Skip to content
/ rootkit_detector Public

A tool for training models to detect rootkits hiding CPU-intensive processes.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

derailment/rootkit_detector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
demo
demo
 
 
visualization
visualization
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
collect.py
collect.py
 
 
detect.py
detect.py
 
 
train.py
train.py
 
 

Repository files navigation

rootkit_detector

A tool for training models to detect rootkits hiding CPU-intensive processes.

Prepare virtual environment

python3 -m venv .
bin/activate

Collect data to store in training_data.csv

You should prepare both normal data (CPU idling and high-CPU-consumption process running) and abnormal data (high-CPU-consumption process running with rootkit).

python3 collect.py

Train a Random Forest model using the data from training_data.csv

python3 train.py

Detect anomalies to identify the presence of rootkits in the OS by rootkit_detector.pkl model

python3 detect.py

Visualization

  • Feature Scatter Plot
python3 visualization/gen_feature_scatter_plot.py

  • Decision Boundary Map
python3 visualization/gen_decision_boundary.py

  • Real-time Detection Timeline
python3 visualization/gen_realtime_detection.py

About

A tool for training models to detect rootkits hiding CPU-intensive processes.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages