Skip to content

vuvic/AI-Malware-Detection

BranchesTags
 
 

Repository files navigation

AI Malware Detection

Real-time malware classification powered by machine learning — trained on 1M+ Windows PE files

Python FastAPI LightGBM License

Overview

AI Malware Detection is a full-stack application that scans Windows executables (.exe / .dll) and classifies them as benign or malicious using a model trained on the EMBER dataset (1 million+ real-world PE files). The system extracts 2,381 PE characteristics via the LIEF library, runs them through a LightGBM binary classifier, and returns a confidence-scored verdict in 2-3 seconds.

Benign Result Malware Result
GREEN RED
Confidence score + SHA-256 hash Confidence score + SHA-256 hash

Features

  • ML-Powered Classification — EMBER-trained LightGBM model extracting 2,381 PE features via LIEF
  • Modern Glassmorphic UI — animated interface with color-coded results (green = safe, red = malware)
  • FastAPI Backend — lightweight Python API with /scan and /health endpoints
  • Confidence Scoring — 0-100 % confidence on every scan with SHA-256 hash and file size
  • CI/CD Pipeline — GitHub Actions testing across Python 3.9, 3.10, 3.11 with flake8 linting

Tech Stack

Layer Technology
Backend Python 3.9+, FastAPI, Uvicorn
ML Model LightGBM, EMBER dataset, LIEF, scikit-learn
Frontend HTML5, CSS3 (glassmorphism + animations), JavaScript ES6+
CI/CD GitHub Actions
Deep Learning (backup) TensorFlow, MalConv neural network

Project Structure

AI-Malware-Detection/
├── app.py                      # FastAPI backend — scan endpoint + EMBER model loading
├── ui/
│   ├── index.html              # Web interface
│   ├── app.js                  # Upload logic & result rendering
│   └── styles.css              # Glassmorphic animations & theming
├── ember/                      # EMBER feature extraction module
├── malconv/                    # MalConv neural network model (backup)
├── scripts/                    # Utility scripts
├── start.sh                    # Launch backend + frontend servers
├── stop.sh                     # Graceful shutdown
├── requirements.txt            # Python dependencies
├── .github/workflows/          # CI pipeline (lint + test)
└── licenses/                   # MIT + AGPL-3.0

Getting Started

Prerequisites

  • Python 3.9, 3.10, or 3.11
  • pip

Installation

git clone https://github.com/vuvic/AI-Malware-Detection.git
cd AI-Malware-Detection
pip install -r requirements.txt

Run

bash start.sh
Service URL
Backend API http://localhost:8000
Web UI http://localhost:8080 
# Stop everything
bash stop.sh

API Reference

POST /scan

Upload a PE file for classification.

// Response
{
  "filename": "test.exe",
  "verdict": "BENIGN",        // or "MALWARE"
  "confidence": 95.5,
  "sha256": "abc123...",
  "file_size_kb": 48.83,
  "message": "This file appears safe"
}

GET /health

{ "status": "healthy", "service": "AI Malware Scanner", "version": "1.0.0" }

Performance

Metric Value
Scan Speed 2-3 s per file
Startup Memory ~200 MB
CPU During Scan ~5-10 %
Supported Formats .exe, .dll (Windows PE)
Max Upload Size 100 MB

Future Enhancements

  • Scan history database
  • User authentication
  • Analytics dashboard
  • Docker containerization
  • Batch scanning API

References

Author

Aman ImranGitHub · LinkedIn · Portfolio

B.S. Software Engineering — San Jose State University

Dual licensed under MIT and AGPL-3.0 — see licenses/

About

No description, website, or topics provided.

Resources

Readme

License

View license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • Jupyter Notebook 71.5%
  • Python 20.9%
  • CSS 3.5%
  • JavaScript 2.9%
  • HTML 0.6%
  • Shell 0.4%
  • Dockerfile 0.2%