CYBERSEC 2021 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree
Deep packet inspection (DPI) technology is widely used in network-side defense or detection equipment such as IPS/IDS/UTM. The signature/virus patterns (i.e., DPI Rules) used to detect threats can be treated as the DPI system's soul. In the past, the generation of DPI rules usually required threat researchers to study/collect the threat or weakness first and then generate the corresponding attack traffic, then rule makers used these traffic to write the rules fitting specific DPI engines. Such rule generation process relied on rich experience and consumed a lot of time. In recent years, with AI's help, we can have some automation in the rule generation process. Through this automation, we can lower the technical threshold of rule making and shorten rule generation time. This talk will share related technologies and provide a PoC demo.
Canaan has been a DPI/IDS/IPS engineer since 2001. He led the anti-botnet project of MoECC in NTHU (2009-2013) and held “Botnet of Taiwan” (BoT) workshops (2009-2014). He spoke at HitCon2014 CMT,HitCon2015 CMT and HitCon 2019. His primary research interests are in network security, intrusion detection systems, reversing engineering, malware detection, and embedded systems.