Red team operations assess and enhance network security by simulating real-world attacks, generating complex semi-structured data like JSON. Analyzing this data requires AI models that balance performance and interpretability. While traditional methods handle structured data well, semi-structured formats pose challenges. This article presents an explainable Decision Tree-based model for classifying JSON data from red team operations. We introduce a novel feature extraction process that preserves the data’s hierarchical structure, integrating it into the HADES simulation framework for evaluation. Our model achieves strong classification performance and superior interpretability compared to methods like JSONGrinder.
