Understanding Artificial Intelligence Engine

Implementation of the AIE

The AIE of the FW uses security detection algorithms based on machine learning and deep learning to detect threats. Figure 1 shows the implementation of the AIE.

Figure 1 Implementation of the AIE

With the AIE, the FW processes the received traffic as follows:

1. After receiving a packet from the Internet, the FW searches for a security policy during the packet forwarding process.
2. If the packet matches a security policy that references the AIE profile, the FW processes the packet based on the action in the security policy and sends the packet to the flow probe for information collection. The metadata is then obtained. If the packet matches a security policy that does not reference the AIE profile, the FW directly processes the packet based on the action in the security policy and sends the packet to another service module for processing.
3. The collected metadata is sent to the AIE, and the AIE analyzes and detects the metadata against the check items configured in the AIE profile. If a threat event is detected, the AIE sends a log to the system and generates a report. The log describes details about the threat event, based on which the administrator can perform subsequent operations.

Comparison of the Detection Methods

Both the flow probe and AIE can be used for advanced threat detection. The difference is that the flow probe functions as an information collector and needs to connect to the HiSec Insight, whereas the AIE can detect threats on the FW locally. Table 1 lists the comparison of the two detection methods. You can select either of them as required.