This project implements a REST API for DAIR using Flask. The system leverages Q-learning (or Deep Q-Learning) to propose responses to network intrusions.
- Installation
- API Usage
- Endpoints
-
Clone the repository:
git clone https://github.com/tum-esi/CyberSecDome-DAIR.git cd CyberSecDome-DAIR -
Create a new Python environment:
python -m venv .dairenv
-
Activate the virtual environment:
source .dairenv/bin/activate
Only for Q-Learning:
- a) Install the necessary packages:
pip install -r requirements_QLearning.txt
Only for Deep Q-Learning:
- b) Install the necessary packages:
pip install -r requirements_dqn.txt
Run DAIR:
python dair_api.pyThe API will be available at your IP address (automatically identified) at port 1234.
Receives intrusion data and returns proposed responses.
- URL: /receive_playbook
- Method: POST
- Request Body:
{
"incident_id": 123,
"source_ip_address": "192.168.1.1",
"target_ip_address": "192.168.1.1",
"source_port": 8080,
"target_port": 50,
"transport_protocol": ["TCP", "UDP"],
"app_protocol": ["HTTP", "FTP"],
"attack_type": "DOS",
"severity": 5
}- Response:
{
"responses": [["Do Nothing"], ["Block IP", "Alert Admin"]]
}Receives feedback on the proposed responses to update the Q-learning model.
- URL: /give_feedback
- Method: POST
- Request Body:
{
"incident_id": 123,
"feedback": [1, -1]
}- Response: HTTP return code (
200if OK)
Receives the serialized state of the Q-Table.
- URL: /get_ai_state
- Method: GET
- Response: (MIME type
application/octet-stream)
\x80\x04\x95\xd2\x00\x00\x00\x00\x00\x00\x00}\x94(K\x01\x85\x94KP\x85\x94K\x00\x85\x94K\x00\x85\x94K\x00K\x06t\x94\x8c\x15numpy.core.multiarray\x94\x8c\x0c_reconstruct\x94\x93\x94\x8c\x05numpy\x94\x8c\x07ndarray\x94\x93\x94K\x00\x85\x94C\x01b\x94\x87\x94R\x94(K\x01K\x06\x85\x94h\t\x8c\x05dtype\x94\x93\x94\x8c\x02f8\x94\x89\x88\x87\x94R\x94(K\x03\x8c\x01<\x94NNNJ\xff\xff\xff\xffJ\xff\xff\xff\xffK\x00t\x94b\x89C0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x9a\x99\x99\x99\x99\x99\xb9\xbfR\xb8\x1e\x85\xebQ\xc8\xbf\x94t\x94bs.
Send the serialized state of the Q-Table.
- URL: /send_ai_state
- Method: POST
- Request Body:
\x80\x04\x95\xd2\x00\x00\x00\x00\x00\x00\x00}\x94(K\x01\x85\x94KP\x85\x94K\x00\x85\x94K\x00\x85\x94K\x00K\x06t\x94\x8c\x15numpy.core.multiarray\x94\x8c\x0c_reconstruct\x94\x93\x94\x8c\x05numpy\x94\x8c\x07ndarray\x94\x93\x94K\x00\x85\x94C\x01b\x94\x87\x94R\x94(K\x01K\x06\x85\x94h\t\x8c\x05dtype\x94\x93\x94\x8c\x02f8\x94\x89\x88\x87\x94R\x94(K\x03\x8c\x01<\x94NNNJ\xff\xff\xff\xffJ\xff\xff\xff\xffK\x00t\x94b\x89C0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x9a\x99\x99\x99\x99\x99\xb9\xbfR\xb8\x1e\x85\xebQ\xc8\xbf\x94t\x94bs.
- Response: HTTP return code (
200if OK)
This project has received funding by the European Union-funded project CyberSecDome (Agreement No.: 101120779). Details: https://cybersecdome.eu/