├── .github └── workflows │ └── ci.yml ├── LICENSE ├── README.md ├── data ├── analysis.png ├── features.joblib ├── model.joblib ├── results.png ├── scaler.joblib ├── testing_data.csv ├── testing_labels.csv ├── training_data.csv └── training_labels.csv ├── detector ├── README.md ├── bpf.c ├── bpf.h └── detector.py ├── docs ├── CNAME ├── Ransomware_Detection_using_Machine_Learning_with_eBPF.pdf ├── assets │ ├── ebpfangel-bee-logo.png │ ├── ebpfangel-logo-black.png │ └── ebpfangel-logo-white.png ├── detector.md ├── ebpfangel-presentation.pdf ├── index.md ├── machinelearning.md ├── paper.md ├── simulator.md ├── slides.md └── stylesheets │ └── extra.css ├── logs ├── testing │ ├── 1_benignlog.csv │ ├── 2_revilog1.csv │ ├── 3_log0.csv │ ├── 90_Avoslocker2.csv │ ├── 91_Avoslocker3.csv │ ├── 92_Benign2.csv │ ├── 93_BlackMatter.csv │ ├── 94_HelloKitty.csv │ ├── 95_IceFire.csv │ ├── 96_Monti.csv │ └── 97_REvil2.csv └── training │ ├── 1_blackmatterlog.csv │ ├── 2_log2.csv │ ├── 3_revilog2.csv │ ├── 4_log.csv │ ├── 5_log4.csv │ ├── 6_revilog.csv │ ├── 7_log3.csv │ ├── 8_iFire.csv │ ├── 90_Avoslocker0.csv │ ├── 91_Avoslocker1.csv │ ├── 92_Benign0.csv │ ├── 93_Benign1.csv │ ├── 94_cl0p.csv │ ├── 95_REvil0.csv │ └── 96_REvil1.csv ├── machinelearning ├── README.md ├── dataprep.py ├── model.py └── requirements.txt ├── mkdocs.yml └── simulator ├── README.md ├── encrypt.py ├── requirements.txt ├── simulator.py └── temp.py /.github/workflows/ci.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/.github/workflows/ci.yml -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/README.md -------------------------------------------------------------------------------- /data/analysis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/data/analysis.png -------------------------------------------------------------------------------- /data/features.joblib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/data/features.joblib -------------------------------------------------------------------------------- /data/model.joblib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/data/model.joblib -------------------------------------------------------------------------------- /data/results.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/data/results.png -------------------------------------------------------------------------------- /data/scaler.joblib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/data/scaler.joblib -------------------------------------------------------------------------------- /data/testing_data.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/data/testing_data.csv -------------------------------------------------------------------------------- /data/testing_labels.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/data/testing_labels.csv -------------------------------------------------------------------------------- /data/training_data.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/data/training_data.csv -------------------------------------------------------------------------------- /data/training_labels.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/data/training_labels.csv -------------------------------------------------------------------------------- /detector/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/detector/README.md -------------------------------------------------------------------------------- /detector/bpf.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/detector/bpf.c -------------------------------------------------------------------------------- /detector/bpf.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/detector/bpf.h -------------------------------------------------------------------------------- /detector/detector.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/detector/detector.py -------------------------------------------------------------------------------- /docs/CNAME: -------------------------------------------------------------------------------- 1 | ebpfangel.philippart.me -------------------------------------------------------------------------------- /docs/Ransomware_Detection_using_Machine_Learning_with_eBPF.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/docs/Ransomware_Detection_using_Machine_Learning_with_eBPF.pdf -------------------------------------------------------------------------------- /docs/assets/ebpfangel-bee-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/docs/assets/ebpfangel-bee-logo.png -------------------------------------------------------------------------------- /docs/assets/ebpfangel-logo-black.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/docs/assets/ebpfangel-logo-black.png -------------------------------------------------------------------------------- /docs/assets/ebpfangel-logo-white.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/docs/assets/ebpfangel-logo-white.png -------------------------------------------------------------------------------- /docs/detector.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/docs/detector.md -------------------------------------------------------------------------------- /docs/ebpfangel-presentation.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/docs/ebpfangel-presentation.pdf -------------------------------------------------------------------------------- /docs/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/docs/index.md -------------------------------------------------------------------------------- /docs/machinelearning.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/docs/machinelearning.md -------------------------------------------------------------------------------- /docs/paper.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/docs/paper.md -------------------------------------------------------------------------------- /docs/simulator.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/docs/simulator.md -------------------------------------------------------------------------------- /docs/slides.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/docs/slides.md -------------------------------------------------------------------------------- /docs/stylesheets/extra.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/docs/stylesheets/extra.css -------------------------------------------------------------------------------- /logs/testing/1_benignlog.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/testing/1_benignlog.csv -------------------------------------------------------------------------------- /logs/testing/2_revilog1.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/testing/2_revilog1.csv -------------------------------------------------------------------------------- /logs/testing/3_log0.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/testing/3_log0.csv -------------------------------------------------------------------------------- /logs/testing/90_Avoslocker2.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/testing/90_Avoslocker2.csv -------------------------------------------------------------------------------- /logs/testing/91_Avoslocker3.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/testing/91_Avoslocker3.csv -------------------------------------------------------------------------------- /logs/testing/92_Benign2.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/testing/92_Benign2.csv -------------------------------------------------------------------------------- /logs/testing/93_BlackMatter.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/testing/93_BlackMatter.csv -------------------------------------------------------------------------------- /logs/testing/94_HelloKitty.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/testing/94_HelloKitty.csv -------------------------------------------------------------------------------- /logs/testing/95_IceFire.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/testing/95_IceFire.csv -------------------------------------------------------------------------------- /logs/testing/96_Monti.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/testing/96_Monti.csv -------------------------------------------------------------------------------- /logs/testing/97_REvil2.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/testing/97_REvil2.csv -------------------------------------------------------------------------------- /logs/training/1_blackmatterlog.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/training/1_blackmatterlog.csv -------------------------------------------------------------------------------- /logs/training/2_log2.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/training/2_log2.csv -------------------------------------------------------------------------------- /logs/training/3_revilog2.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/training/3_revilog2.csv -------------------------------------------------------------------------------- /logs/training/4_log.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/training/4_log.csv -------------------------------------------------------------------------------- /logs/training/5_log4.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/training/5_log4.csv -------------------------------------------------------------------------------- /logs/training/6_revilog.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/training/6_revilog.csv -------------------------------------------------------------------------------- /logs/training/7_log3.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/training/7_log3.csv -------------------------------------------------------------------------------- /logs/training/8_iFire.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/training/8_iFire.csv -------------------------------------------------------------------------------- /logs/training/90_Avoslocker0.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/training/90_Avoslocker0.csv -------------------------------------------------------------------------------- /logs/training/91_Avoslocker1.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/training/91_Avoslocker1.csv -------------------------------------------------------------------------------- /logs/training/92_Benign0.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/training/92_Benign0.csv -------------------------------------------------------------------------------- /logs/training/93_Benign1.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/training/93_Benign1.csv -------------------------------------------------------------------------------- /logs/training/94_cl0p.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/training/94_cl0p.csv -------------------------------------------------------------------------------- /logs/training/95_REvil0.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/training/95_REvil0.csv -------------------------------------------------------------------------------- /logs/training/96_REvil1.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/logs/training/96_REvil1.csv -------------------------------------------------------------------------------- /machinelearning/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/machinelearning/README.md -------------------------------------------------------------------------------- /machinelearning/dataprep.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/machinelearning/dataprep.py -------------------------------------------------------------------------------- /machinelearning/model.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/machinelearning/model.py -------------------------------------------------------------------------------- /machinelearning/requirements.txt: -------------------------------------------------------------------------------- 1 | pandas~=2.0.1 2 | scikit-learn~=1.2.2 3 | matplotlib~=3.7.1 4 | -------------------------------------------------------------------------------- /mkdocs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/mkdocs.yml -------------------------------------------------------------------------------- /simulator/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/simulator/README.md -------------------------------------------------------------------------------- /simulator/encrypt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/simulator/encrypt.py -------------------------------------------------------------------------------- /simulator/requirements.txt: -------------------------------------------------------------------------------- 1 | pyAesCrypt~=6.0.0 -------------------------------------------------------------------------------- /simulator/simulator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/simulator/simulator.py -------------------------------------------------------------------------------- /simulator/temp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomasPhilippart/ebpfangel/HEAD/simulator/temp.py --------------------------------------------------------------------------------