Xray: A full-behavior-chain anti-malware system built in Go by a student

1 points by tangtian 5 hours ago

Hi HN,

I'm Tang Tian, a first-year economics student from a non-CS background, currently self-learning Go, OS concepts, and cybersecurity. Over the past weeks, I built Xray, an anti-malware and behavior tracing system from scratch, entirely in Go.

Xray compares your current system with a reference ISO, monitors real-time filesystem and process activity, detects suspicious behavior, automatically eliminates threats, and outputs a full behavior graph as a .dot file (Graphviz-ready).

Highlights:

Behavior chain detection (not signature-based)

Monitors full system with fsnotify + process tracing

Compares live system to boot ISO for anomaly detection

Auto-kills malicious behaviors in real time

Outputs behavior chain in .dot format (JSON/LOG planned)

Lightweight: compiled binary is only ~3MB

Written completely from scratch by a solo student

GitHub: https://github.com/lixiasky/X-ray There’s also a screenshot folder showing how it runs, and a personal note in the README.

This is open-source with a permissive license (MIT-style). Feel free to fork and build your own version—just please keep a credit line in the README: “First version by Xia Lixia.”

I hope someone finds this useful or fun to hack on. Feedback is welcome, and thank you for reading!