Nov 25, 2025 at 8:08 AM EST

Show HN: Deft-Intruder – Real-time malware detection daemon for Linux

1 points

0 comments

Mood

informative

Sentiment

positive

Category

startup_launch

Key topics

Malware Detection

Linux Security

Machine Learning

I built an open-source malware detection daemon that monitors all running processes in real-time using ML + heuristics. No kernel modules or eBPF required.

Key points:

- Polls /proc for new processes (works on any Linux kernel 2.6+) - Random Forest model trained on EMBER 2018 dataset (2.3M samples) - Heuristic rules for crypto miners, ransomware, rootkits - ~20MB RAM, <1% CPU, sub-millisecond scan latency - Pure C, zero runtime dependencies - Model embedded directly in binary (50KB)

Why I built this: Existing solutions either require modern kernels (eBPF) or are heavy/proprietary. I wanted something lightweight that works everywhere - servers, containers, old distros.

Detection approach: Extract features from executables (entropy, imports, sections), run ML prediction, apply heuristic rules, combine scores. If above threshold, kill the process.

Happy to discuss implementation details or Linux security in general.

Discussion Activity

No activity data yet

We're still syncing comments from Hacker News.

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (0 comments)

Discussion hasn't started yet.

ID: 46045430Type: storyLast synced: 11/25/2025, 1:10:10 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Read Article View on HN