RAISE
Real-Time AI-Driven Intrusion Detection with Scalable Explainability
A Decision Transformer-based system that dynamically manages Suricata IDS rule sets, simultaneously detecting malicious traffic and autonomously disabling low-value rules that generate false positives, without any downtime.
- Programme
- LU-CID Call Cybersecurity I, Luxembourg Ministry of Economy / NC3 / Luxinnovation
- Grant
- €49,097.60 (80% co-financing, de minimis)
- Period
- 18 November 2024 – 15 May 2025
Problem
Suricata's rule sets contain thousands of manually curated signatures. In practice, many generate high false-positive rates on production traffic, overwhelming SOC analysts, while remaining unable to adapt to evolving attack patterns.
Traditional rule tuning relies on expert engineers, which is slow, expensive, and non-adaptive. RAISE addresses this by treating IDS rule management as a sequential decision problem, learning optimal rule subsets directly from historical Suricata log data.
Approach
Rather than replacing Suricata, RAISE sits alongside it as an intelligent rule management layer. It periodically re-evaluates the active rule set and reloads Suricata without downtime. Critical rules are always protected, while lower-value rules that generate false positives are disabled automatically.
Deliverable
Suricata Rule Optimizer Chrome Extension (v1.7), a browser-based interface for rule management and monitoring of the active Suricata rule set.
Continuity in AIAGENT4CYBER
The reward-shaped sequential modelling approach and XAI interpretability framework developed in RAISE directly underpin Cognifinity's contributions to the ongoing AIAGENT4CYBER project, an EU Digital Europe Programme initiative deploying coordinated multi-AI agent frameworks for cyber defence across a 12-partner consortium.
Interested in AI-Driven IDS?
Discuss how Decision Transformers can bring adaptive, explainable rule management to your security operations.
Contact R&D Team