Xray:一个由学生使用Go语言构建的全行为链反恶意软件系统
嗨,HN,
我是唐天,一名来自非计算机科学背景的经济学一年级学生,目前正在自学Go语言、操作系统概念和网络安全。在过去几周里,我从零开始用Go语言构建了Xray,一个反恶意软件和行为追踪系统。
Xray将您的当前系统与参考ISO进行比较,实时监控文件系统和进程活动,检测可疑行为,自动消除威胁,并输出完整的行为图,格式为.dot(兼容Graphviz)。
亮点:
- 行为链检测(非基于签名)
- 使用fsnotify和进程追踪监控整个系统
- 将实时系统与启动ISO进行比较以检测异常
- 实时自动终止恶意行为
- 以.dot格式输出行为链(计划支持JSON/LOG)
- 轻量级:编译后的二进制文件仅约3MB
- 完全由一名学生从头编写
GitHub链接:https://github.com/lixiasky/X-ray
还有一个截图文件夹,展示了它的运行情况,以及README中的个人说明。
这是一个开源项目,采用宽松的许可证(MIT风格)。欢迎随意分叉并构建自己的版本——只需在README中保留一条致谢:“首个版本由夏丽霞制作。”
希望有人觉得这个项目有用或有趣。欢迎反馈,谢谢阅读!
查看原文
Hi HN,<p>I'm Tang Tian, a first-year economics student from a non-CS background, currently self-learning Go, OS concepts, and cybersecurity. Over the past weeks, I built Xray, an anti-malware and behavior tracing system from scratch, entirely in Go.<p>Xray compares your current system with a reference ISO, monitors real-time filesystem and process activity, detects suspicious behavior, automatically eliminates threats, and outputs a full behavior graph as a .dot file (Graphviz-ready).<p>Highlights:<p>Behavior chain detection (not signature-based)<p>Monitors full system with fsnotify + process tracing<p>Compares live system to boot ISO for anomaly detection<p>Auto-kills malicious behaviors in real time<p>Outputs behavior chain in .dot format (JSON/LOG planned)<p>Lightweight: compiled binary is only ~3MB<p>Written completely from scratch by a solo student<p>GitHub: https://github.com/lixiasky/X-ray
There’s also a screenshot folder showing how it runs, and a personal note in the README.<p>This is open-source with a permissive license (MIT-style). Feel free to fork and build your own version—just please keep a credit line in the README: “First version by Xia Lixia.”<p>I hope someone finds this useful or fun to hack on. Feedback is welcome, and thank you for reading!