Eligibility traces

[kUSHAL0601]

Status

READY

Description

1. Added options to use custom scanners from clamav, yara and virus_total
2. Added eligibility traces(Reinforcement Learning) in IDS to make it a semi-IPS i.e. blacklisting frequent offenders

Todos

• Tests
• Documentation

Deploy Notes

None specific

Steps to Test or Reproduce

Outline the steps to test or reproduce the PR here.

git pull --prune
git checkout <feature-branch>

1. sudo python3 SecureTea.py --clamav
2. sudo python3 SecureTea.py --yara
3. sudo python3 SecureTea.py --ids

Impacted Areas in Application

List general components of the application that this PR will affect:

• Args and Args helper :- Added following arguments :
  1. --clamav : Use clamav for AV search true or false
  2. --yara : Use yara for AV search true or false
  3. --eligibility_threshold : Intrusion Detection System (IDS) eligibility threshold
  4. --severity_factor : Intrusion Detection System (IDS) eligibility traces severity factor
• Antivirus Scanner :- Use clamav, yara or virustotal AV scanner as per args
• IDS :- Auto blacklist and whitelist IPs based on eligibility traces, a RL algorithm. It is explained in detail in documentation making it a semi-IPS by preventing malicious attackers.