Welcome to HAMSTRING’s documentation!

Contents

Welcome to HAMSTRING’s documentation!#

HAMSTRING is a CIDS framework to run signature and machine learning-based IDS classifiers. It employs several string and anomaly-based filtering techniques to maximize detection efficiency. Currently the tool focueses on DNS attacks, as it incorporates heiDGAF (DGA detection) & Domainator (DNS Tunneling Detector) [Petrov et al., 2025] [Machmeier et al., 2025].

Check out the Usage section for further information on how to use the software, including how to install and configure the project. For more details on the implementation and structure, take a look at the Pipeline section. The Monitoring section describes how to set up the monitoring environment for observing the software’s functionality in real-time.

Note

This project is under active development.

Contents#