Skip to content
/ MalwareMind Public

This project is an implement of a paper about adversarial example and malware detector, we train a CNN model to detect if a pe-file is a malware or benign-ware. We also create a user interface for testing, which allow us to upload files and it will show the detected results.

malware-mind.vercel.app
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

DarriusChen/MalwareMind

BranchesTags

Repository files navigation

image

MalwareMind: CNN Malware Detector

Overview

MalwareMind is an advanced malware detection system leveraging Convolutional Neural Networks (CNNs) to identify and classify malware from binary executables. The project offers a seamless user interface for uploading files, visualizing detection results, and managing analysis pipelines. With modularity and scalability in mind, MalwareMind aims to facilitate secure and efficient malware analysis.

Please note that this project temporarily supports only .exe files for better accuracy.

Features

  • CNN-based Malware Detection: Utilize a pre-trained CNN model for accurate malware classification.

  • File Upload System: Easy drag-and-drop interface for uploading files.

  • Real-time Results Visualization: Interactive dashboard to display detection results.

  • Dockerized Deployment: Simplified setup using Docker Compose for both backend and frontend.

  • Scalability: Modular codebase supporting future enhancements.

Architecture

The project consists of the following components:

  1. Backend

    • FastAPI: RESTful API to handle file uploads, process data, and return detection results.
    • Model Inference: The CNN model performs predictions on binary data converted into image format.
    • MongoDB: Manages uploaded files and their detection results.

  2. Frontend:

    • Vue.js: Provides a responsive and user-friendly interface for file uploads and result visualization.

  3. Docker:

    • Docker Compose (Backend & Database): The backend and database services are managed using Docker Compose for easy deployment.
    • Frontend (Standalone Service): Due to Vue.js build issues (rollup/rollup-linux-arm64-musl), the frontend service needs to be started separately.

Prerequisites

Ensure that you have the following installed:

Installation

Setup

  1. Clone the repository: 
    git clone https://github.com/DarriusChen/MalwareMind.git
cd MalwareMind
  2. Modify environment variables (if necessary)

    • CORS (Support origin host)

      Editmd-server/.env:

      FRONT_END_IP=[your-frontend-localhost]:5173 (ex: `localhost:5173`)

    • API base url

      Editmalwaremind-vue/.env:

      VITE_API_URL=http://md-server:8000
  3. Access the application:

Start the service

The start_service.sh script ensures that:

  • If the frontend image (md-ui) does not exist, it will build it.
  • The frontend (md-ui) runs separately from docker-compose.yml.
  • The backend (FastAPI) and database (MongoDB) are launched using docker-compose.yml.

Run:

# under project root directory
sudo bash start_service.sh

Usage

  1. Upload Files:
    • Drag and drop your binary executable files onto the upload area.
    • Alternatively, use the API endpoint for bulk uploads.
  2. Detection Results:
    • After upload, the system processes the files and displays the classification results on the dashboard.
  3. Multiple File
    • The system supports multiple file uploads in one go, enhancing efficiency.

Development Workflow

Modify Backend:

  • FastAPI: Update main.py to customize API endpoints. (Currently using RESTful API framework for handling file uploads and managing the CNN detection process.)
  • CNN Model: Adjust the CNN model in module.py as needed. (Currently using default pre-trained Convolutional Neural Network for malware detection.)

Enhance Frontend:

  • Update Vue components in the frontend/ directory to improve UI/UX.backend API.

File Structure Overview

MalwareMind/
├── malwaremind-vue/       # Vue.js frontend source code
│   ├── src/
│   ├── public/
│   └── Dockerfile
│
├── md-server/
│   ├── src/ 
├───├───├──main.py         # Main application entry point
├──–├──–├──fixed_model.hs  # Pre-trained CNN model       
│   ├── ...
│   └── Dockerfile
├── docker-compose.yaml    # Docker compose configuration
├── render.yaml            # Deployment configuration of render (still testing)
└── README.md              # Project documentation

Future Improvements

  • Enhanced Model Training: Improving the accuracy of the CNN model by incorporating more data and fine-tuning the model.
  • Additional File Formats: Extending the system to support a wider range of file formats for detection.
  • User Feedback System: Adding functionality for users to provide feedback on detection results, potentially improving the model through retraining.
  • Dynamic Threat Analysis: Integration with real-time threat intelligence feeds.
  • Enhanced Visualization: Advanced data visualization for detection patterns.
  • Cloud Integration: Deploy the system on cloud platforms for scalability.

Contributions

Contributions are welcome! Please follow the standard GitHub workflow:

  1. Fork the repository.
  2. Create a new branch (feature/new-feature).
  3. Commit changes and push to your branch.
  4. Submit a pull request for review.

Contact

For inquiries, please contact:

About

This project is an implement of a paper about adversarial example and malware detector, we train a CNN model to detect if a pe-file is a malware or benign-ware. We also create a user interface for testing, which allow us to upload files and it will show the detected results.

malware-mind.vercel.app

Topics

malware-detection cnn-classification

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages