ai_firewall_project/
│── code/
│   │── __init__.py                    # Initializes the module (empty for now)
│   │── environment_setup.py            # Checks if dependencies and directories are set up
│   │── tcp_fragmentation_simulation.py # Simulates randomized TCP fragmentation attacks
│   │── covert_channel_simulation.py    # Simulates ICMP & DNS-based covert channel attacks
│   │── packet_analyzer.py              # Reads logs and detects anomalies
│   │── logger.py                        # Logs packets and anomalies
│   │── utils.py                         # (Future) Helper functions for packet manipulation
│
│── data/
│   └── sample_attack_logs.txt          # Placeholder for attack logs (to be updated)
│
│── results/
│   └── packets.log                      # Logs sent packets
│   └── analysis_report.txt              # Stores anomaly detection results
│
│── reports/
│   └── implementation_progress.tex      # Overleaf LaTeX document
│
│── README.md                            # Project Overview
│── requirements.txt                      # Python dependencies (e.g., Scapy)
│── run_demo.py                           # Runs all tests and logs results

---

Changes from Previous Version:

✅ New Files Added

• logger.py → Handles logging of packet transmissions and anomalies.
• packet_analyzer.py → Reads logs and flags anomalies.
• results/packets.log → Stores logged packet transmissions.
• results/analysis_report.txt → Contains flagged anomalies from packet analysis.

✅ Updated Features

• Randomized TCP fragmentation sizes.
• Added DNS tunneling to covert channel simulations.
• Structured logs and automated analysis included.

---python3 code/environment_setup.py

Next Steps

• Expand packet analysis rules to detect more attack patterns.
• Start basic AI integration for anomaly detection.
• Improve automated report generation for presentation.

📚 Reference Research

This project implements the architecture and testing methodologies proposed in the following IEEE research paper:

Research on the Application and Testing Method of AI Firewalls in Network Attack Detection 2023 IEEE 5th International Conference on Civil Aviation Safety and Information Technology (ICCASIT) DOI: 10.1109/ICCASIT58768.2023.10351578

Implemented Modules vs. Research Concepts

Research Concept	Implementation in Project	Description
Evasion Prevention	tcp_fragmentation_simulation.py	Simulates fragmentation attacks to test firewall resilience against evasion tactics.
Covert Channel Detection	covert_channel_simulation.py	Simulates ICMP/DNS tunneling attempts to identify hidden communication channels.
Anomaly Detection	AI_Firewall_Model.py	Uses ML (Random Forest/MLP) to detect deviation from normal traffic patterns as proposed in the study.