Kavach-R monitors process behaviour in real time and raises alerts before ransomware can finish encrypting your files.
┌──────────────┐ risk score ┌──────────────┐
│ Detection │ ──────────────────▶│ Dashboard │
│ Engine (ML) │ │ (CLI live) │
└──────┬───────┘ └──────────────┘
│ threshold crossed
▼
┌──────────────┐ ┌──────────────┐
│ Alerts │◀───── demo.py ───▶│ Simulator │
│ (terminal) │ orchestrates │ (safe fake │
└──────────────┘ │ ransomware)│
└──────────────┘
| Module | Purpose |
|---|---|
kavach/ |
Detection engine (ML model, feature extraction) |
simulator.py |
Safe ransomware behaviour simulator |
alerts.py |
Terminal alert display |
dashboard.py |
Live CLI risk-score dashboard |
demo.py |
End-to-end demo orchestrator |
utils.py |
Shared helper functions |
test_folder/ |
Dummy files consumed by the simulator |
- Python 3.10+
- (Optional) colorama for coloured dashboard output
# 1. Clone the repo
git clone <repo-url> && cd Kavach-R
# 2. Install optional dependency
pip install colorama
# 3. Ensure test_folder has dummy files (already included)
ls test_folder/python demo.pyThis will:
- Show the safe-state message.
- Start the live dashboard in the background.
- Launch the simulator to mimic a ransomware attack.
- Ramp the risk score and trigger alerts when it crosses
0.8. - Cool down and return to safe state.
# Dashboard only (random scores)
python dashboard.py
# Simulator only
python simulator.py
# Alert samples
python alerts.pykavach-r/
├── kavach/ # Detection engine (teammate)
│ ├── detector.py
│ ├── events.py
│ ├── feature_engine.py
│ ├── kavach_main.py
│ └── model.py
├── simulator.py # Safe ransomware simulator
├── alerts.py # Alert display
├── dashboard.py # Live CLI dashboard
├── demo.py # Demo orchestrator
├── utils.py # Helpers
├── test_folder/ # Dummy files
└── README.md
MIT