A kernel module for monitoring system processes and detecting anomalies as potential malware threats based on CPU and memory usage.
Note: Installation instructions to be updated as progress is made on the project
- Clone repo into a local project directory
- Open a bash terminal and follow the following commands to install linux headers:
sudo apt update sudo apt install gcc sudo apt install linux-headers-$(uname -r) sudo apt install make
c_cpp_properties.json file has been included for use in VSCode IDE. If you are not using Code for development, delete this directory. If using Code, in a Bash shell enter the command 'uname -r' after installing the above packages. Copy the result and replace the (uname -r) portions of the json file with the value.
# Navigate to the directory you cloned the module into
cd ~/module_dir_path
# Compile the kernel module
make
# Load module (insure the ko file was generated after the make build first)
sudo insmod kernel_module.ko
# Check to see if the module loaded
lsmod | grep kernel_module
# Open and view module logs in real time
sudo dmesg -w | grep "ANOMALY MONITOR"
# Unload module
sudo rmmod kernel_module
# Check last log to ensure the module unloaded
sudo dmesg | tail -1
lsmod | grep kernel_module
This will serve as a static guide of the project roadmap. GitHub issues will be created to manage each milestone.
- Set Up the Development Environment and Kernel Module Skeleton
- Implement Process Monitoring
- Add Anomaly Detection Logic (Using dynamic historical statistics)
- Improve Logging and Report Generation
- Testing and Threshold Adjustment
- Set Up Basic Machine Learning Model in User Space (C++/Rust/Python)
- Integrate User Space Model with Monitoring as a second level
- Set Up Kernel-ML model in Kernel Space (Experimental)
- Integrate first level anomoly detection, to kernel-ml, to user space model
- Extensive Testing and ML Benchmarking
- Steven Quintana
- Mason Wilson IV