AIEngine – AI-driven Network Intrusion Detection System


AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with capabilities of learning without any human intervention, DNS domain classification, Spam detection, network collector, network forensics and many others.

AIEngine - AI-driven Network Intrusion Detection System


AIEngine also helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.

Functionality of AIEngine AI-driven Network Intrusion Detection System

The main functionalities of AIEngine are:

  • Support for interacting/programing with the user while the engine is running.
  • Support for PCRE JIT for regex matching.
  • Support for regex graphs (complex detection patterns).
  • Support six types of NetworkStacks (lan, mobile, lan6, virtual, oflow and mobile6).
  • Support Sets and Bloom filters for IP searches.
  • Supports x86_64, ARM and MIPS architecture over operating systems such as Linux, FreeBSD and MacOS.
  • Support for HTTP, DNS and SSL Domains matching.
  • Support for banned domains and hosts for HTTP, DNS, SMTP and SSL.
  • Frequency analysis for unknown traffic and auto-regex generation.
  • Generation of Yara signatures.
  • Easy integration with databases (MySQL, Redis, Cassandra, Hadoop, etc…) for data correlation.
  • Easy integration with other packet engines (Netfilter).
  • Support memory clean caches for refresh stored memory information.
  • Support for detect DDoS at network/application layer.
  • Support for rejecting TCP/UDP connections.
  • Support for network forensics on real time.
  • Support for JA3 TLS Signatures on SSL.
  • Supports protocols such as Bitcoin, CoAP, DHCPv4/DHCPv6, DNS, GPRS, GRE, HTTP, ICMPv4/ICMPv6, IMAP, IPv4/v6, Modbus, MPLS, MQTT, Netbios, NTP, OpenFlow, PPPoE, POP, Quic, RTP, SIP, SMB, SMTP, SSDP, SSH, SSL, TCP, UDP, VLAN, VXLAN.
  • Integration of HTTP Server for retrieve and configure the system.

Using AIEngine AI-driven Network Intrusion Detection System

To use AIEngine(reduce version) just execute the binary aiengine or use the python/ruby/java/lua binding.

You can download AIEngine here:

aiengine-1.9.1.tar.gz

Or read more here.

Posted in: Security Software


Latest Posts:


Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc


Comments are closed.