Minerwa
Network awareness and early anomaly detection system for datacenters
In an ever-evolving digital landscape, threats are becoming increasingly sophisticated and challenging. Minerwa is a tool which shall provide better overwatch over malicious traffic in your data center. Leveraging the power of AI technology, Minerwa has been developed to deliver oversight of known malicious and anomalous traffic within data center environment. This project is openly available for public, we believe that the collective intelligence of a community of contributors will extend capabilities of Minerwa.
Key features
Approach for known attacks and also anomalies
Minerwa is trained on publicly available datasets like NDSec-1 [LINK!] and also the data from our data centres. This allows us to train our AI on real-world scenarios for more accurate threat detection of known attacks but also anomalies in the network
Real-time detection
Operation on real-time data is necessity for this tool to be useful for SoC teams. Based on hardware Minerwa is capable to analyze up to TODO Gbps [OVERIT!] of real-time traffic.
IPFIX Data format
We leverage IPFIX protocol for AI input from datacenters. This integration enhances our ability to provide more scalable threat detection and anomaly recognition.
Endpoint Clustering
In order to increase performance of the AI model we employed logical clustering of communication endpoints. Based on endpoint behaviour we assign the endpoint into group characterized by network behaviour. Anomaly detection benefits from this approach and yields improved performance compared to a single anomaly detection for all nodes.
Pluggable Architecture
Minerwa uses a pluggable architecture, allowing users to expand its detection and communication capabilities, like sending notifications and action triggering on remote systems.