首页>
外国专利>
METHOD FOR REAL-TIME ENCRYPTION PACKET SEPARATION AND IDENTIFICATION IN HIGH SPEED TRAFFIC AND INTERWORKING WITH YARA DETECTION ON IDENTIFIED PACKET AND APPARATUS THEREOF
METHOD FOR REAL-TIME ENCRYPTION PACKET SEPARATION AND IDENTIFICATION IN HIGH SPEED TRAFFIC AND INTERWORKING WITH YARA DETECTION ON IDENTIFIED PACKET AND APPARATUS THEREOF
展开▼
机译:高速交通中实时加密包的分离与识别方法以及与识别包的yara检测交互的方法及其装置
展开▼
页面导航
摘要
著录项
相似文献
摘要
The present invention relates to a packet-based threat detection device that provides visibility of encrypted traffic in conjunction with YARA detection technology. The device of the present invention is implemented based on a hardware module including a Field Programmable Gate Array (FPGA) and memory. In addition, the packet-based threat detection apparatus of the present invention detects a threat by applying an encryption traffic decryption engine 110 that decrypts encrypted network traffic data using a certificate, and a predetermined intrusion detection rule on the decrypted traffic data. With respect to the blocking intrusion detection engine 120 and the traffic data for which no threat is detected by the intrusion detection engine 110, the traffic data is not combined to generate a complete file, but a YARA rule is applied on a packet basis. Includes a packet-based YARA detection engine (130) that redetects threats.
展开▼