Slyfind - hidden malware detection Application

AIToolForMalwareDetection-G96-PS23

Slyfind is an tool For Malware Detection that uses advanced Machine Learning Algorithms to detect malware threats which offers 3 key functionalities:

1. Obfuscated Malware Detection
2. Network Intrusion Detection
3. PDF Evasive-Malware Detection

Slyfind stands out for its speed in obfuscated malware detection, by focusing on specific digital artifacts within volatile memory. This targeted approach enables faster detection of obfuscated malware.

Description

Obfuscated Malware Detection

• Obfuscated malware refers to malicious software or code that has been intentionally obscured or obfuscated to evade detection by security tools and analysts. Obfuscation techniques are used to conceal the true intent and functionality of the malware, making it more difficult to analyze and detect.Its significances are Enhanced Security Posture, Prevention of Data Loss, Protection Against Advanced Threats.

Intrusion detection

• Network intrusion refers to unauthorized access, malicious activity, or security breaches within a computer network. It involves attackers gaining unauthorized access to network resources, compromising system integrity, stealing sensitive data, or disrupting network operations.Detecting network intrusion is critical.It helps Network Security Monitoring, Real-time Alerts, Threat Detection.

PDF Evasive-Malware Detection

• PDF malware refers to malicious software or code that is embedded within PDF (Portable Document Format) files. Cybercriminals often use PDF files as a vector to distribute malware due to their widespread use in business environments and the inherent trust users place in document formats.So it becomes a necessity to perform malware detection.

Memory Forensics

• Slyfind is designed to detect malware not only within our system but also across other systems, provided a memory dump is available. It aids in performing Root Cause Analysis, Forensic Investigations. This helps investigators understand the scope and nature of an incident and take appropriate actions to contain and remediate it.

Memory Analysics Workflow

Intrusion detection Workflow

PDF malware detection Workflow

Getting Started

Dependencies

Make sure you have installed all of the following prerequisites on your development machine:

• Java - Download & Install Java
• Python 3.10 or above Download & Install python
• Wireshark Download & Install wireshark
• Node.js - Download & Install Node.js
• Make sure to add paths to environment variables

NOTE : Integration of Java, Python, Wireshark, and Node.js will be available in the next version. Stay tuned for updates!

Run Locally

1. Clone the project

  bash git clone https://github.com/kmitofficial/AIToolForMalwareDetection-G96-PS23.git

2. Add symbols

  slyfind-application\v3\volatility3\symbols

• download symbols and paste the zip in symbols folder (slyfind-application\v3\volatility3\symbols)

3. Go to the project directory

  cd slyfind-application

4. Install dependencies

  npm install

5. Download the requirements

  python -m pip install -r requirements.txt

6. Download pkl files given in website

   • will be added soon :)

7. Start the application

  npm start

Slyfind Team

• Akshay Nagamalla @AkshayNagamalla

• Darsh Agrawal@DarshAgrawal14

• Mohammed Areeb Akhter@Areeb-Ak

• Ayush Reddy Pasham @RahZero0

• Sharvani K@Sharvani-30

• Srinidhi Chodavarapu@Srinidhi-Chodavarapu

Acknowledgements

• We would like to acknowledge the Canadian institute of Cyber Security (CIC) for their valuable open-source datasets, which were pivotal in the development of this project.

• We want to express our appreciation to the creators and maintainers of the Volatility3 framework for their invaluable open-source contribution.

• We want to express our appreciation to the developers of Wireshark for providing their powerful network protocol analyzer as open-source software.

• We would like to express our heartfelt gratitude to Sripooja @msripooja ma'am for her invaluable guidance, support, and mentorship throughout the duration of this project.

Research Papers

We would like to acknowledge the following research papers, which provided valuable insights and information for this project:

• Tristan Carrier, Princy Victor, Ali Tekeoglu, Arash Habibi Lashkari,” Detecting Obfuscated Malware using Memory Feature Engineering”, The 8th International Conference on Information Systems Security and Privacy (ICISSP), 2022 Research paper

• Iman Sharafaldin, Arash Habibi Lashkari, and Ali A. Ghorbani, “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization”, 4th International Conference on Information Systems Security and Privacy (ICISSP), Portugal, January 2018 Research paper

• Maryam Issakhani, Princy Victor, Ali Tekeoglu, and Arash Habibi Lashkari1, “PDF Malware Detection Based on Stacking Learning”, The International Conference on Information Systems Security and Privacy, February 2022 Research paper

This project is licensed under the MIT License.