Skip to content
/ aktaion Public

Aktaion: Open Source ML tool and data samples for Exploit and Phishing Research

License

Notifications You must be signed in to change notification settings

jzadeh/aktaion

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Aktaion: Open Source Tool For "Micro Behavior Based" Exploit Detection and Automated GPO Policy Generation

Aktaion is a lightweight JVM based project for detecting exploits (and more generally attack behaviors). The project is meant to be a learning/teaching tool on how to blend multiple security signals and behaviors into an expressive framework for intrusion detection. The key abstraction we wanted to protoype is the idea of a microbehavior. This concept helps to provide an expressive mechanism to add high level IOCs such as timing behavior of a certain malware family in parrallel to simple statsitcs, rules or anything relevant to building a programmitic descpriotn of a sequential evolving set of advesary behaviors.

http://www.github.com/jzadeh/aktaion

Online Documentation

You can find the latest Spark documentation, including a programming guide, on the project web page This README file only contains basic setup instructions.

Building Atkaion

Atkaion is built using Simple Build Tool. To build Atkaion use the assembly command via:

sbt assembly

Running the test logic/demo

After assembly completes the jar is landed to the target/scala-2.12 subfolder. The scala version is specific to what is running native so the jar may be landed in target/scala-2.12 depending on the version of the language used in the compilation step. To run the jar type in the appropriate subfolder:

java -jar aktaion-assembly-2.0.jar

Dependencies

To run the jar from the command line the following dependencies are required for scoring a PCAP:

BRO
Java 1.8
Scala 2.12 (2.11 should work as well)

Rough Notes for building on IntelliJ (Mac/Windows):

Step 1: Download the Java JDK for java 1.8 : java 1.8.0_102-b14 http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html

Step 2: Install scala https://www.scala-lang.org/download/2.12.*

Step 3: SBT 0.13.12
http://www.scala-sbt.org/download.html

Step 4: Clone the software repo: https://github.com/jzadeh/Aktaion.git or just copy the indivual build.sbt file at the root of the project and the assembly plugin in the project/ subfolder.

Step 5: Run the command sbt at the root of the directory.

Step 6. Type compile at the sbt prompt if step 5 did not fail(there are no scripts at this point) make sure you don’t hit any erros here either.

Step 7: IntelliJ Community Edition (Free) https://www.jetbrains.com/idea/

Step 8: Install the Scala plugin for IntelliJ https://confluence.jetbrains.com/display/SCA/Scala+Plugin+for+IntelliJ+IDEA

Step 9: Optional install sbt plugin for IntelliJ

For OS X the simple homebrew method has been tested:

Install Homebrew ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install )" Brew install scala 2.11.8 Brew install sbt 0.13.8 Brew install bro git clone git@github.com:jzadeh/Aktaion.git cd Atkaion sbt assembly

Python dependencies 2.70 Pip install paramiko

Python 2.70 dependencies Pip install paramiko https://github.com/unixist/cryptostalker 

Some caveats about the Active Defense Script

About

Aktaion: Open Source ML tool and data samples for Exploit and Phishing Research

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published