TGA file footer can be used to create adversarial examples #596
Labels
adversarial
This issue is about adversarial techniques
misdetection
This issue is about a misdetection on a content type currently supported
I noticed that somehow Magika's model is maybe too sensitive to the TGA file footer, and it can be used to create adversarial examples easily.
Here's an adversarial example I created to make an ELF file be mistakenly identified as a TGA file:
poc.so
The above adversarial example can be compiled by
nasm -f bin -o poc.so poc.s
with this poc.sIf you
LD_PRELOAD=./poc.so /bin/cat
with a x86-64 Linux, you should see/bin/id
been executed, which means this is definitely a valid ELF file, not a TGA file.However, Magika will identify it as a TGA file, with score
1.0
:The text was updated successfully, but these errors were encountered: