luda
URL analyzer
Develops real-time URL-based malware detection system using regexes and clustering
Malicious actors often reuse code to deploy their malware, phishing website or CNC server. As a result, similiaries can be found on URLs path by inspecting internet traffic. Moreover, deep learning models or even regular ML model do not fit for inline deployment in terms of running performance. However, regexes ( or YARA rules ) can be deployed on a proxy and work in real time on all the traffic. LUDA can take a set of malicious and benign URLs and return a list of regexes ready to be deployed inline !
74 stars
11 watching
16 forks
Language: Python
last commit: about 1 year ago akamaiclusteringmachine-learningmalicious-url-detectionpythonregex
Related projects:
| Repository | Description | Stars |
|---|---|---|
 telekom-security/malware_analysis | An analysis repository providing scripts, signatures, and IOCs for detecting and analyzing malware. | 110 |
 uppusaikiran/generic-parser | Analyzes malware files to detect suspicious behavior by extracting meta information and features. | 1 |
 michelcrypt4d4mus/yaralyzer | Analyzes binary and text data for YARA and regex matches, visualizes results with colors, and attempts to decode matched regions | 107 |
| uppusaikiran/yara-finder | Tools to detect and analyze malware using Yara rules | 1 |
 malice-plugins/yara | A plugin that enables malware analysis using the YARA ruleset | 30 |
 securitymagic/yara | A collection of YARA rules for detecting malware and suspicious activity in various environments. | 11 |
 vectrathreatlab/reyara | A set of Yara rules designed to simplify the process of reverse engineering malware by providing pre-defined patterns and signatures. | 19 |
 uqcyber/coldpress | Automates malware analysis workflow by extracting features and indicators of compromise from malicious files using various tools and libraries. | 16 |
 rjzak/decompressingyara | A tool for decompressing malware samples and running Yara rules against them. | 7 |
 sophos/yaraml_rules | Automatically generates Yara rules from machine learning models trained on malware and benign data | 211 |
 hestat/lw-yara | A Yara ruleset and scanner tool for detecting webserver malware on Linux servers. | 102 |
 momenbasel/liffier | Automatically appends dot-dot-slash to URLs to test for path traversal vulnerabilities. | 8 |
 airbnb/binaryalert | Real-time malware detection and alert system for AWS S3 files | 1,409 |
 davisjam/vuln-regex-detector | Detects vulnerable regexes in source code to prevent catastrophic backtracking and other security issues. | 320 |
 neo23x0/rules | A centralized repository of Yara rules for detecting malware and other malicious activities. | 10 |