Skip to content

File integrity monitor with malware detection using machine learning

Notifications You must be signed in to change notification settings

da4nyy/ANTIVIRUSxML

Repository files navigation

ANTIVIRUSXML

File Integrity Monitor with Malware detection using Machine learning


📔 Table of Contents

🌟 About the Project

Overview

This Python project is a project that combine between :

  1. basic file integrity monitor: which it takes two arguments: a directory to scan, and an output file for alerts. The script will recursively scan the given directory and its subdirectories, and will create alerts for any added, removed, or changed files. The script uses the os, sys, and pickle libraries to perform file system operations, as well as the datetime, hashlib, logging, and time libraries for other operations.
  2. malware detection using machine learning : it helps train a classifier to be able to detect PE files as either malicious or legitimate. It tries out 6 different classification algorithms before deciding which one to use for prediction by comparing their results.
screenshot

🧰 Getting Started

‼️ Prerequisites

This project uses some libraries that you need to install them first :

 pip install -r requirements.txt

⚙️ Installation

  git clone https://github.com/da4nyy/ANTIVIRUSxML/
  cd ANTIVIRUSxML

🏃 Run Locally

Clone the project

Go to the project directory

  cd ANTIVIRUSxML/

Install dependencies

   pip install -r requirements.txt

train the model ( you can skip this phase : you already find the files in the classifier directory

   python3 Malware-detection-learning.py data.csv

Start the file monitor and malware detection handler

   python3 antivirusXml.py -i <input directory to monitor> -o <output file>  

👀 Usage

  • You may monitor the integrity of the files that may have PII. In this case, you can place the script where your files live, and create a crontab or use task scheduler to run the script.
  • You can use the script to monitor the files stored in the web app and scan the added files.
  • If you are in the Blue Team at a CCDC competition, you can use this script to monitor your server and easily see which files modified.

🧭 Roadmap

  • scan x32 PE files
  • scan x64 PE files

👋 Contributing

Contributions are always welcome!

🤝 Contact

kacem hakim - @DARNY - [email protected]

Project Link: https://github.com/

💎 Acknowledgements

Releases

No releases published

Packages

No packages published

Languages