Architecture

The above figure shows the architecture of our MAIP framework, that includes the following main components:

  • Data acquisition module collects raw traffic data from networks or IoT testbed in either online or offline mode. It can also use Cyber Threat Intelligence (CTI) sources, e.g., deployed honeypots, to learn and continuously train our model using attack patterns and past malware information in the database.

  • Data analysis & processing module employs our Montimage monitoring tool (MMT) to parse a wide range of network protocols (e.g., TCP, UDP, HTTP, and more than 700) and extract flow-based features. Then, the restructured and computed data is transformed into a numeric vector so that can be easily processed by our AI model.

  • AI models module is responsible for creating and utilizing ML models able to classify the vectorized form of network traffic data for different purposes, such as user activity classification, malware detection in encrypted traffic or root cause analysis.

  • Adversarial attacks module injects various evasion and poisoning adversarial attacks for robustness analysis of our system.

  • Explainable AI module aims at producing post-hoc global and local explanations of predictions of our model.

  • Metrics module allows to measure quantifiable metrics for its accountability and resilience.

  • Defense mechanisms module provides countermeasures to prevent attacks against both AI and XAI models.

PreviousOverviewNextInstallation

Last updated