intel/tadk-waf
10K+
Traffic Analytics Development Kit (TADK) contains optimized libraries and tools for network traffic analytics and classification. TADK currently supports three typical usages:
Application Identification (APPID): Extract network flow feature and classify the flow with Machine-Learning (ML), Deep-Learning (DL) Model or Deep Packet Inspection (DPI).
Web Application Firewall (WAF): Detect SQL Injection (SQLi) in URL, Cross-Site Scripting (XSS) in URL and Command & Control (C2) attacks in http payload with pre-trained AI models (ML & DL).
Content Inspection (CI): Tokenize any text into encoding sequence with or without arbitrary dictionary.
TADK also provides the ML/DL model training process and tools for building your customized model. Meanwhile, it provides methods to integrate with open-source projects such as VPP and ModSecurity.
$ docker pull intel/tadk-waf:latest
$ docker run -p 8005:8005 --name tadk-waf -d intel/tadk-waf:latest
Now the WAF service is listening port 8005 on your host server.
$ curl localhost:8005 -d "id = tadk & value = tadk' or '1' = '1'"
Notes: The machine learning model is used by default in Web Application Firewall. You can choose to use the deep learning model.
If you want to use deep learning model, you need to execute the following command to change model.
$ docker exec tadk-waf bash -c "./switch_model.sh dl"
If you want to use machine learning model, you need to execute the following command to change model.
$ docker exec tadk-waf bash -c "./switch_model.sh ml"
Notes: You can also execute the following command to check which model is being used.
$ docker exec tadk-waf bash -c "./check_model.sh"
$ docker exec tadk-waf bash -c "cat /usr/local/nginx/logs/error.log"
You will see the NGINX has reported the request has been detected as a SQL injection attack by tadk-waf.
If you want to redirect the HTTP request to your web application after tadk-waf inspection, you need to execute the following command to forward the HTTP request.
$ docker exec tadk-waf bash -c "./proxy_pass.sh YOUR_WEB_APP_IP YOUR_WEB_APP_PORT"
tadk-waf will forward HTTP request to your web application after inspection.
Notes: You can also try other features of TADK by following the README.pdf in the container.
View license information for the software contained in this image:
As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
where to get help:
send an email to yingqi.liu@intel.com
docker pull intel/tadk-waf