- May 9, 2024
- 100
I didn't used IDS rules etc. but I using YARA rules for main power but it seems like it uses too much RAM and his effective level is not important because it's so slow. That's so critical task for me because Machine Learning unbelievably strong with limited data and compared to YARA rules and it's so fast. I deleted too many useless features and optimized YARA rules much as possible but I reached limit right now. YARA is not solution it's just pattern matcher. But machine learning AI is so simple but so powerful and I surprised. I see a lot of potential there. Even if he decrease detection rate fast scan is so important for most AV I'm not just wrapper but wrapping YARA and ClamAV annoying to me but ClamAV is fast for me (not so fast but fast). I'm going to add YARA rules to cloud analysis in the feature but my goal right now is fully localized fast and with average detection rate antivirus. Also YARA rules causing too many false positives but surpsingly avoding false positives at machine learning so easy. YARA is not antivirus and can't replace antiviruses. It's just basic project. With only 11k malicious verified data and 1.1k benign data detection rate minimum is 20% and false positive rate is very low. Here is my project link: Xylent My only hope to keep YARA rules right now is compiled YARA rule file.
Last edited: