Systems and methods for detecting intrusions, attacks, and sub-attacks launched against a network under observations are provided. A method, according to one implementation, includes obtaining network traffic information regarding data traffic in a network under observation and obtaining system log information regarding operations of the network under observation. The method further includes the step of inserting the network traffic information and system log information into one or more analysis procedures, where each analysis procedure is configured to detect a respective sub-attack of a multi-stage attack to which the network under observation is susceptible. Also, the method includes the step of combining the outputs of the one or more analysis procedures to detect whether one or more sub-attacks have been launched against the network under observation. In response to detecting that one or more sub-attacks have been launched, the methods include the step of determining the type of the one or more sub-attacks.