Category: AI Analysis

Yes, completely. Suri Oculus can operate: as a Suricata event visualization and analysis system; as a manual analysis tool; without running AI modules at all. AI: does not affect core functionality; is not involved in traffic blocking; is enabled only when explicitly required.

Yes, as with any anomaly detection system. It is important to understand that: AI detects deviations, not “attacks”; an anomaly ≠ an incident; some detections require interpretation by an analyst. The project’s approach is to: show the reason and context of an anomaly; allow comparison […]

Recommended, but not strictly mandatory. Usage options: pre-trained models — for quick deployment; fine-tuning on local data — to improve accuracy; full retraining — for highly specific networks. The more stable and “clean” the baseline traffic, the better the detection quality.

The system is based on unsupervised anomaly detection models designed to work without labeled data. Currently used approaches include: Isolation Forest and related methods; statistical and behavioral profiling; custom feature extraction (partially implemented in C++). The models are chosen because they: do not require labeled […]

AI modules analyze behavioral and network features extracted from Suricata events. Supported data types: Flow — network flows (volume, direction, duration, frequency); DNS — queries, responses, and domain behavior; TLS — handshake characteristics, versions, JA-like features; HTTP — methods, headers, and request patterns; Metadata — […]