MALGUARD: A CROSS-PLATFORM SIGNATURE-BASED MALWARE DETECTION SYSTEM WITH HMAC-PROTECTED SIGNATURE DATABASE
Keywords:
malware detection, signature-based detection, SHA-256 hashing, YARA rules, cross-platform security, open- source antivirus, HMAC integrity protectionAbstract
Malware threats are remaining major challenges to global cybersecurity, and the commercial antivirus solutions are usually very costly, closed source and platform specific. In this paper, we are introducing MalGuard which is an open-source cross-platform signature-based malware detection system that is accessible, extensible and educational values. The MalGuard al- gorithm uses the matching of the cryptographic hash of MASHA-
256 using known malware samples to quickly and effectively identify them, with support of the YARA rule integration to perform more sophisticated behavioural analysis. The four inter- connected elements of the system for serving and storing HMAC signatures and managing quarantine, with Python Desktop CLI, FastAPI-based RESTful backend server, React/TypeScript web frontend, and React Native mobile application are interconnected. Extensive testing shows that signature-matched threats with a false positive rate of 0 have a 100% detection rate and scan throughput faster than 120 files per second. Typing Compatibility solutions has been checked and typified to work with windows, macos, supreme web browsers, and mobile devices, as well. MalGuard fills in the identified gap of unified, customizable and free cost malware detection solution.
