Skip to content

TomasPhilippart/ebpfangel

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
.github/workflows
.github/workflows
 
 
data
data
 
 
detector
detector
 
 
docs
docs
 
 
logs
logs
 
 
machinelearning
machinelearning
 
 
simulator
simulator
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
mkdocs.yml
mkdocs.yml
 
 

Repository files navigation

Logo

Ransomware Detection using Machine Learning with eBPF for Linux

GitHub License Website

Authors:
Max WillersTomás Philippart

PaperPresentation slides

OverviewSimulatorDetectorMachine Learning 

$ git clone https://github.com/TomasPhilippart/ebpfangel.git

⚠️ Not a final product: This is the final result of a research project. It is not intended to be a final product/solution to use in any productions environment whatsoever, it is simply the byproduct of research and therefore is intended to use as so.

Overview

ebpfangel is a ransomware detection system that leverages the power of eBPF and machine learning to provide real-time monitoring and protection against ransomware attacks on Linux-based systems. By integrating dynamic analysis techniques with the capabilities of eBPF, ebpfangel offers a flexible, low-overhead solution for identifying and mitigating ransomware threats.

How it works

ebpfangel operates by attaching eBPF programs to key system calls and user-space functions. These programs are triggered by specific events, such as file operations and encryption activities, allowing for comprehensive monitoring of system behavior. The collected data is then processed and analyzed using machine learning algorithms to detect patterns indicative of ransomware activity.

Key Features

  • Real-Time Monitoring: eBPF programs are attached to tracepoints, kprobes, and uprobes within the Linux kernel and user-space applications, enabling real-time detection of ransomware activities.
  • Low Overhead: eBPF provides a lightweight mechanism for extending kernel capabilities without the need for additional kernel modules or modifications.
  • Machine Learning Integration: The system uses supervised machine learning to classify events and detect ransomware based on patterns in the monitored data.
  • Open Source: The codebase is open-source, promoting transparency, collaboration, and further development by the security community.

Contributing

To foster progress in the field of ransomware detection, collaboration and knowledge sharing within the research community are essential. Encouraging open collaboration, sharing of datasets, methodologies, and findings will enable researchers to collectively combat the growing threat of ransomware attacks. By fostering collaboration, we can pool resources and expertise to develop more advanced and robust ransomware detection techniques, ultimately enhancing the overall security posture against this persistent threat.

If you are forking this project for your own uses, please consider creating a Pull Request with your changes.

There are some open (un-assigned) issues created that would be good for new comers and people who would like to contribute to the project.

License

The MIT License (MIT). Please see License File for more information.

About

Ransomware Detection using Machine Learning with eBPF for Linux.

ebpfangel.philippart.me/

Topics

linux detection malware ransomware ebpf soc bpf ransomware-detection

Resources

Readme

License

MIT license
Activity

Stars

39 stars

Watchers

3 watching

Forks

8 forks
Report repository

Releases

1 tags

Packages

No packages published

Contributors 2

Languages