Configuring Artificial Intelligence Engine

Procedure

1. Create an AIE profile in the system view and enter the AIE profile view.

   profile type aie name profile-name

2. Configure description of the AIE profile.

   description description

3. Enable one or more detection engines as required.

   detection-engine { all | engine-name } enable

   Currently, the following detection engines are supported:

   • dga: DGA domain name request detection engine
   • cc: malicious C&C flow detection engine
   • eca: malicious encrypted C&C flow detection engine
   • bruteforce: brute-force cracking detection engine
   • sql: SQL injection detection engine

4. Optional: Configure AIE whitelists.

   aie whitelist module module-name item type-name value-content

   The whitelist of the AIE is a detection exception mechanism. You can add known secure IP addresses and domain names to whitelists to improve the detection accuracy and reduce false positives.

   Different detection engines support different types:

   • The DGA domain name request detection engine supports the configuration of IP address and domain name whitelists.
   • The brute-force cracking detection engine supports the configuration of IP address whitelists.
   • The malicious C&C flow detection engine supports the configuration of IP address whitelists.
   • The malicious encrypted C&C flow detection engine supports the configuration of IP address and certificate fingerprint whitelists.
   • The SQL injection detection engine supports the configuration of IP address whitelists.

5. Reference an AIE profile in a security policy.

   For details on how to configure a security policy, see Configuring a Security Policy Using the CLI.