This repository contains the implementation of the approach proposed in the paper "KAIROS: Practical Intrusion Detection and Investigation using Whole-system Provenance".
Please cite this paper if you use the model or any code from this repository in your own work:
@inproceedings{cheng2024kairos,
title={KAIROS: Practical Intrusion Detection and Investigation using Whole-system Provenance},
author={Cheng, Zijun and Lv, Qiujian and Liang, Jinyuan and Wang, Yang and Sun, Degang and Pasquier, Thomas and Han, Xueyuan},
booktitle={2024 IEEE Symposium on Security and Privacy (SP)},
year={2024},
organization={IEEE}
}
We provide a demo to illustrate step-by-step how you can run the code end-to-end. Additionally, we provide IPython notebook scripts for all of our experiments.
Due to the extended amount of time it takes to train a model, we also provide pre-trained models of our experimental datasets. You can download these models directly from our Google Drive.
Our paper and the supplementary material contain links to all publicly available datasets used in our experiments.