New ask Hacker News story: Xray: A full-behavior-chain anti-malware system built in Go by a student
Xray: A full-behavior-chain anti-malware system built in Go by a student
2 by tangtian | 0 comments on Hacker News.
Hi HN, I'm Tang Tian, a first-year economics student from a non-CS background, currently self-learning Go, OS concepts, and cybersecurity. Over the past weeks, I built Xray, an anti-malware and behavior tracing system from scratch, entirely in Go. Xray compares your current system with a reference ISO, monitors real-time filesystem and process activity, detects suspicious behavior, automatically eliminates threats, and outputs a full behavior graph as a .dot file (Graphviz-ready). Highlights: Behavior chain detection (not signature-based) Monitors full system with fsnotify + process tracing Compares live system to boot ISO for anomaly detection Auto-kills malicious behaviors in real time Outputs behavior chain in .dot format (JSON/LOG planned) Lightweight: compiled binary is only ~3MB Written completely from scratch by a solo student GitHub: https://ift.tt/A5DcREX There’s also a screenshot folder showing how it runs, and a personal note in the README. This is open-source with a permissive license (MIT-style). Feel free to fork and build your own version—just please keep a credit line in the README: “First version by Xia Lixia.” I hope someone finds this useful or fun to hack on. Feedback is welcome, and thank you for reading!
2 by tangtian | 0 comments on Hacker News.
Hi HN, I'm Tang Tian, a first-year economics student from a non-CS background, currently self-learning Go, OS concepts, and cybersecurity. Over the past weeks, I built Xray, an anti-malware and behavior tracing system from scratch, entirely in Go. Xray compares your current system with a reference ISO, monitors real-time filesystem and process activity, detects suspicious behavior, automatically eliminates threats, and outputs a full behavior graph as a .dot file (Graphviz-ready). Highlights: Behavior chain detection (not signature-based) Monitors full system with fsnotify + process tracing Compares live system to boot ISO for anomaly detection Auto-kills malicious behaviors in real time Outputs behavior chain in .dot format (JSON/LOG planned) Lightweight: compiled binary is only ~3MB Written completely from scratch by a solo student GitHub: https://ift.tt/A5DcREX There’s also a screenshot folder showing how it runs, and a personal note in the README. This is open-source with a permissive license (MIT-style). Feel free to fork and build your own version—just please keep a credit line in the README: “First version by Xia Lixia.” I hope someone finds this useful or fun to hack on. Feedback is welcome, and thank you for reading!
Comments
Post a Comment