Skip to content
/ rt-kcsm Public

Real-Time Detection of Multi-Stage Attacks using Kill Chain State Machines: Detect multi-stage attacks by correlating alerts from Intrusion Detection Systems (IDS) to generate scenario graphs. By prioritising alerts based on the kill chain model the RT-KCSM reduces false-positive alerts.

License

BSD-3-Clause license
4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

UHH-ISS/rt-kcsm

BranchesTags

Repository files navigation

Run experiments

Prerequisites:

  • Golang 1.24
  • Node.js 23.11.0
  • npm 10.9.2
  • Python 3.13
  • Jupyter Notebook
  • bash or zsh

Install RT-KCSM from source with Golang

cd src/web/
npm install
tsc
rollup -c
cd ..
go install .
cd ..

Make sure you have the go binaries folder in your $PATH variable.

Run the evaluation setup

cd evaluation
./run-evaluation.sh

Wait until it has finished. Now run all steps of the Jupyter Notebook(s):

  • evaluation/performance.ipynb
  • evaluation/detection.ipynb

The result figures are located in evaluation/figures/

About

Real-Time Detection of Multi-Stage Attacks using Kill Chain State Machines: Detect multi-stage attacks by correlating alerts from Intrusion Detection Systems (IDS) to generate scenario graphs. By prioritising alerts based on the kill chain model the RT-KCSM reduces false-positive alerts.

Topics

security research cybersecurity ids intrusion-detection network-security-monitoring network-security security-tools attack-graph advanced-persistent-threat alert-correlation

Resources

Readme

License

BSD-3-Clause license

Security policy

Security policy
Activity
Custom properties

Stars

4 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Aug 11, 2025

Packages

 
 
 

Languages