PYAS: Python & C++ Antivirus with ML and Behavioral Monitoring
This repository profile is provided by osrepos.com, an open source repository discovery platform.
Summary
PYAS is an advanced antivirus software developed using a hybrid approach of Python and C++. It leverages machine learning and behavioral monitoring to effectively detect and block various threats. This project offers comprehensive security for Windows systems, combining user-mode scanning with kernel-mode protection.
Repository Information
Use at your own risk
OSRepos shares public repositories for knowledge and discovery only. Any installation, execution, configuration, or use of code from these repositories is the user's own responsibility. Always review the repository, source code, dependencies, licenses, and security implications before running or installing anything. OSRepos is not responsible for issues, damages, or losses resulting from third-party repositories.
Introduction
PYAS is an innovative antivirus solution built with a powerful combination of Python and C++. It stands out by integrating machine learning models and behavioral monitoring techniques to provide robust protection against modern threats. Designed for Windows, PYAS offers a multi-layered security approach, operating in both user and kernel modes to safeguard your system.
Installation
To get started with PYAS, Python 3.10 is recommended. You can install the necessary dependencies using pip:
pip install pystray pefile requests pywebview Pillow yara-python numpy onnxruntime
For model training or other non-essential functions, additional packages are required:
pip install pandas scikit-learn lightgbm onnxmltools orjson
Examples
PYAS employs a sophisticated architecture to deliver its protective capabilities. In user mode, the Python core manages the web UI and various scanning engines, including PE/ML, YARA, Cloud, and Signature verification. These engines analyze potential threats using machine learning models and predefined rules.
The system extends its reach into kernel mode with a C++ minifilter driver. This driver provides real-time protection for files, processes, and the registry, and also handles boot protection. Communication between user and kernel modes is facilitated through an ALPC port, ensuring seamless threat detection and mitigation. The integration of LightGBM models further enhances its ability to identify malicious patterns with high accuracy.
Why Use
PYAS offers several compelling reasons for its use:
- Hybrid Protection: Combines the flexibility of Python for user-mode operations with the performance and deep system access of C++ for kernel-mode protection.
- Advanced Threat Detection: Utilizes machine learning (LightGBM) and YARA rules for highly accurate and adaptive threat identification.
- Behavioral Monitoring: Monitors system behavior to detect and block suspicious activities in real-time.
- Comprehensive Coverage: Protects critical system components, including files, processes, registry, and boot sectors.
- Open Source: Provides transparency and allows community contributions.
- Modern Interface: Features a web-based user interface via pywebview for ease of use.
Links
Explore PYAS further through these official resources:
Related repositories
Similar repositories that may be relevant next.
Source repository
Open the original repository on GitHub.