AIEngine is a next generation interactive/programmable Python/Ruby/Java/Lua packet inspection engine with capabilities of learning without any human intervention, NIDS(Network Intrusion Detection System) functionality, DNS domain classification, network collector, network forensics and many others.

It also helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.

The main functionalities of AIEngine are:

• Support for interacting/programing with the user while the engine is running.
• Support for PCRE JIT for regex matching.
• Support for regex graphs (complex detection patterns).
• Support five types of NetworkStacks (lan,mobile,lan6,virtual and oflow).
• Support Sets and Bloom filters for IP searches.
• Support Linux, FreeBSD and MacOS operating systems.
• Support for HTTP,DNS and SSL Domains matching.
• Support for banned domains and hosts for HTTP, DNS, SMTP and SSL.
• Frequency analysis for unknown traffic and auto-regex generation.
• Generation of Yara signatures.
• Easy integration with databases (MySQL, Redis, Cassandra, Hadoop, etc...) for data correlation.
• Easy integration with other packet engines (Netfilter).
• Support memory clean caches for refresh stored memory information.
• Support for detect DDoS at network/application layer.
• Support for rejecting TCP/UDP connections.
• Support for network forensics on real time.
• Supports protocols such as Bitcoin,CoAP,DHCP,DNS,GPRS,GRE,HTTP,ICMPv4/ICMPv6,IMAP,IPv4/v6,Modbus, MPLS,MQTT,NTP,OpenFlow,POP,RTP,SIP,SMTP,SSDP,SSL,TCP,UDP,VLAN,VXLAN.