GitHub - viracall/linuxavlol: A consolidated project cosisting of "readelf" program and a python script of ripperK algorithm wrapped in a shell script that reads a ELF file as input and detects whether it is a malicious file or not.

viracall / linuxavlol Public

Notifications You must be signed in to change notification settings
Fork 0
Star 1

A consolidated project cosisting of "readelf" program and a python script of ripperK algorithm wrapped in a shell script that reads a ELF file as input and detects whether it is a malicious file or not.

1 star 0 forks Branches Tags Activity

Star

Notifications

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
DATM		DATM
MDS		MDS
README		README

Repository files navigation

Project - "Malware Detection On Linux Systems Using Structural Analysis of ELF (executable-linkable-file) and Classification Algorithm"

WARNING !!! - The directory MDS contains actual MALWARE file that can cause system FAILURE. DO NOT EXECUTE the file names starting with "VirusShare_...". These files are only to be used as parameters in the program "LimDS.sh"

Contents:-
1. DATM (directory)
2. MDS (directory)
3. README

Description:-

1. DATM (directory) - Datasets and Trained Model

Contents:-

a. attribs.txt: This file contains the attributes/parameters of an ELF file used for the learning process.

b. trset.text: This file contains the training dataset that has been extracted from ELF files (malware and benign) in order of attributes specified in attribs.txt.

c. testset.txt: This file contains the test dataset that has been extracted from ELF files (malware and benign) in order of attributes specified in attribs.txt.

d. result1.txt: This file contains the classification results and accuracy tested on the training dataset(b).

e. result2.txt: This file contains the classification results and accuracy tested on the testing dataset(c).

f. ripperk.py: The implementation of Ripperk rule-based algorithm as apython program taken from the source-
https://github.com/azampagl/ai-ml-ripperk

g. model.dat: A machine readable .dat file that has been generated by the algorithm(f) on the training set(b).

h. reader.c: A program based on "readelf" system program of Linux bin-utils, which extracts the data from the ELF header.

2. MDS (directory) - Malware Detection System

Contents:-

a. LimDS.sh: (Linux malware Detection System) This is Linux bash script that takes an ELF file as input and checks whether the file is a malware or a non-malware based on the rules in model.dat 1(g).

b. Malware files for testing: VirusShare_ff0425f68b35aae3e0dbcd7693d09940
VirusShare_ff061e942731bc4dbca5bbff8da7f5d1
VirusShare_ffb00447d40b0ae015752dd484d09de8
VirusShare_ffb437621f3249c647c88350e068fd07
VirusShare_ffc7be26912b5aca63e55dc7c830f28a

c. non-malware file: date
(any general linux system binary could be used

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

About

Releases

Packages

Languages

viracall/linuxavlol

Folders and files

Latest commit

History

Repository files navigation

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages