Skip to content

tum-esi/CyberSecDome-DAIR

Repository files navigation

DAIR REST API

This project implements a REST API for DAIR using Flask. The system leverages Q-learning (or Deep Q-Learning) to propose responses to network intrusions.

Table of Contents

  • Installation
  • API Usage
  • Endpoints

Installation

  1. Clone the repository:

    git clone https://github.com/tum-esi/CyberSecDome-DAIR.git
    cd CyberSecDome-DAIR
  2. Create a new Python environment:

    python -m venv .dairenv
  3. Activate the virtual environment:

    source .dairenv/bin/activate

Only for Q-Learning:

  1. a) Install the necessary packages:
    pip install -r requirements_QLearning.txt

Only for Deep Q-Learning:

  1. b) Install the necessary packages:
    pip install -r requirements_dqn.txt

DAIR API

Usage

Run DAIR:

python dair_api.py

The API will be available at your IP address (automatically identified) at port 1234.

Endpoints

POST /receive_playbook

Receives intrusion data and returns proposed responses.

  • URL: /receive_playbook
  • Method: POST
  • Request Body:
{
    "incident_id": 123,
    "source_ip_address": "192.168.1.1",
    "target_ip_address": "192.168.1.1",
    "source_port": 8080,
    "target_port": 50,
    "transport_protocol": ["TCP", "UDP"],
    "app_protocol": ["HTTP", "FTP"],
    "attack_type": "DOS",
    "severity": 5
}
  • Response:
{
    "responses": [["Do Nothing"], ["Block IP", "Alert Admin"]]
}

POST /give_feedback

Receives feedback on the proposed responses to update the Q-learning model.

  • URL: /give_feedback
  • Method: POST
  • Request Body:
{
    "incident_id": 123,
    "feedback": [1, -1]
}
  • Response: HTTP return code (200 if OK)

GET /get_ai_state

Receives the serialized state of the Q-Table.

  • URL: /get_ai_state
  • Method: GET
  • Response: (MIME type application/octet-stream)
\x80\x04\x95\xd2\x00\x00\x00\x00\x00\x00\x00}\x94(K\x01\x85\x94KP\x85\x94K\x00\x85\x94K\x00\x85\x94K\x00K\x06t\x94\x8c\x15numpy.core.multiarray\x94\x8c\x0c_reconstruct\x94\x93\x94\x8c\x05numpy\x94\x8c\x07ndarray\x94\x93\x94K\x00\x85\x94C\x01b\x94\x87\x94R\x94(K\x01K\x06\x85\x94h\t\x8c\x05dtype\x94\x93\x94\x8c\x02f8\x94\x89\x88\x87\x94R\x94(K\x03\x8c\x01<\x94NNNJ\xff\xff\xff\xffJ\xff\xff\xff\xffK\x00t\x94b\x89C0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x9a\x99\x99\x99\x99\x99\xb9\xbfR\xb8\x1e\x85\xebQ\xc8\xbf\x94t\x94bs.

POST /send_ai_state

Send the serialized state of the Q-Table.

  • URL: /send_ai_state
  • Method: POST
  • Request Body:
\x80\x04\x95\xd2\x00\x00\x00\x00\x00\x00\x00}\x94(K\x01\x85\x94KP\x85\x94K\x00\x85\x94K\x00\x85\x94K\x00K\x06t\x94\x8c\x15numpy.core.multiarray\x94\x8c\x0c_reconstruct\x94\x93\x94\x8c\x05numpy\x94\x8c\x07ndarray\x94\x93\x94K\x00\x85\x94C\x01b\x94\x87\x94R\x94(K\x01K\x06\x85\x94h\t\x8c\x05dtype\x94\x93\x94\x8c\x02f8\x94\x89\x88\x87\x94R\x94(K\x03\x8c\x01<\x94NNNJ\xff\xff\xff\xffJ\xff\xff\xff\xffK\x00t\x94b\x89C0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x9a\x99\x99\x99\x99\x99\xb9\xbfR\xb8\x1e\x85\xebQ\xc8\xbf\x94t\x94bs.
  • Response: HTTP return code (200 if OK)

This project has received funding by the European Union-funded project CyberSecDome (Agreement No.: 101120779). Details: https://cybersecdome.eu/

About

Implementation of Dynamic and Adaptive Incident Response (DAIR) for the EU-project "CyberSecDome"

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages