Detect. Alert. Respond. KRIIR is an open-source endpoint detection platform specifically engineered to identify ransomware behavioral patterns in real-time, providing organizations with automated response capabilities.
Mission: Democratize enterprise-grade ransomware detection through open source technology
Vision: A world where ransomware attacks are detected and stopped before encryption begins
Ransomware defense should be accessible to all organizations, not just those with enterprise budgets. KRIIR provides transparent, community-driven security:
- Core detection engine is free forever
- No vendor lock-in or proprietary black boxes
- Community-driven signature development
- Full transparency in detection algorithms
- Enterprise features available for organizations that need scale
- 85%+ detection accuracy for ransomware behavioral patterns
- Sub-5% false positive rate through contextual analysis
- Multi-stage kill-chain monitoring from initial access to encryption
- Zero-day ransomware detection via behavioral heuristics
- Immediate threat containment when high-confidence detections occur
- Emergency backup triggering before file encryption begins
- Network isolation of compromised endpoints
- Multi-channel alerting (email, Slack, webhook integration)
- Community-driven threat signatures with collaborative updates
- Behavioral rule engine with customizable detection logic
- Machine learning models trained on diverse ransomware families
- Integration APIs for SIEM and SOAR platforms
git clone https://github.com/ossamalafhel/kriir.git
cd kriir
docker-compose up -dAccess your platform:
- Dashboard: http://localhost:3000
- API: http://localhost:8080
- Health Check: http://localhost:8080/q/health
# 1. Clone and configure
git clone https://github.com/ossamalafhel/kriir.git
cd kriir
cp .env.example .env
# Edit .env with your configuration
# 2. Start services
docker-compose -f docker-compose.prod.yml up -d
# 3. Initialize database
docker-compose exec kriir-core ./gradlew flyway:migrate
# 4. Deploy agents (see docs/agent-deployment.md)KRIIR uses a modern, microservices architecture optimized for real-time processing:
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ KRIIR Agent │ │ Quarkus Server │ │ Python ML API │
│ (Go Binary) │◄──►│ (Event Core) │◄──►│ (Detection AI) │
└─────────────────┘ └─────────────────┘ └─────────────────┘
│ │ │
┌────▼────┐ ┌─────▼─────┐ ┌──────▼──────┐
│ OS APIs │ │PostgreSQL │ │ ML Models │
│Monitor │ │ Redis │ │ scikit-learn│
└─────────┘ └───────────┘ └─────────────┘
- Agent Layer: Lightweight Go agents for endpoint monitoring
- Processing Core: Quarkus-based reactive event processing
- ML Engine: Python-based behavioral classification models
- Data Layer: PostgreSQL with time-series optimization
- Dashboard: React-based real-time monitoring interface
- Cost-effective ransomware protection without enterprise licensing costs
- Automated deployment and management requiring minimal security expertise
- Integration with existing backup and network infrastructure
- Multi-tenant deployment capabilities for managed security services
- API-first architecture for integration with existing security stacks
- Community-driven threat intelligence with commercial enhancement options
- Open-source codebase for academic research and development
- Extensible detection framework for custom behavioral analysis
- Community collaboration on emerging ransomware family detection
- Java 17+ (OpenJDK recommended)
- Maven 3.6.3+
- Node.js 18+
- Docker & Docker Compose
- PostgreSQL 15
# Backend services
cd kriir-core
./mvnw quarkus:dev
# ML service
cd kriir-ml
pip install -r requirements.txt
uvicorn main:app --reload
# Frontend dashboard
cd kriir-dashboard
npm install && npm start
# Database
docker-compose up postgres redis# Backend tests
cd kriir-core && ./mvnw test
# ML service tests
cd kriir-ml && python -m pytest
# Integration tests
docker-compose -f docker-compose.test.yml up --abort-on-container-exitWe welcome contributions from security professionals, developers, and researchers:
- Found a bug? Open an issue
- Have a feature idea? Start a discussion
- Want to contribute code? Check our Contributing Guide
- GitHub Discussions: Technical questions and feature discussions
- Discord: Real-time community chat (invite link in discussions)
- Security Mailing List: [email protected] for vulnerability reports
- Ransomware Detection Rate: 85%+ (target: continuously improving)
- False Positive Rate: <5% (with behavioral learning)
- Processing Latency: <30 seconds for behavioral analysis
- Agent Resource Usage: <5% CPU, <100MB memory
- Events per Second: 1,000+ (per core instance)
- Concurrent Agents: 10,000+ (horizontal scaling)
- Response Time: <200ms API responses
KRIIR is designed with security-first principles:
- Zero Trust Architecture: All components require authentication
- Data Encryption: TLS 1.3 for all communications, AES-256 for data at rest
- Privacy Protection: Optional data anonymization and local processing
- Regular Security Reviews: Community-driven security audits
Found a security vulnerability? Please email [email protected].
- Basic behavioral detection engine
- Rule-based ransomware identification
- Automated alerting system
- Docker deployment
- Enhanced machine learning models
- Advanced behavioral analysis
- Community signature marketplace
- Performance optimizations
- Multi-tenant architecture
- Advanced integration APIs
- Enterprise management features
- Professional service offerings
Free Forever - includes:
- Complete detection engine
- All behavioral rules and signatures
- Agent software for all platforms
- Self-hosted deployment
- Community support
Available for organizations requiring:
- 24/7 technical support
- SLA guarantees
- Professional services
- Custom feature development
- Priority security updates
Contact for enterprise support
- General Questions: [email protected]
- Security Issues: [email protected]
- Enterprise Support: [email protected]
Built by Ossama Lafhel and the open source security community
KRIIR is licensed under Apache 2.0. Built with commitment to transparent, accessible cybersecurity.