v0.2.0 - Initial Public Release
π First Release: upxelfdet
A machine learning-based detector for UPX-packed ELF malware using n-gram feature extraction and SVM classification.
β¨ Features
- ELF Binary Analysis: Extracts features from specific sections of ELF files
- N-gram Vectorization: Converts binary features into numeric vectors with configurable n-gram sizes
- SVM Classification: Trains and evaluates Support Vector Machine models
- CLI Interface: Command-line tools for training, evaluation, and prediction
- Python API: Programmatic access to detector functionality
- Flexible Configuration: JSON-based configuration for easy experimentation
- Structured Logging: Comprehensive logging with both human-readable and JSON formats
π¦ What's Included
- Complete source code with modular architecture
- CLI commands:
upxelfdet train/evaluate/predict - Example usage script with detailed comments
- Sample data for demonstration
- Comprehensive documentation
- Unit tests
π Quick Start
# Install
git clone https://github.com/bolin8017/upxelfdet.git
cd upxelfdet
pip install -e .
# Train model
upxelfdet train --config config.example.json
# Evaluate model
upxelfdet evaluate --config config.example.json
# Make predictions
upxelfdet predict --config config.example.jsonπ Documentation
See README.md for detailed documentation, API reference, and examples.
π Security Notice
This tool is intended for security research and educational purposes only. Handle malware samples with extreme caution.
π License
MIT License - see LICENSE for details.