detection

package

v3.1.0 Latest Latest Go to latest Published: Jan 30, 2026 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/BlackVectorOps/semantic_firewall

Links

Open Source Insights

Documentation ¶

Index ¶

func ComputeTopologySimilarity(topo *topology.FunctionTopology, sig Signature) float64
func ExtractStringPatterns(literals []string) []string
func GenerateTopologyHash(topo *topology.FunctionTopology) string
func HasReconnectLogic(topo *topology.FunctionTopology) bool
func MatchCalls(topo *topology.FunctionTopology, required []string) (score float64, matched, missing []string)
func MatchStrings(topo *topology.FunctionTopology, patterns []string) (score float64, matched []string)
type ControlFlowHints
type IdentifyingFeatures
type MatchDetails
type ScanResult
- func MatchSignature(topo *topology.FunctionTopology, funcName string, sig Signature, ...) ScanResult
type Signature
- func IndexFunction(topo *topology.FunctionTopology, name, description, severity, category string) Signature
type SignatureDatabase
type SignatureMetadata

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ComputeTopologySimilarity ¶

func ComputeTopologySimilarity(topo *topology.FunctionTopology, sig Signature) float64

func ExtractStringPatterns ¶

func ExtractStringPatterns(literals []string) []string

func GenerateTopologyHash ¶

func GenerateTopologyHash(topo *topology.FunctionTopology) string

func HasReconnectLogic ¶

func HasReconnectLogic(topo *topology.FunctionTopology) bool

func MatchCalls ¶

func MatchCalls(topo *topology.FunctionTopology, required []string) (score float64, matched, missing []string)

func MatchStrings ¶

func MatchStrings(topo *topology.FunctionTopology, patterns []string) (score float64, matched []string)

Types ¶

type ControlFlowHints ¶

type ControlFlowHints struct {
	HasInfiniteLoop   bool `json:"has_infinite_loop,omitempty"`
	HasReconnectLogic bool `json:"has_reconnect_logic,omitempty"`
}

ControlFlowHints captures control flow patterns.

type IdentifyingFeatures ¶

type IdentifyingFeatures struct {
	RequiredCalls  []string          `json:"required_calls,omitempty"`
	OptionalCalls  []string          `json:"optional_calls,omitempty"`
	StringPatterns []string          `json:"string_patterns,omitempty"`
	ControlFlow    *ControlFlowHints `json:"control_flow,omitempty"`
}

IdentifyingFeatures captures behavioral markers for detection.

type MatchDetails ¶

type MatchDetails struct {
	TopologyMatch      bool     `json:"topology_match"`
	EntropyMatch       bool     `json:"entropy_match"`
	CallsMatched       []string `json:"calls_matched"`
	CallsMissing       []string `json:"calls_missing"`
	StringsMatched     []string `json:"strings_matched"`
	TopologySimilarity float64  `json:"topology_similarity"`
	EntropyDistance    float64  `json:"entropy_distance"`
}

MatchDetails provides granular information about the match.

type ScanResult ¶

type ScanResult struct {
	SignatureID     string       `json:"signature_id"`
	SignatureName   string       `json:"signature_name"`
	Severity        string       `json:"severity"`
	MatchedFunction string       `json:"matched_function"`
	Confidence      float64      `json:"confidence"` // 0.0 to 1.0
	MatchDetails    MatchDetails `json:"match_details"`
}

ScanResult represents a match between analyzed code and a signature.

func MatchSignature ¶

func MatchSignature(topo *topology.FunctionTopology, funcName string, sig Signature, entropyTolerance float64) ScanResult

MatchSignature checks a function topology against a signature.

type Signature ¶

type Signature struct {
	ID                  string              `json:"id"`
	Name                string              `json:"name"`
	Description         string              `json:"description"`
	Severity            string              `json:"severity"`
	Category            string              `json:"category"`
	TopologyHash        string              `json:"topology_hash"`
	FuzzyHash           string              `json:"fuzzy_hash,omitempty"`
	EntropyScore        float64             `json:"entropy_score"`
	EntropyTolerance    float64             `json:"entropy_tolerance"`
	NodeCount           int                 `json:"node_count"`
	LoopDepth           int                 `json:"loop_depth"`
	IdentifyingFeatures IdentifyingFeatures `json:"identifying_features"`
	Metadata            SignatureMetadata   `json:"metadata"`
}

Signature represents a single malware signature entry.

func IndexFunction ¶

func IndexFunction(topo *topology.FunctionTopology, name, description, severity, category string) Signature

type SignatureDatabase ¶

type SignatureDatabase struct {
	Version     string      `json:"version"`
	Description string      `json:"description"`
	Signatures  []Signature `json:"signatures"`
}

SignatureDatabase represents the malware signature database.

type SignatureMetadata ¶

type SignatureMetadata struct {
	Author     string   `json:"author"`
	Created    string   `json:"created"`
	References []string `json:"references,omitempty"`
}

SignatureMetadata contains provenance information.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL