top of page
_cd5bb3ee-6ed7-48a6-adf6-ca14767cfe80.jpeg

ANMAS, AI Network Malicious PCAP Analysis System

  • ANMAS, AI ​Network ​Malicious PCAP Analysis System, performs deep AI analysis of network packet files to detect whether internal network activity conceals APT attacks and malware activities, including: MITRE T0843, T1048, T1071, T1078, T1102, T1132, T1571, T1572, T1595, and other potential anomalous network threat activities witch is unpredictable and unknown potential network threats (abnormal network activity).

  • Base on Small Language Model (SLM) throughs fine-tuning data and enhanced retrieval (RAG), the AI ​​Malicious Packets Analysis System (ANMAS) examines internal network activity for potential hidden malware and abnormal network activity.

  • This system performs deep AI-based packet analysis using a local language model and RAG data. Compared to rule-based network packet analysis, this system fine-tunes the AI ​​data using SLM (Small Language Model) and employs enhanced RAG retrieval technology to train the AI's intelligent recognition and learning by combining packet data from over 400 types of malicious program activities with normal network activity packet data. Through parameter fine-tuning, the AI ​​model (which can be set by the user) interfaces with the fine-tuned packet training data and RAG data to generate potential malicious program network activity identification alerts and cybersecurity reports.

  • AMNAS elevates traditional network packet analysis from network information statistics reports to potential network threat pattern reports, and advances from rule-based network detection mechanisms (IDS, IPS) to dedicated AI small language model mechanisms, thereby improving and optimizing packet analysis capabilities for potential network activity threats.

_8501e702-0e35-40b3-94af-0c6436c79c20.jpeg

ANPPL, AI Network PCAP Packets Library

ANPPL, AI Network PCAP Packets Library, is a knowledge library system of network packet files. This library collects many different PCAP files from real malware attacking which include Trojan(RAT), Network Worms, Downloader, Ransomware, HTTP CGI Scanning, Port Scanning, DNS Spoofing, ARP Spoofing, SQL Injection, SCADA attacking and more. The detail library items about ANPPL are:

  • Enumerate Info: ARP Scan, ICMP Scan, Port Scan, CGI Scan, DDoS-TCP SYN Flood

  • Application Layer Protocol: MITRE-T1071 C&C HTTP, HTTPS, SMTP, FTP

  • Web Service: Normal HTTP, Normal HTTPS(TLS), MITRE-T1102 C&C Normal HTTP, HTTPS

  • Multiband Communication: MITRE-T1206

  • Data Encoding: MITRE-T1132 Base64 Encoding

  • Protocol Tunneling: MITRE-T1572 DNS Tunnel

  • Traffic Signaling: MITRE-T1205 Port Knocking

  • Password Attack: SMB, FTP, Telnet, SSH, RDP, MSSQL, PostgressSQL, MySQL

  • Malware: Downloader, Info Stealer, Files Stealer, Keylogger, Beeping Beacon, Network Worms Infecting.

  • Ransomware: WannaCrypto, Abnormal File Type, NAS Attacking

  • Web Instant Message System: Telegram, WhatsApp, Messenger, Singal, Zalo and more.

  • Common Web Application Service: Youtube, Facebook, IG, GMail, Dropbox and more.

  • Mobile Phone Traffic: iPhone, Samsung, Mei, Hauwei and more.

  • IoT Device Traffic: UPnP/SOAP,

  • Multiple function agents for Schedule, Video-Builder, QA Service, etc.

   Based on these key PCAPs and descriptions, ANPPL can be provided as a classic textbook for network security and TCP/IP research, as well as for many different applications, such as security operations center services and ISO-27001 network security consulting services.

Case Study - Network PCAP Analysis Materials

  To find out the network traffic which can lead us to understand the footprints of cyber attacking. Not only to sniffer a network but also to trace the track of user behavior.

  We provide a lot of  Network Behavior Analysis Studying Cases. Just like NSPA trainning courses, our course material files can be used as a passive network sniffer/packet capturing tool in order to analyze the abnormal behavior of network traffic. These materials and methods can also help you analyze PCAP files to find out malicious behavior from network environment.

_d68d373f-c2f8-4e95-9dd8-5af4defa3f1a.jpeg

MultiComponents SWARM System

  A SWARM system is an TCP/IP message switching system for different agents. These agents are made by different purposes with Python, Java or C/C++/C#. Developers can use SWARM system to send/recevie/transfer their messages in a localhost or different hosts.

  This SWARM system uses simple method to transfer messages between different agents (programs). For example, developer can design an agent to read an email system and transfers this mail content to a Log-Agent and a GPT-Agent to process the reaction. Another example is an UI agent recieives a message from user's input text, and sends the message to a GPT-Agent to process user's content.

    SWARM system can be used for multiple hosts and transfers messages between different hosts, different agents (programs). This SWARM system allows developers define their own commands to extent their TCP/IP methods. 

Last Solution...

  • Wix Facebook page
  • Wix Twitter page
  • Wix Google+ page

© 2016-2025  by Huge-Diamond Network Service Corp.,

bottom of page