ARCHIVES

Nation Guard Antivirus is a hybrid cybersecurity system engineered to detect nation-state sponsored malware and Advanced Persistent Threats (APTs) that systematically evade conventional antivirus tools. This paper presents the complete architecture, methodology, implementation, and evaluation of Nation Guard, integrating three complementary detection methodologies: static analysis, dynamic sandbox-based analysis, and real-time behavioral monitoring. The system employs a layered, five-stage pipeline that progressively escalates suspicious files through increasingly resource-intensive analysis stages. Static analysis using YARA rules, hash verification, PE header inspection, and entropy analysis achieved a detection rate exceeding 87% for known APT signatures in controlled evaluation. The dynamic sandbox, built on QEMU/KVM virtualization, captures file system activity, registry modifications, network communications, and process behavior across configurable execution windows. The behavioral monitoring engine, implemented as a kernel-level driver, provides continuous system-wide surveillance capable of detecting fileless malware, living-off-the-land (LotL) attacks, and sophisticated persistence mechanisms. All five development phases have been completed, yielding a fully integrated detection engine capable of generating composite threat scores and triggering automated response actions. Future enhancements include machine learning classifiers, MITRE ATT&CK framework mapping, and SOAR platform integration. Nation Guard represents a significant advancement toward enterprise-grade, adaptive defense against state- sponsored cyber intrusions.