AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go network intrusion detection system engine with capabilities of learning without any human intervention, DNS domain classification, Spam detection, network collector, network forensics and many others.
AIEngine also helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
The main functionalities of AIEngine are:
Support for interacting/programming with the user while the engine is running.
Support for PCRE JIT for regex matching.
Support for regex graphs (complex detection patterns).
Support five types of NetworkStacks (LAN, mobile,lan6, virtual and of low).
Support Sets and Bloom filters for IP searches.
Supports x86_64, ARM and MIPS architecture over operating systems such as Linux, FreeBSD, and MacOS.
Support for HTTP, DNS and SSL Domains matching.
Support for banned domains and hosts for HTTP, DNS, SMTP, and SSL.
Frequency analysis for unknown traffic and auto-regex generation.
Generation of Yara signatures.
Easy integration with databases (MySQL, Redis, Cassandra, Hadoop, etc…) for data correlation.
Easy integration with other packet engines (Netfilter).
Support memory clean caches for refresh stored memory information.
Support for detect DDoS at network/application layer.
Support for rejecting TCP/UDP connections.
Support for network forensics in real time.
Supports protocols such as Bitcoin, CoAP, DHCPv4/DHCPv6, DNS, GPRS, GRE, HTTP, ICMPv4/ICMPv6, IMAP, IPv4/v6, Modbus, MPLS, MQTT, NetBIOS, NTP, OpenFlow, PPPoE, POP, Quic, RTP, SIP, SMB, SMTP, SSDP, SSH, SSL, TCP, UDP, VLAN, VXLAN.
AIEngine supports five types of Network stacks depending on the network topology.
StackLan (LAN) Local Area Network based on IPv4.
StackLanIPv6 (lan6) Local Area Network with IPv6 support.
StackMobile (mobile) Network Mobile (Gn interface) for IPv4.
StackVirtual (virtual) Stack for virtual/cloud environments with VxLan and GRE Transparent.
StackOpenFlow (oflow) Stack for OpenFlow environments.
Integrating/Program AIEngine with other systems
AIEngine is a python/ruby/java/Lua module also that allows being more flexible in terms of integration with other systems and functionalities. The main objects that the python module provide export are the following ones.
The system provides the following enable/disable functionalities depending on your requirements.
–enable-tcpqos Enable TCP QoS Metrics support for measure the QoS of connections.
–enable-bloomfilter Enable bloom filter support for IP lookups. This option should have the correct libraries.
–enable-reject Enable TCP/UDP reject connection support for break establish connections on StackLans and StackLanIPv6 objects.
–enable-pythongil Enable Python Gil support for multithreading applications.
–enable-static-memory Enable static/fixed memory support for systems with low memory requirements (256 Bytes slot).
–enable-code-coverage Enable code coverage support (develop).
–enable-sanatizer Enable sanatizer tests support (develop).
This options only can be enabled/disable on compilation time on the configure script.
Initial Bitbucket Deployments configuration
Update documentation, version number an performance tests.
Add support for evaluate regex on SMTP.
Expose the RegexManager on callbacks for set to other execution paths
Update documentation and add extra test cases.
Update documentation, fix issue on dhcp computing memory size [skip ci]
Update m4 macros and fix minor issue with sslhttps://bitbucket.org/camp0/aiengine/commits/tag/v1.9.0http://aiengine.readthedocs.io/en/latest/aiengine.html