Apoorva-Nayak07/AI-Malware-Detection-System

# 🛡️ AI Malware Detection & Threat Analysis System ## 🎯 Overview The **AI Malware Detection & Threat Analysis System** is an enterprise-grade cybersecurity platform that leverages machine learning to detect, analyze, and predict malware threats in real-time. Built with modern technologies and inspired by industry-leading security platforms, it provides comprehensive threat intelligence and security analytics. ## Screenshots ### Landing page  ### Register Page  ### Security Dashboard  ### Scanner Section  ### Threat  ### Anamoly Detection  ### Analytics  ### Settings  ### Key Capabilities - 🤖 **AI-Powered Malware Classification** - Random Forest, XGBoost, and Deep Learning models - 🔍 **Anomaly Detection Engine** - Isolation Forest for behavioral analysis - 📊 **Threat Prediction System** - Predictive analytics for future threats - 🎯 **Real-Time Monitoring** - Live threat detection and alerts via WebSockets - 📈 **Security Analytics Dashboard** - Interactive visualizations and insights - 🔐 **Enterprise Authentication** - JWT-based secure access control - 🌐 **RESTful API** - Comprehensive API for integrations - 🐳 **Docker Ready** - Containerized deployment ## ✨ Features ### 🛡️ Core Security Features #### 1. **Malware Classification System** - Analyzes uploaded files (EXE, scripts, documents, APK) - Classifies into: Trojan, Worm, Ransomware, Spyware, Adware, Benign - Generates malware probability and threat scores - AI-powered explanations for detections #### 2. **AI Threat Prediction** - Predicts suspicious behavior patterns - Identifies unknown threats - Generates future risk scores - Attack vector analysis #### 3. **Anomaly Detection Engine** - Detects unusual file behavior - Identifies suspicious activity - Unknown malware signature detection - Behavioral anomaly analysis using Isolation Forest #### 4. **AI Security Scoring System** - File security scores (0-100) - Device risk assessment - Malware severity scoring - Threat confidence levels #### 5. **Real-Time Monitoring Dashboard** - Active threat tracking - Malware trend analysis - Detection statistics - Threat timelines - Risk analytics - Attack category breakdown ### 📊 Dashboard Modules 1. **Landing Page** - Professional cyber-security themed homepage 2. **Authentication** - Login/Register with JWT 3. **Security Dashboard** - Real-time threat overview 4. **Malware Scanner** - File upload and analysis center 5. **Threat Intelligence** - Comprehensive threat data 6. **AI Prediction Center** - Threat forecasting 7. **Anomaly Detection Lab** - Behavioral analysis 8. **Reports & Analytics** - Security insights 9. **Threat History** - Historical threat data 10. **User Management** - Admin panel 11. **Settings** - User preferences ### 🎨 UI/UX Features - **Dark Futuristic Theme** - Cyber-security aesthetic - **Glassmorphism Effects** - Modern UI design - **Neon Cyber Colors** - Cyan, blue, red accents - **Smooth Animations** - Framer Motion powered - **Real-Time Widgets** - Live threat updates - **Security Score Cards** - Visual risk indicators - **Interactive Analytics** - Recharts visualizations - **Threat Severity Indicators** - Color-coded alerts - **Live Activity Feed** - Real-time event stream - **Responsive Layout** - Mobile-friendly design ## 🛠️ Tech Stack ### Frontend - **React.js 18** - UI framework - **Tailwind CSS** - Utility-first styling - **Framer Motion** - Animation library - **Recharts** - Data visualization - **Chart.js** - Additional charts - **Axios** - HTTP client - **React Router** - Navigation - **Socket.IO Client** - Real-time communication - **Zustand** - State management - **React Hot Toast** - Notifications - **Lucide React** - Icon library ### Backend - **Node.js** - Runtime environment - **Express.js** - Web framework - **MongoDB** - NoSQL database - **Mongoose** - ODM - **JWT** - Authentication - **Socket.IO** - WebSocket server - **Multer** - File upload handling - **Bcrypt** - Password hashing - **Helmet** - Security headers - **Morgan** - HTTP logging - **Winston** - Application logging ### AI/ML Service - **Python 3.9+** - Programming language - **FastAPI** - Modern API framework - **Scikit-learn** - ML library - **NumPy** - Numerical computing - **Pandas** - Data manipulation - **Joblib** - Model persistence ### ML Models - **Random Forest** - Malware classification - **Isolation Forest** - Anomaly detection - **XGBoost** - Threat prediction - **Feature Engineering** - 25+ extracted features ### DevOps - **Docker** - Containerization - **Docker Compose** - Multi-container orchestration - **NGINX** - Reverse proxy - **Git** - Version control ## 🏗️ Architecture ┌─────────────────────────────────────────────────────────────┐ │ CLIENT (React.js) │ │ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │ │ │Dashboard │ │ Scanner │ │ Threats │ │Analytics │ │ │ └──────────┘ └──────────┘ └──────────┘ └──────────┘ │ └────────────────────┬────────────────────────────────────────┘ │ HTTP/WebSocket ┌────────────────────┴────────────────────────────────────────┐ │ BACKEND API (Node.js/Express) │ │ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │ │ │ Auth │ │ Scan │ │ Threats │ │Analytics │ │ │ └──────────┘ └──────────┘ └──────────┘ └──────────┘ │ └────────┬───────────────────────────┬────────────────────────┘ │ │ │ MongoDB │ HTTP │ │ ┌────────┴────────┐ ┌────────┴────────────────────────┐ │ DATABASE │ │ ML SERVICE (Python/FastAPI) │ │ (MongoDB) │ │ ┌──────────┐ ┌──────────┐ │ │ │ │ │Classifier│ │ Anomaly │ │ │ ┌──────────┐ │ │ └──────────┘ └──────────┘ │ │ │ Users │ │ │ ┌──────────┐ ┌──────────┐ │ │ │ Scans │ │ │ │Predictor │ │Features │ │ │ │ Threats │ │ │ └──────────┘ └──────────┘ │ │ └──────────┘ │ └─────────────────────────────────┘ └─────────────────┘ ### Data Flow ## 🚀 Quick Start ### Prerequisites - Node.js >= 16.0.0 - Python >= 3.9 - MongoDB >= 5.0 - Docker (optional) ### Installation #### Option 1: Manual Setup # Clone repository git clone https://github.com/yourusername/ai-malware-detection.git cd ai-malware-detection # Install all dependencies npm run install-all # Start MongoDB (if not running) mongod # Start all services npm run dev #### Option 2: Docker Setup # Clone repository git clone https://github.com/yourusername/ai-malware-detection.git cd ai-malware-detection # Build and start containers docker-compose up --build ### Access the Application - **Frontend**: http://localhost:3000 - **Backend API**: http://localhost:5000 - **ML Service**: http://localhost:8000 - **API Docs**: http://localhost:8000/docs ### Default Credentials Email: admin@malware-detection.com Password: Admin@123 ## 📦 Installation ### Step 1: Clone Repository git clone https://github.com/yourusername/ai-malware-detection.git cd ai-malware-detection ### Step 2: Backend Setup cd server # Install dependencies npm install # Create .env file cp .env.example .env # Edit .env with your configuration nano .env # Start server npm run dev ### Step 3: Frontend Setup cd client # Install dependencies npm install # Create .env file cp .env.example .env # Edit .env nano .env # Start development server npm start ### Step 4: ML Service Setup cd ml-service # Create virtual environment python -m venv venv # Activate virtual environment # Windows venv\Scripts\activate # Linux/Mac source venv/bin/activate # Install dependencies pip install -r requirements.txt # Create .env file cp .env.example .env # Start ML service python main.py ## ⚙️ Configuration ### Backend Environment Variables # Server Configuration NODE_ENV=development PORT=5000 # MongoDB Configuration MONGODB_URI=mongodb://localhost:27017/malware_detection # JWT Configuration JWT_SECRET=your_super_secret_jwt_key_change_in_production JWT_EXPIRE=7d # ML Service Configuration ML_SERVICE_URL=http://localhost:8000 # File Upload Configuration MAX_FILE_SIZE=50000000 UPLOAD_PATH=./uploads # CORS Configuration CLIENT_URL=http://localhost:3000 # Rate Limiting RATE_LIMIT_WINDOW=15 RATE_LIMIT_MAX_REQUESTS=100 ### Frontend Environment Variables REACT_APP_API_URL=http://localhost:5000 REACT_APP_SOCKET_URL=http://localhost:5000 ### ML Service Environment Variables ML_SERVICE_PORT=8000 MODEL_PATH=./models/trained_models ## 📖 Usage ### 1. Register/Login 1. Navigate to http://localhost:3000 2. Click "Get Started" or "Login" 3. Create account or login with credentials ### 2. Upload File for Scanning 1. Go to "Scanner" page 2. Drag & drop file or click to upload 3. Wait for analysis (real-time progress shown) 4. View detailed results ### 3. View Threat Intelligence 1. Navigate to "Threats" page 2. View all detected threats 3. Filter by severity, type, status 4. Update threat status 5. Add investigation notes ### 4. Monitor Analytics 1. Go to "Analytics" page 2. View security score 3. Analyze malware trends 4. Review detection timeline 5. Generate reports ### 5. Anomaly Detection 1. Navigate to "Anomaly Detection" page 2. View detected anomalies 3. Analyze behavioral patterns 4. Review risk assessments ## 📚 API Documentation ### Authentication Endpoints #### Register User POST /api/auth/register Content-Type: application/json { "username": "john_doe", "email": "john@example.com", "password": "SecurePass123!", "organization": "ACME Corp" } #### Login POST /api/auth/login Content-Type: application/json { "email": "john@example.com", "password": "SecurePass123!" } ### Scan Endpoints #### Upload and Scan File POST /api/scan/upload Authorization: Bearer Content-Type: multipart/form-data file: #### Get Scan History GET /api/scan/history?page=1&limit=20 Authorization: Bearer #### Get Scan by ID GET /api/scan/:scanId Authorization: Bearer ### Threat Endpoints #### Get All Threats GET /api/threats?severity=critical&status=active Authorization: Bearer #### Get Threat Statistics GET /api/threats/stats/dashboard Authorization: Bearer #### Update Threat Status PUT /api/threats/:threatId/status Authorization: Bearer Content-Type: application/json { "status": "resolved", "notes": "Threat mitigated successfully" } ### Analytics Endpoints #### Get Dashboard Analytics GET /api/analytics/dashboard Authorization: Bearer #### Get Malware Trends GET /api/analytics/malware-trends?days=30 Authorization: Bearer #### Generate Report POST /api/analytics/generate-report Authorization: Bearer Content-Type: application/json { "timeRange": 30, "reportType": "comprehensive" } ### ML Service Endpoints #### Analyze File POST /api/ml/analyze Content-Type: multipart/form-data file: #### Predict Threats POST /api/ml/predict-threats Content-Type: application/json { "historical_data": [...] } #### Detect Anomalies GET /api/ml/detect-anomalies ## 🤖 ML Models ### 1. Malware Classifier (Random Forest) **Purpose**: Classify files into malware categories **Features**: 25+ extracted features including: - File entropy - Suspicious strings - API calls - Network activity - Registry modifications - Process injections - Encryption indicators - Obfuscation level - PE characteristics **Classes**: - Benign - Trojan - Worm - Ransomware - Spyware - Adware **Accuracy**: ~94% (on training data) ### 2. Anomaly Detector (Isolation Forest) **Purpose**: Detect unusual behavior patterns **Method**: Isolation Forest algorithm **Output**: Anomaly score (0-1) **Threshold**: 0.6 for anomaly classification ### 3. Threat Predictor (XGBoost) **Purpose**: Predict future threats and attack vectors **Features**: Historical threat data, behavioral patterns **Output**: Risk score, threat type, attack vector ## 🐳 Deployment ### Docker Deployment # Build images docker-compose build # Start services docker-compose up -d # View logs docker-compose logs -f # Stop services docker-compose down ### Production Deployment #### Railway # Install Railway CLI npm install -g @railway/cli # Login railway login # Initialize project railway init # Deploy railway up #### Render 1. Connect GitHub repository 2. Create Web Service for backend 3. Create Web Service for frontend 4. Create Web Service for ML service 5. Add MongoDB database 6. Configure environment variables #### AWS/Azure 1. Set up EC2/VM instances 2. Install Docker 3. Clone repository 4. Configure environment variables 5. Run docker-compose 6. Set up load balancer 7. Configure SSL certificates ## 🔒 Security ### Security Features - **JWT Authentication** - Secure token-based auth - **Password Hashing** - Bcrypt with salt rounds - **Rate Limiting** - Prevent brute force attacks - **Helmet.js** - Security headers - **CORS Protection** - Controlled cross-origin requests - **Input Validation** - Express-validator - **File Upload Limits** - Max 50MB per file - **SQL Injection Prevention** - MongoDB ODM - **XSS Protection** - React built-in protection ### Best Practices 1. Change default JWT secret in production 2. Use HTTPS in production 3. Enable MongoDB authentication 4. Regular security audits 5. Keep dependencies updated 6. Implement proper logging 7. Use environment variables for secrets 8. Enable firewall rules 9. Regular backups

标签：自定义脚本