{"id":18169676,"url":"https://github.com/sequint/kernel-anomaly-detector","last_synced_at":"2025-08-22T21:32:09.091Z","repository":{"id":260683949,"uuid":"882037934","full_name":"sequint/kernel-anomaly-detector","owner":"sequint","description":"A kernel module for monitoring system processes and detecting anomalies as potential malware threats based on CPU and memory usage","archived":true,"fork":false,"pushed_at":"2024-12-17T16:42:07.000Z","size":35,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-07T07:38:27.148Z","etag":null,"topics":["c-programming","kernel-machine-learning","linux-kernel","threat-detection"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sequint.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-01T18:45:59.000Z","updated_at":"2024-12-17T16:45:02.000Z","dependencies_parsed_at":"2024-11-01T20:27:26.956Z","dependency_job_id":"2c69c1c3-7276-42e4-aa18-021c2d69563c","html_url":"https://github.com/sequint/kernel-anomaly-detector","commit_stats":{"total_commits":15,"total_committers":1,"mean_commits":15.0,"dds":0.0,"last_synced_commit":"b44a4d3888763b4165436a26f4462f81260dac14"},"previous_names":["sequint/kernel-anomaly-detector"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/sequint/kernel-anomaly-detector","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sequint%2Fkernel-anomaly-detector","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sequint%2Fkernel-anomaly-detector/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sequint%2Fkernel-anomaly-detector/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sequint%2Fkernel-anomaly-detector/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sequint","download_url":"https://codeload.github.com/sequint/kernel-anomaly-detector/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sequint%2Fkernel-anomaly-detector/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271703772,"owners_count":24806527,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-22T02:00:08.480Z","response_time":65,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c-programming","kernel-machine-learning","linux-kernel","threat-detection"],"created_at":"2024-11-02T14:05:15.387Z","updated_at":"2025-08-22T21:32:07.683Z","avatar_url":"https://github.com/sequint.png","language":"C","readme":"# Kernel Anamoly Detector\n\n![License](https://img.shields.io/badge/license-MIT-brightgreen)\n![Issues](https://img.shields.io/github/issues/sequint/kernel-anomaly-detector)\n![Version](https://img.shields.io/badge/version-2.1.0-blue)\n![Platform](https://img.shields.io/badge/platform-Linux-brightgreen)\n![Kernel Development](https://img.shields.io/badge/Kernel%20Development-Linux%20Kernel-brightgreen)\n\n## Table of Contents\n\n- [About](#About)\n- [Installation](#Installation)\n- [Build](#Build)\n- [Future Goals](#Future)\n- [Authors](#Authors)\n\n## About\n\nA kernel module for monitoring system processes and detecting anomalies as potential malware threats based on CPU, memory, \u0026 network usage.\n\n## Installation\n\n*Note: Installation instructions to be updated as progress is made on the project*\n\n1. Clone repo into a local project directory\n2. Open a bash terminal and follow the following commands to install linux headers:\n   ```bash\n   sudo apt update\n   sudo apt install gcc\n   sudo apt install linux-headers-$(uname -r)\n   sudo apt install make\n   ```\n\n### VSCode c_cpp properties\n\nc_cpp_properties.json file has been included for use in VSCode IDE.  If you are not using Code for development, delete this directory.\nIf using Code, in a Bash shell enter the command 'uname -r' after installing the above packages.\nCopy the result and replace the (uname -r) portions of the json file with the value.\n\n## Build\n\n```bash\n# Navigate to the directory you cloned the module into\ncd ~/module_dir_path\n\n# Compile the kernel module\nmake\n\n# Load module (insure the ko file was generated after the make build first)\nsudo insmod kernel_module.ko\n\n# Check to see if the module loaded\nlsmod | grep kernel_module\n\n# Open and view module logs in real time\nsudo dmesg -w | grep \"ANOMALY MONITOR\"\n\n# Open and view logs written to log file in terminal or in VS Code\ncat /var/log/anomaly_monitor.log\ncode /var/log/anomaly_monitor.log\n\n# Set static thresholds as admin\necho \"200 200 200 200\" | sudo tee /sys/kernel/anomaly_module/thresholds\n\n# Remove static thresholds as admin\necho \"1\" | sudo tee /sys/kernel/anomaly_module/reset_thresholds\n\n# Unload module (will up to 30 seconds to unload)\nsudo rmmod kernel_module\n\n# Check last log to ensure the module unloaded\nsudo dmesg | tail -1\nlsmod | grep kernel_module\n```\n\n## Future Goals\n\n1. Integrate User Space ML Model with Monitoring as a second level\n3. Set Up Kernel-ML model in Kernel Space (Experimental)\n4. Integrate first level anomoly detection, to kernel-ml, to user space model\n5. Extensive Testing and ML Benchmarking\n\n## Authors\n\n- [Steven Quintana](https://github.com/sequint)\n- Mason Wilson IV","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsequint%2Fkernel-anomaly-detector","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsequint%2Fkernel-anomaly-detector","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsequint%2Fkernel-anomaly-detector/lists"}