I'm Tang Tian, a first-year economics student from a non-CS background, currently self-learning Go, OS concepts, and cybersecurity. Over the past weeks, I built Xray, an anti-malware and behavior tracing system from scratch, entirely in Go.
Xray compares your current system with a reference ISO, monitors real-time filesystem and process activity, detects suspicious behavior, automatically eliminates threats, and outputs a full behavior graph as a .dot file (Graphviz-ready).
Highlights:
Behavior chain detection (not signature-based)
Monitors full system with fsnotify + process tracing
Compares live system to boot ISO for anomaly detection
Auto-kills malicious behaviors in real time
Outputs behavior chain in .dot format (JSON/LOG planned)
Lightweight: compiled binary is only ~3MB
Written completely from scratch by a solo student
GitHub: https://github.com/lixiasky/X-ray There’s also a screenshot folder showing how it runs, and a personal note in the README.
This is open-source with a permissive license (MIT-style). Feel free to fork and build your own version—just please keep a credit line in the README: “First version by Xia Lixia.”
I hope someone finds this useful or fun to hack on. Feedback is welcome, and thank you for reading!