THE PACKET-BASED THREATS DETECTION METHOD OF PROVIDING ENCRYPT TRAFFIC VISIBLITY

摘要

The present invention relates to a packet-based threat detection method that provides encryption traffic visibility. In the method of the present invention, the intrusion detection engine of the packet-based threat detection device detects a threat and blocks the detected traffic data, and the YARA detection engine re-detects the traffic data for which no threat is detected by the intrusion detection engine. Including, the YARA rule of the YARA detection engine is uploaded to the internal logic of the FPGA (Field Programmable Gate Array) to match the header value of the packets passing through the FPGA and all the data in the payload in real time. It is characterized by including.