Show HN: Deft-Intruder – Real-time malware detection daemon for Linux
a day ago
- #Real-time Monitoring
- #Linux Security
- #Malware Detection
- DEFT-Intruder is a real-time malware detection daemon for Linux systems.
- It monitors running processes using machine learning and heuristic rules.
- Features include real-time process monitoring, ML-based detection, and heuristic analysis.
- Compatible with all Linux distributions without requiring eBPF or kernel modules.
- Low overhead with minimal CPU and memory footprint.
- Configurable actions include logging, alerting, blocking, or quarantining threats.
- Supports whitelisting trusted applications.
- Detailed logging with rotation support.
- Requires GCC 7+ or Clang 6+, GNU Make, POSIX-compliant system, and pthread library.
- Installation involves cloning the repository, building the project, and running the daemon.
- ML model can be trained on the EMBER 2018 dataset for accurate malware detection.
- Usage options include running as a daemon, verbose logging, dry-run mode, and custom thresholds.
- Whitelist file can be created to exclude trusted applications from scanning.
- Random Forest model trained on features like file properties, entropy analysis, and import analysis.
- Heuristic rules detect behaviors like high entropy, suspicious paths, and anti-debugging.
- Systemd service can be installed for automatic startup.
- Performance metrics include low scan latency, minimal memory usage, and high detection rates.
- Contributions are welcome following fork, branch, commit, push, and pull request workflow.
- Project licensed under GNU General Public License v3.0.
- Future enhancements include YARA rule integration and network traffic analysis.