Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Aktaion: Open Source Tool For "Micro Behavior Based" Exploit Detection and Automated GPO Policy Generation

Aktaion is a lightweight JVM based project for detecting exploits (and more generally attack behaviors). The project is meant to be a learning/teaching tool on how to blend multiple security signals and behaviors into an expressive framework for intrusion detection. The key abstraction we wanted to protoype is the idea of a microbehavior. This concept helps to provide an expressive mechanism to add high level IOCs such as timing behavior of a certain malware family in parrallel to simple statsitcs, rules or anything relevant to building a programmitic descpriotn of a sequential evolving set of advesary behaviors.

Online Documentation

You can find the latest Spark documentation, including a programming guide, on the project web page This README file only contains basic setup instructions.

Building Atkaion

Atkaion is built using Simple Build Tool. To build Atkaion use the assembly command via:

sbt assembly

Running the test logic/demo

After assembly completes the jar is landed to the target/scala-2.12 subfolder. The scala version is specific to what is running native so the jar may be landed in target/scala-2.12 depending on the version of the language used in the compilation step. To run the jar type in the appropriate subfolder:

java -jar aktaion-assembly-2.0.jar


To run the jar from the command line the following dependencies are required for scoring a PCAP:

Java 1.8
Scala 2.12 (2.11 should work as well)

Rough Notes for building on IntelliJ (Mac/Windows):

Step 1: Download the Java JDK for java 1.8 : java 1.8.0_102-b14

Step 2: Install scala*

Step 3: SBT 0.13.12

Step 4: Clone the software repo: or just copy the indivual build.sbt file at the root of the project and the assembly plugin in the project/ subfolder.

Step 5: Run the command sbt at the root of the directory.

Step 6. Type compile at the sbt prompt if step 5 did not fail(there are no scripts at this point) make sure you don’t hit any erros here either.

Step 7: IntelliJ Community Edition (Free)

Step 8: Install the Scala plugin for IntelliJ

Step 9: Optional install sbt plugin for IntelliJ

For OS X the simple homebrew method has been tested:

Install Homebrew ruby -e "$(curl -fsSL )" Brew install scala 2.11.8 Brew install sbt 0.13.8 Brew install bro git clone cd Atkaion sbt assembly

Python dependencies 2.70 Pip install paramiko

Python 2.70 dependencies Pip install paramiko 

Some caveats about the Active Defense Script


Aktaion: Open Source ML tool and data samples for Exploit and Phishing Research







No releases published


No packages published