Skip to content

electrum21/MALLEVEL

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,200 Commits
agent
agent
 
 
config
config
 
 
lib
lib
 
 
mdml_files
mdml_files
 
 
officeml_files
officeml_files
 
 
pdfml_files
pdfml_files
 
 
resources
resources
 
 
signature-base-external
signature-base-external
 
 
signature-base
signature-base
 
 
static/img
static/img
 
 
templates
templates
 
 
urlml_files
urlml_files
 
 
MALLEVEL Report.docx
MALLEVEL Report.docx
 
 
README.md
README.md
 
 
api_key_generator.py
api_key_generator.py
 
 
constants.py
constants.py
 
 
fetch_malwarebazaar_signatures.py
fetch_malwarebazaar_signatures.py
 
 
fetch_otx_signatures.py
fetch_otx_signatures.py
 
 
fetch_phishtank_urls.py
fetch_phishtank_urls.py
 
 
general_functions.py
general_functions.py
 
 
heuristics.py
heuristics.py
 
 
initialize_signatures.py
initialize_signatures.py
 
 
loki.py
loki.py
 
 
loki_objects.py
loki_objects.py
 
 
mallevel_readme.md
mallevel_readme.md
 
 
mallevel_server.py
mallevel_server.py
 
 
mdml.ipynb
mdml.ipynb
 
 
mdml.py
mdml.py
 
 
mongodb_crud.py
mongodb_crud.py
 
 
mongodb_init.py
mongodb_init.py
 
 
officeml.py
officeml.py
 
 
pdfml.py
pdfml.py
 
 
python3.8.3-requirements.txt
python3.8.3-requirements.txt
 
 
remote_logging.py
remote_logging.py
 
 
splunk_logger.py
splunk_logger.py
 
 
urlml.py
urlml.py
 
 
user.py
user.py
 
 

Repository files navigation

MALLEVEL

MALLEVEL is an integrated anti-malware agent-server solution developed to provide enhanced security for Windows endpoints using a combination of signature-based detection and machine-learning analysis, based off the repositories Loki and MDML (no longer available).

Project Objective

The primary goal of this project was to research and develop an open-source security solution capable of detecting malicious Portable Executables (PEs), PDFs, and Office Documents through both traditional indicators of compromise (IOCs) and advanced machine-learning models.

Core Features

Agent-Server Architecture:
Features a Python-based agent that monitors endpoint directories and automatically uploads new files to a centralized Flask-based server for scanning, which can be deployed in an enterprise environment.

Centralized Management Web UI:
A user-friendly web interface for administrators to monitor scan results, manage user authentication, and update malware signatures.

Advanced File Handling:
Support for automated extraction and scanning of compressed archives (e.g., .zip, .7z, .gz).

Hybrid Detection Engine:
Combines signature-based scanning (utilizing ~710,000 IOCs from platforms like MalwareBazaar and AlienVault) with an integrated XGBoost machine-learning model for predicting zero-day threats.

Incident Response Tools:
Includes a built-in file quarantine system allowing for the isolation, restoration, or permanent deletion of detected threats.

Real-time Analytics:
Allows for integration with Splunk via HTTP Event Collector (HEC) for live event analysis and visual dashboards of scanning operations.

System Architecture

Agent: Runs as a Windows service, monitors local directories, and communicates with the server via authenticated API keys.
Server: Receives files, performs signature/heuristic/ML analysis, and logs results to MongoDB and Splunk.
Heuristics: Performs static analysis (e.g., entropy checks and anti-debugging detection) to identify suspicious file properties.

For a detailed report of the project, from ideation to the final product, refer here
If you would like to try out this project, click here (Compact Version of Original Project)

About

MALLEVEL is an integrated anti-malware agent-server solution developed to provide enhanced security for Windows endpoints using a combination of signature-based detection and machine-learning analysis

mallevel-minimalised.onrender.com/

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages