1. 1
“PACKET INSPECTION AND SIGNATURE
GENERATION USING AIENGINE”
A
Project
Submitted in partial fulfillment for the award of
Post-Graduation Diploma in
IT Infrastructure And System Security
Submitted to
C-DAC Electronics City
Bengaluru
Karnataka (India)
Submitted By
Rishabh Tamrakar – 170851923034
Rishi Kumar – 170851923035
Neha Singh– 170851923026
Shyamsundar Das – 170851923041
Under the Guidance of
Mr. Murali
3. 3
Objective
This project covers Installation And Configuration
Of Tool AIEngine (Author:Luis Campo Giralte).
And With The Help Of Tool Generating Signature
related to SYN and ICMP Packet In System.
4. 4
Scope
The aim of this document is to explain and describe the functionality
that AIEngine a New Generation Network Intrusion Detection System
engine brings.
AIEngine is a next generation programmable network intrusion
detection system. Supports x86_64, ARM and over operating systems
such as Linux, FreeBSD and MacOS.
Our aim is to detect SYN and ICMP scans in system and generating
signature so that, This signature can be given to Firewall or IDS/IPS
system to prevent it and stop the attacks like Dos.
5. 5
Purpose
The purpose of this project is to use AIEngine for the packet
inspection because it needs less human interaction.
AIEngine also helps network/security professionals to identify
traffic and develop signatures for use them on NIDS, Firewalls,
Traffic classifiers and so on.
AIEngine is useful for frequently analysis for unknown traffic
And Support for detect DDoS at network/application layer also
Support for rejecting TCP/UDP connections.
6. 6
Architecture
The core of AIEngine is a complex library implemented on C++11/14
standard that process packets on real time. This library uses a external
layer of high level programming languages, such as Python, Ruby or
even Java, that brings to the engine the flexibility of this type of
languages and the speed and performance of C++14 standard.
All the internal architecture is based on objects that could link or not,
depending on customer requirements, with other objects for bring a
specific functionality. On the other hand, all the memory connections
have internal caches that allows to the system to process more than
5.000.000 concurrent TCP connections with no memory problems.
10. 10
Download the repository of AIEngine from https://bitbucket.org/cam0
and unZip it.
Go inside the folder of camp0-aiengine and chance permission of 2
files 1: autogen.sh 2:configure.ac