Slyfind - hidden malware detection Application
Slyfind is an tool For Malware Detection that uses advanced Machine Learning Algorithms to detect malware threats which offers 3 key functionalities:
- Obfuscated Malware Detection
- Network Intrusion Detection
- PDF Evasive-Malware Detection
Slyfind stands out for its speed in obfuscated malware detection, by focusing on specific digital artifacts within volatile memory. This targeted approach enables faster detection of obfuscated malware.
- Obfuscated malware refers to malicious software or code that has been intentionally obscured or obfuscated to evade detection by security tools and analysts. Obfuscation techniques are used to conceal the true intent and functionality of the malware, making it more difficult to analyze and detect.Its significances are Enhanced Security Posture, Prevention of Data Loss, Protection Against Advanced Threats.
- Network intrusion refers to unauthorized access, malicious activity, or security breaches within a computer network. It involves attackers gaining unauthorized access to network resources, compromising system integrity, stealing sensitive data, or disrupting network operations.Detecting network intrusion is critical.It helps Network Security Monitoring, Real-time Alerts, Threat Detection.
- PDF malware refers to malicious software or code that is embedded within PDF (Portable Document Format) files. Cybercriminals often use PDF files as a vector to distribute malware due to their widespread use in business environments and the inherent trust users place in document formats.So it becomes a necessity to perform malware detection.
- Slyfind is designed to detect malware not only within our system but also across other systems, provided a memory dump is available. It aids in performing Root Cause Analysis, Forensic Investigations. This helps investigators understand the scope and nature of an incident and take appropriate actions to contain and remediate it.
Make sure you have installed all of the following prerequisites on your development machine:
- Java - Download & Install Java
- Python 3.10 or above Download & Install python
- Wireshark Download & Install wireshark
- Node.js - Download & Install Node.js
- Make sure to add paths to environment variables
NOTE : Integration of Java, Python, Wireshark, and Node.js will be available in the next version. Stay tuned for updates!
- Clone the project
bash git clone https://github.com/kmitofficial/AIToolForMalwareDetection-G96-PS23.git- Add symbols
slyfind-application\v3\volatility3\symbols- download symbols and paste the
zipin symbols folder (slyfind-application\v3\volatility3\symbols)
- Go to the project directory
cd slyfind-application
- Install dependencies
npm install- Download the requirements
python -m pip install -r requirements.txt-
Download pkl files given in website
will be added soon :)
-
Start the application
npm start-
Akshay Nagamalla @AkshayNagamalla
-
Darsh Agrawal@DarshAgrawal14
-
Mohammed Areeb Akhter@Areeb-Ak
-
Ayush Reddy Pasham @RahZero0
-
Sharvani K@Sharvani-30
-
Srinidhi Chodavarapu@Srinidhi-Chodavarapu
-
We would like to acknowledge the Canadian institute of Cyber Security (CIC) for their valuable open-source datasets, which were pivotal in the development of this project.
-
We want to express our appreciation to the creators and maintainers of the Volatility3 framework for their invaluable open-source contribution.
-
We want to express our appreciation to the developers of Wireshark for providing their powerful network protocol analyzer as open-source software.
-
We would like to express our heartfelt gratitude to Sripooja @msripooja ma'am for her invaluable guidance, support, and mentorship throughout the duration of this project.
We would like to acknowledge the following research papers, which provided valuable insights and information for this project:
-
Tristan Carrier, Princy Victor, Ali Tekeoglu, Arash Habibi Lashkari,” Detecting Obfuscated Malware using Memory Feature Engineering”, The 8th International Conference on Information Systems Security and Privacy (ICISSP), 2022 Research paper
-
Iman Sharafaldin, Arash Habibi Lashkari, and Ali A. Ghorbani, “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization”, 4th International Conference on Information Systems Security and Privacy (ICISSP), Portugal, January 2018 Research paper
-
Maryam Issakhani, Princy Victor, Ali Tekeoglu, and Arash Habibi Lashkari1, “PDF Malware Detection Based on Stacking Learning”, The International Conference on Information Systems Security and Privacy, February 2022 Research paper
This project is licensed under the MIT License.