Anti Ghost

Project Title

Anti Ghost

Project Area of Specialization Cyber SecurityProject Summary

Owing to the rapid increase of malicious activity over the internet, new forms of malware (i.e. malicious code) are developed roughly every other day. One of the relatively-newer types of malicious threats that exist over the internet are file-less malwares; that are fundamentally your typical malware, however, unlike most malware they do not have files stored on to the system or even require persistence (in some cases).

Anti-Ghost is aimed at the detection of the aforementioned malware. Previous studies with respect to the detection of File-less malware have been conducted by numerous researchers over the past few years, starting back in 2012. Anti-Ghost is aimed at the detection of the aforementioned malware. Previous studies with respect to the detection of File-less malware have been conducted by numerous researchers over the past few years, starting back in 2012. Said studies have been aimed at an understanding of what file-less malwares are, what attack vectors the category of malwares implement and how can they be prevented and detected before the damge is done. This project is similarly aimed at the detection of file-less malware based on behavioral analysis with primary focus towards a particular attack vector. Ultimately, we discuss the feasibility of a a tool for the analysis of malware in order to answer one question; “How do file-less malware behave and how can they be detected?”. These widely used solutions come with some critical shortcomings. A number of anti-malware programs exist that are aimed at prevention of malicious activity; however, we also observe that most of them are unable to detect malware of the file-less nature. In that respect, anti-ghost:

1. Can be used to detect malicious activity based on file-less attack vectors
2. It is indigenous to the Pakistani locale
3. Not many anti-malware solutions provide defense against file-less malware

Therefore, a complete indigenous solution was required to counter this increasingly growing issue with highly resilient file-less malware. This intrigued us to come up with Anti-Ghost, an indigenous software solution that detects malicious activity based on file-less malware. It would help common users, government organizations, corporate sector and financial organizations to maintain their system’s security and prevent activity.

Anti-Ghost has the following aspects and capabilities:

1. It is an indigenous solution thereby solving trust issues linked with foreign software
2. It is capable of detection of various forms of file-less malware
3. It is designed to work on the windows platform
4. The software uses dynamic detection methods that are more efficient as compared to static methods that are implemented by most similar software solutions

Project Objectives

1. Designing of a complete, efficient and scalable indigenous anti-malware solution that makes use of dynamic memory analytics to detect file-less malware.
2. The proposed solution is objected to address the increasingly growing malware threats.
3. The project, Anti-Ghost, will open newer avenues of research and innovation along with a drive towards developing indigenous solutions. It can further be modified to build a National level anti-malware solution.

Project Implementation Method

The client, that requires security from malware, installs the Anti-Ghost software on his or her windows-based computer system. He then installs and activates it by entering the license key that is registered to his/her name, thus starting up anti-malware services on their devices.

The Anti-Ghost system runs automatically in the background which starts to monitor real-time system activity which includes system calls, file system activity, registry activity as well as API calls. This behavior is further checked against a set of pre-defined rules that are made against a machine learning model developed using a massive dataset that contains both malicious as well as benign file samples.

The aforementioned set of rules are generated using reports that have been generated using live malware samples, that helps ascertain whether or not the behavior displayed by the system is malicious. In that respect, each rule is assigned a severity indicator based on the amount of malicious activity. This malicious activity is guided by a threshold that dictates whether or not a process is malicious based on defining rules.

Benefits of the Project

1. Anti-Ghost would detect malware, particularly file-less malware and prevent malware activity.
2. It would help people of any field, be it corporate fields or personal computers to secure their computer systems from malware.
3. Provide business executives with security against malware activity on the corporate level aimed at extortion of organizations based on ransomware.
4. Anti-Ghost would further aid in maintaining system security by blocking thousands of malwares.

Technical Details of Final Deliverable

To develop an indigenous anti-malware solution, we've made use of:

Software

1. Windows 10
2. Ubuntu
3. Cuckoo 
4. Jupyter Notebook
5. PyCharm 2019
6. VMware
7. Memoryze Memory Forensics
8. PyQT

Hardware 

1.  High Core CPU (Ryzen 5 2600x)
2. Graphical Processing Units (GTX 1050ti)

Storage

1. SSD Storage (2x 500GB)

Final Deliverable of the Project Software SystemCore Industry SecurityOther Industries Education , IT Core Technology OthersOther TechnologiesSustainable Development Goals Industry, Innovation and InfrastructureRequired Resources

Item Name	Type	No. of Units	Per Unit Cost (in Rs)	Total (in Rs)
			Total in (Rs)	76250
GPU (GTX 1050ti)	Equipment	1	25000	25000
SSD (Samsung EVO 860)	Equipment	2	9500	19000
CPU (Ryzen 5 2600x)	Equipment	1	25000	25000
Printing of Anti-Ghost Shirts	Miscellaneous	2	600	1200
Printing of Standee	Miscellaneous	1	800	800
Memory Forensics Course (Online purchase through Udemy)	Miscellaneous	1	2000	2000
Brochures	Miscellaneous	50	50	2500
Contact Cards	Miscellaneous	50	15	750