Skip to main content

AIEngine - An Artificial Intelligent Intrusion Detection System Engine

AIEngine - An Artificial Intelligent IDS Engine

AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go network intrusion detection system engine with capabilities of learning without any human intervention, DNS domain classification, Spam detection, network collector, network forensics and many others.

It also helps network/security professionals to identify traffic and develop signatures for using them on NIDS, Firewalls, Traffic classifiers and so on.

The main functionalities of AIEngine are:
  • Support for interacting/programming with the user while the engine is running.
  • Support for PCRE JIT for regex matching.
  • Support for regex graphs (complex detection patterns).
  • Support five types of NetworkStacks (lan,mobile,lan6,virtual and oflow).
  • Support Sets and Bloom filters for IP searches.
  • Supports x86_64, ARM and MIPS architecture over operating systems such as Linux, FreeBSD and MacOS.
  • Support for HTTP,DNS and SSL Domains matching.
  • Support for banned domains and hosts for HTTP, DNS, SMTP and SSL.
  • Frequency analysis for unknown traffic and auto-regex generation.
  • Generation of Yara signatures.
  • Easy integration with databases (MySQL, Redis, Cassandra, Hadoop, etc...) for data correlation.
  • Easy integration with other packet engines (Netfilter).
  • Support memory clean caches for refresh stored memory information.
  • Support for detect DDoS at network/application layer.
  • Support for rejecting TCP/UDP connections.
  • Support for network forensics on real time.
  • Supports protocols such as Bitcoin, CoAP, DHCPv4/DHCPv6, DNS, GPRS, GRE, HTTP, ICMPv4/ICMPv6, IMAP, IPv4/v6, Modbus, MPLS, MQTT, Netbios, NTP, OpenFlow, PPPoE, POP, Quic, RTP, SIP, SMB, SMTP, SSDP, SSH, SSL, TCP, UDP, VLAN, VXLAN.

Using AIEngine

To use AIEngine (reduce version) just execute the binary aiengine or use the python/ruby/java/lua binding.
  luis@luis-xps:~/c++/aiengine/src$ ./aiengine -h
aiengine 1.8.0
Mandatory arguments:
  -I [ --input ] arg                Sets the network interface ,pcap file or
                                    directory with pcap files.

Link Layer optional arguments:
  -q [ --tag ] arg      Selects the tag type of the ethernet layer (vlan,mpls).

TCP optional arguments:
  -t [ --tcp-flows ] arg (=32768) Sets the number of TCP flows on the pool.

UDP optional arguments:
  -u [ --udp-flows ] arg (=16384) Sets the number of UDP flows on the pool.

Regex optional arguments:
  -R [ --enable-signatures ]     Enables the Signature engine.
  -r [ --regex ] arg (=.*)       Sets the regex for evaluate agains the flows.
  -c [ --flow-class ] arg (=all) Uses tcp, udp or all for matches the signature
                 on the flows.
  -m [ --matched-flows ]         Shows the flows that matchs with the regex.
  -M [ --matched-packet ]        Shows the packet payload that matchs with
                                 the regex.
  -C [ --continue ]              Continue evaluating the regex with the
                                 next packets of the Flow.
  -j [ --reject-flows ]          Rejects the flows that matchs with the
                                     regex.
  -w [ --evidence ]              Generates a pcap file with the matching
                                     regex for forensic analysis.

Frequencies optional arguments:
  -F [ --enable-frequencies ]       Enables the Frequency engine.
  -g [ --group-by ] arg (=dst-port) Groups frequencies by src-ip,dst-ip,src-por
                    t and dst-port.
  -f [ --flow-type ] arg (=tcp)     Uses tcp or udp flows.
  -L [ --enable-learner ]           Enables the Learner engine.
  -k [ --key-learner ] arg (=80)    Sets the key for the Learner engine.
  -b [ --buffer-size ] arg (=64)    Sets the size of the internal buffer for
                                    generate the regex.
      -Q [ --byte-quality ] arg (=80)   Sets the minimum quality for the bytes of
                                        the generated regex.
  -y [ --enable-yara ]              Generates a yara signature.


Optional arguments:
  -n [ --stack ] arg (=lan)    Sets the network stack (lan,mobile,lan6,virtual,
                   oflow).
  -d [ --dumpflows ]           Dump the flows to stdout.
  -s [ --statistics ] arg (=0) Show statistics of the network stack (5 levels).
  -T [ --timeout ] arg (=180)  Sets the flows timeout.
  -P [ --protocol ] arg        Show statistics of a specific protocol of the
                                   network stack.
  -e [ --release ]             Release the caches.
  -l [ --release-cache ] arg   Release a specific cache.
  -p [ --pstatistics ]         Show statistics of the process.
      -o [ --summary ]             Show protocol summmary statistics
                                   (bytes,packets,% bytes,cache miss,memory).
  -h [ --help ]                Show help.
  -v [ --version ]             Show version string.

NetworkStack Types

AIEngine supports five types of Network stacks depending on the network topology.
  • StackLan (LAN) Local Area Network based on IPv4.
  • StackLanIPv6 (lan6) Local Area Network with IPv6 support.
  • StackMobile (mobile) Network Mobile (Gn interface) for IPv4.
  • StackVirtual (virtual) Stack for virtual/cloud environments with VxLan and GRE Transparent.
  • StackOpenFlow (oflow) Stack for OpenFlow environments.



Download AIEngine




from Effect Hacking full article here

Popular posts from this blog

A week in security (December 17 – 23)

Last week on Labs we looked at Fuchsia OS as a possible alternative for Android , explained all the reasons why cybercriminals want to hack your phone , discussed a  flaw in Twitter form that may have been abused by nation states , gave you a  Christmas tech scams roundup , revealed why many  online quizzes qualify as phishing scams , gave some tips about safely using those smart speakers you got for Christmas , pointed out that  the Underminer exploit kit improved its latest iteration , and reminded everyone that  Chromebooks can and do get infected . Other cybersecurity news PewDiePie hackers strike again: hackers claimed that they launched yet another attack tricking hundreds of thousands of printers globally to print pamphlets promoting YouTube celebrity " PewDiePie ." (Source: ThreatPost) Equifax breach was entirely preventable: the Republican majority staff of the U.S. House of Representatives Committee on Oversight and Government Reform says the hack attack ...
Read more

A week in security (December 10 – 16)

Last week on Labs, we took a look at some new Mac malware , a collection of various scraped data dumps , the protection of power grids , and how bad actors are using SMB vulnerabilities .   Other cybersecurity news Millions affected by Facebook photo API bug: An issue granted third-party apps more access to photos than should normally be granted, including images uploaded but not published. (source: Facebook) Bomb threats may be a hoax: An email in circulation urging ransom payments in Bitcoin lest bombs across the US be detonated may well be a fake , according to US law enforcement. (source: The Register) Man jailed for fraud offenses: A man in the UK has been jailed for taking part in fraudulent activities. The main point of interest is surely the spectacular device he built. (source: Met Police) Another Google Plus bug: For six days, developer were able to access profile data not made public by the users. (source: Google) Windows 10 data collection: Reddit use...
Read more

Chaos in a cup: When ransomware creeps into your smart coffee maker

When the fledgling concept of the Internet of Things (IoT) was beginning to excite the world almost a decade ago, perhaps no coffee lover at that time would've imagined including the coffee machine in the roster of internet-connected devices—even in jest. True, the simple, utilitarian coffee machine may not be as popular now as it used to back in the day, but its continued availability within office premises and private home kitchens, plus inherent risks—much like any IoT device—may be in equal footing with your smart speaker , smart doorbell , or smart light bulb . Cybersecurity issues surrounding internet-connected coffee machines are further punctuated by the latest news about how Martin Hron, a reverse engineer from Avast, tinkered his Smarter coffee maker to not only beep and spew out hot water but also deprive you of a nice, morning brew and display a short ransom note. Courtesy of Dan Goodin, Ars Technica Yes, Hron turned his coffee maker into a ransomware mach...
Read more