Detecting Abnormal Activity Using C++

Malicious Activities Detection Using C++

Malicious Activities Detection Using C++ is a software project designed to identify and mitigate potentially harmful activities within a computer system. This project leverages the C++ programming language to implement a range of security measures aimed at detecting and responding to suspicious actions, processes, or events that may indicate the presence of malicious software or unauthorized access.

GitLink:

https://github.com/Sivatech24/MaliciousActivitiesDetectionUsingCPlusPlus.git

Key Components and Features:

1. Process Monitoring: The project includes functionality to monitor running processes on a system. It can detect processes with specific names or characteristics that are known to be associated with malicious activities.

2. Anomaly Detection: Using statistical and behavioral analysis, the software can identify anomalies in system metrics, file access patterns, or network traffic, which could signal malicious behavior.

3. Memory Analysis: The system can analyze memory contents and look for signs of malicious code injection or other memory-related attacks.

4. File Integrity Monitoring: It checks and maintains the integrity of critical system files by comparing them against known checksums to detect any unauthorized modifications.

5. Event Logging: All detected malicious activities or anomalies are logged, allowing system administrators to review and respond to potential threats.

6. Real-time Alerts: The system can be configured to send real-time alerts when suspicious activity is detected, enabling immediate responses to potential security incidents.

7. Customization: The project is designed to be adaptable, allowing users to define specific rules and thresholds for what constitutes malicious behavior based on their system's characteristics and requirements.

8. User-Friendly Interface: The software may include a user-friendly interface for configuring and monitoring the system's security measures.

Use Cases:

- System Security: It can be used to enhance the security of computer systems, servers, and networks by identifying and responding to malicious activities.

- Intrusion Detection: The project is valuable for intrusion detection and prevention, helping organizations safeguard their systems from unauthorized access.

- Malware Detection: It aids in the detection of malware and other forms of malicious software that may compromise system integrity.

- Forensic Analysis: Security professionals and digital forensics experts can use this system to analyze systems after security incidents to identify the nature of the breach.

- Continuous Monitoring: It provides continuous monitoring of systems, ensuring that any malicious activity is detected promptly.

Note: Developing a full-fledged malicious activities detection system is a complex and specialized task that often requires deep knowledge of cybersecurity principles, ongoing threat intelligence, and the integration of various security mechanisms. This project serves as a basic framework and can be expanded upon to meet specific security needs. It is important to stay updated with the latest security threats and best practices to maintain the effectiveness of such a system.

Detecting Malicious Activity Over A Process Or Memory Code:

#include <iostream>

#include <string>

#include <vector>

#include <algorithm>

#include <fstream>

#include <cstdlib>

// Function to check if a process is running by name

bool isProcessRunning(const std::string& processName) {

    std::string command = "ps aux | grep " + processName + " | grep -v grep";

    FILE* pipe = popen(command.c_str(), "r");

    if (!pipe) {

        return false;

    }

    char buffer[128];

    while (!feof(pipe)) {

        if (fgets(buffer, 128, pipe) != nullptr) {

            pclose(pipe);

            return true;

        }

    }

    pclose(pipe);

    return false;

}

int main() {

    std::string targetProcessName = "malicious_process_name"; // Replace with the name of the process you want to check

    if (isProcessRunning(targetProcessName)) {

        std::cout << "Malicious process (" << targetProcessName << ") is running." << std::endl;

    } else {

        std::cout << "No malicious process found." << std::endl;

    }

    return 0;

}

Output:

DetectingAbnormalActivity code:

#include <iostream>

#include <vector>

#include <cmath>

// Function to calculate the mean of a vector

double mean(const std::vector<double>& data) {

    double sum = 0;

    for (const double& value : data) {

        sum += value;

    }

    return sum / data.size();

}

// Function to calculate the standard deviation of a vector

double standardDeviation(const std::vector<double>& data, double mean) {

    double sum = 0;

    for (const double& value : data) {

        sum += (value - mean) * (value - mean);

    }

    return std::sqrt(sum / data.size());

}

// Function to detect abnormal activity using Z-score

bool detectAbnormalActivity(const std::vector<double>& data, double threshold) {

    double dataMean = mean(data);

    double dataStdDev = standardDeviation(data, dataMean);

    if (dataStdDev == 0) {

        return false; // Avoid division by zero

    }

    double zScore = (data.back() - dataMean) / dataStdDev;

    return std::abs(zScore) > threshold;

}

int main() {

    std::vector<double> cpuUsageData;

    // Simulate a history of CPU usage data (you should replace this with real data)

    cpuUsageData = {20.0, 21.0, 22.0, 25.0, 30.0, 120.0, 22.0, 21.0, 22.0, 25.0};

    double anomalyThreshold = 2.0; // You can adjust this threshold based on your system's characteristics

    bool isAbnormal = detectAbnormalActivity(cpuUsageData, anomalyThreshold);

    if (isAbnormal) {

        std::cout << "Abnormal activity detected!" << std::endl;

    } else {

        std::cout << "No abnormal activity detected." << std::endl;

    }

    return 0;

}

Output:

Thank You For Visiting Our Blog.