetCurrentDirectoryW"], "api-ms-win-core-string-l1-1-0.dll": ["FoldStringW", "WideCharToMultiByte", "CompareStringOrdinal", "MultiByteToWideChar"], "api-ms-win-core-psapi-l1-1-0.dll": ["K32GetModuleFileNameExW"], "api-ms-win-core-localization-obsolete-l1-2-0.dll": ["GetUserDefaultUILanguage"], "api-ms-win-core-sysinfo-l1-1-0.dll": ["GetLocalTime", "GetSystemTimeAsFileTime"], "api-ms-win-core-datetime-l1-1-0.dll": ["GetDateFormatW", "GetTimeFormatW"], "api-ms-win-shcore-path-l1-1-0.dll": ["ordinal170"], "api-ms-win-core-memory-l1-1-0.dll": ["MapViewOfFile", "CreateFileMappingW", "UnmapViewOfFile"], "api-ms-win-core-registry-l2-1-0.dll": ["RegCreateKeyW"], "api-ms-win-core-heap-obsolete-l1-1-0.dll": ["LocalSize", "GlobalLock", "GlobalUnlock"], "api-ms-win-shcore-scaling-l1-1-1.dll": ["GetDpiForMonitor"], "api-ms-win-core-string-obsolete-l1-1-0.dll": ["lstrcmpiW"], "api-ms-win-core-windowserrorreporting-l1-1-3.dll": ["RegisterApplicationRestart"], "api-ms-win-eventing-provider-l1-1-0.dll": ["EventRegister", "EventUnregister", "EventWriteTransfer", "EventSetInformation"], "api-ms-win-base-util-l1-1-0.dll": ["IsTextUnicode"], "api-ms-win-core-libraryloader-l1-2-1.dll": ["FindResourceW"], "api-ms-win-core-rtlsupport-l1-1-0.dll": ["RtlVirtualUnwind", "RtlLookupFunctionEntry", "RtlCaptureContext"], "api-ms-win-core-processthreads-l1-1-1.dll": ["IsProcessorFeaturePresent", "GetProcessMitigationPolicy"], "api-ms-win-core-profile-l1-1-0.dll": ["QueryPerformanceCounter"], "api-ms-win-core-interlocked-l1-1-0.dll": ["InitializeSListHead"], "api-ms-win-core-winrt-error-l1-1-0.dll": ["SetRestrictedErrorInfo"], "api-ms-win-core-winrt-error-l1-1-1.dll": ["RoGetMatchingRestrictedErrorInfo"], "COMCTL32.dll": ["ImageList_Create", "ImageList_SetBkColor", "ordinal381", "ImageList_ReplaceIcon", "ordinal410", "ImageList_Draw", "ImageList_GetIconSize", "ordinal413", "ImageList_Destroy", "ordinal345", "CreateStatusWindowW"], "api-ms-win-core-delayload-l1-1-1.dll": ["ResolveDelayLoadedAPI"], "api-ms-win-core-delayload-l1-1-0.dll": ["DelayLoadFailureHook"]}, "exports": [], "datadirectories": [{"name": "EXPORT_TABLE", "size": 0, "virtual_address": 0}, {"name": "IMPORT_TABLE", "size": 1020, "virtual_address": 198864}, {"name": "RESOURCE_TABLE", "size": 123344, "virtual_address": 237568}, {"name": "EXCEPTION_TABLE", "size": 4620, "virtual_address": 225280}, {"name": "CERTIFICATE_TABLE", "size": 0, "virtual_address": 0}, {"name": "BASE_RELOCATION_TABLE", "size": 760, "virtual_address": 364544}, {"name": "DEBUG", "size": 112, "virtual_address": 189152}, {"name": "ARCHITECTURE", "size": 0, "virtual_address": 0}, {"name": "GLOBAL_PTR", "size": 0, "virtual_address": 0}, {"name": "TLS_TABLE", "size": 0, "virtual_address": 0}, {"name": "LOAD_CONFIG_TABLE", "size": 320, "virtual_address": 169872}, {"name": "BOUND_IMPORT", "size": 0, "virtual_address": 0}, {"name": "IAT", "size": 2920, "virtual_address": 170192}, {"name": "DELAY_IMPORT_DESCRIPTOR", "size": 224, "virtual_address": 197360}, {"name": "CLR_RUNTIME_HEADER", "size": 0, "virtual_address": 0}, {"name": "???", "size": 0, "virtual_address": 0}]} \ No newline at end of file diff --git a/model/test_ember.py b/model/test_ember.py deleted file mode 100644 index 547a8dc..0000000 --- a/model/test_ember.py +++ /dev/null @@ -1,3 +0,0 @@ -from ember.features import PEFeatureExtractor -extractor = PEFeatureExtractor() -print("✅ EMBER 정상 작동") \ No newline at end of file diff --git a/model/train_model.py b/model/train_model.py deleted file mode 100644 index a474137..0000000 --- a/model/train_model.py +++ /dev/null @@ -1,30 +0,0 @@ -import numpy as np -from sklearn.ensemble import RandomForestClassifier -from sklearn.metrics import accuracy_score, f1_score -import joblib -import os - -# 1. 데이터 로드 -data = np.load("converted/converted_notepad.npz") -X = data["X"] -y = data["y"] - -# reshape 처리 추가 (단일 샘플 대응용) -X = X.reshape(1, -1) - -# 2. 모델 정의 및 학습 -model = RandomForestClassifier(n_estimators=100, random_state=42) -model.fit(X, y) - -# 3. 예측 및 평가 (지금은 학습셋만 있으므로 평가용은 형식상 사용) -pred = model.predict(X) -acc = accuracy_score(y, pred) -f1 = f1_score(y, pred, average="macro") - -# 4. 결과 출력 -print(f"✅ 학습 완료! Accuracy: {acc:.4f}, F1-score: {f1:.4f}") - -# 5. 모델 저장 -os.makedirs("model", exist_ok=True) -joblib.dump(model, "model/ransomware_model.pkl") -print("💾 모델 저장 완료: model/ransomware_model.pkl") \ No newline at end of file diff --git a/model/utils/dataset.py b/model/utils/dataset.py deleted file mode 100644 index d78b336..0000000 --- a/model/utils/dataset.py +++ /dev/null @@ -1,30 +0,0 @@ -import os -import numpy as np - -class EMBERDataset: - def __init__(self, data_dir, subset="train", feature_version=2): - self.data_dir = data_dir - self.subset = subset - self.feature_version = feature_version - - self.X_path = os.path.join(data_dir, f"X_{subset}.dat") - self.y_path = os.path.join(data_dir, f"y_{subset}.dat") - - if not os.path.exists(self.X_path) or not os.path.exists(self.y_path): - raise FileNotFoundError("Vectorized data files not found.") - - def __len__(self): - return self.num_samples() - - def __getitem__(self, idx): - with open(self.X_path, "rb") as fx, open(self.y_path, "rb") as fy: - fx.seek(idx * 2381) # EMBER feature size - fy.seek(idx * 1) - x = np.frombuffer(fx.read(2381), dtype=np.uint8) - y = np.frombuffer(fy.read(1), dtype=np.uint8)[0] - return x, y - - def num_samples(self): - return os.path.getsize(self.y_path) - - From f0c68eba6fb96d520c14a45c21a82f98f3e5f380 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EC=9D=B4=EC=9E=AC=EC=99=84?= <162649228+leej1045@users.noreply.github.com> Date: Sat, 31 May 2025 23:28:49 +0900 Subject: [PATCH 7/7] Delete web directory --- web/main.html | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 web/main.html diff --git a/web/main.html b/web/main.html deleted file mode 100644 index e69de29..0000000