Skip to content

Aktaion is a machine learning open source & active defense (orchestration) prototype. The tool focuses on the detection of exploits based on machine learning techniques, independent of static-based signatures.

master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

Aktaion: Behavior Based Exploit Detection Prototype

aktaion_logo redteamvillage_logo exploit_logo

Updated for Defcon 28 Redteam Village 8/8/2020:

  1. Training Readme Here
  2. Training Video Google Drive Link
  3. Training Slides Google Drive Link

Redteam Village Defcon 28 Links: Homepage, Discord, Training Link

Aktaion V2: Open Source Tool For Microbehavior Based Exploit Detection

Aktaion is a machine learning open source & active defense (orchestration) prototype. The tool focuses on the detection of Ransomware based on machine learning techniques, independent of static-based signatures. The tool has been mentioned and featured in may respected community publications and research, and in years past presented at a variety of Blackhat Arsenal events. AKTAION v2 is the second iteration or port of the project from the original Java into Python3.

The port to python is meant to be a learning/teaching tool on how to blend multiple security signals and behaviors into an expressive framework for intrusion detection. The key abstraction we wanted to prototype is the idea of a Microbehavior. This concept helps to provide an expressive mechanism to add high level IOCs such as timing behavior of a certain Malware family in parallel to simple statistics, rules or anything relevant to building a programmatic description of a sequential evolving set of adversary behaviors.

  1. Current Project Repo: http://www.github.com/jzadeh/aktaion2
  2. The original Java/Scala code is located in an older repo here: http://www.github.com/jzadeh/aktaion

Project Setup (use python 3):

To run the project make sure you have the latest python3/pip3 and virtual environment setup. Then run the command

pip install virtualenv && virtualenv -p python3 venv && source venv/bin/activate && pip install -r requirements.txt

Running the main program

To execute the main program use the shell script in the root directory

./aktaion2.sh

The logic has two paths exposed right now. Select option 1 for demo mode and select option 2 for analyzing a file.

Running the ML Logic in debug mode

This will use verbose printing of feature vector extraction and parsing logic for data in hardcoded directories linked to the project. This is useful for debugging specific issues related to the parsing of input files for building the ML workflow:

./aktaion2_ml_debug.sh

About

Aktaion is a machine learning open source & active defense (orchestration) prototype. The tool focuses on the detection of exploits based on machine learning techniques, independent of static-based signatures.

Topics

Resources

License

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  
You can’t perform that action at this time.