Huge Diamond
Network Service Corp.,
ANMAS, AI Network Malicious PCAP Analysis System
-
ANMAS, AI Network Malicious PCAP Analysis System, performs deep AI analysis of network packet files to detect whether internal network activity conceals APT attacks and malware activities, including: MITRE T0843, T1048, T1071, T1078, T1102, T1132, T1571, T1572, T1595, and other potential anomalous network threat activities witch is unpredictable and unknown potential network threats (abnormal network activity).
-
Base on Small Language Model (SLM) throughs fine-tuning data and enhanced retrieval (RAG), the AI Malicious Packets Analysis System (ANMAS) examines internal network activity for potential hidden malware and abnormal network activity.
-
This system performs deep AI-based packet analysis using a local language model and RAG data. Compared to rule-based network packet analysis, this system fine-tunes the AI data using SLM (Small Language Model) and employs enhanced RAG retrieval technology to train the AI's intelligent recognition and learning by combining packet data from over 2000 types of malicious program activities with normal network activity packet data. Through parameter fine-tuning, the AI model (which can be set by the user) interfaces with the fine-tuned packet training data and RAG data to generate potential malicious program network activity identification alerts and cybersecurity reports.
-
ANMAS elevates traditional network packet analysis from network information statistics reports to potential network threat pattern reports, and advances from rule-based network detection mechanisms (IDS, IPS) to dedicated AI small language model mechanisms, thereby improving and optimizing packet analysis capabilities for potential network activity threats.
MASA, Mobile AI Security Analysis System
MASA, Mobile AI Security Analysis System, is an AI network traffic analysis system for Mobile devices. This system can analysis many different abnormal network activities which include Trojan, Network Worms, Downloader, and all traffic from a Mobile device. The detail abnormal items about MASA are:
-
Application Layer Protocol: MITRE-T1071 C&C HTTP, HTTPS, SMTP, FTP
-
Web Service: Normal HTTP, Normal HTTPS(TLS), MITRE-T1102 C&C Normal HTTP, HTTPS
-
Multiband Communication: MITRE-T1206
-
Data Encoding: MITRE-T1132 Base64 Encoding
-
Protocol Tunneling: MITRE-T1572 DNS Tunnel
-
Traffic Signaling: MITRE-T1205 Port Knocking
-
Malware: Downloader, Info Stealer, Files Stealer, Keylogger, Beeping Beacon, Network Worms Infecting.
-
Web Instant Message System: Telegram, WhatsApp, Messenger, Singal, Zalo and more.
-
Common Web Application Service: Youtube, Facebook, IG, GMail, Dropbox and more.
-
Other unknown network traffic on a Mobile device.
Based on these key PCAPs and descriptions, MASA can be provided a full report for network security and TCP/IP research, as well as for many different applications, such as security examination services and ISO-27001 network security services for IoT/Mobile devices.
ELSAA, Essential Local Security AI Analysis System
ELSAA, Essential Local Security AI Analysis System, is an AI network traffic analysis system. The ELSAA System can analysis many different abnormal network activities which include Trojan, Network Worms, Downloader, and all traffic from a Mobile device. The detail abnormal items about the ELSAA are:
-
MITRE-T1071 : C&C HTTP, HTTPS, SMTP, FTP, ...
-
MITRE-T1102 : C&C Normal HTTP, HTTPS(TLS), ...
-
MITRE-T1206 : Multiband Communication
-
MITRE-T1132 : Base64 Encoding, Data Encoding, ...
-
MITRE-T1572 : DNS Tunnel
-
MITRE-T1205 : Port Knocking, Beeping, ...
-
Other unknown network traffic on a Mobile device.
Based on these key PCAPs and descriptions, the ELSAA can be provided a full report for network security and TCP/IP research, as well as for many different applications, such as security examination services and ISO-27001 network security services for Enterprise and the IoT/Mobile devices.
Case Study - Network PCAP Analysis Materials
To find out the network traffic which can lead us to understand the footprints of cyber attacking. Not only to sniffer a network but also to trace the track of user behavior.
We provide a lot of Network Behavior Analysis Studying Cases. Just like NSPA trainning courses, our course material files can be used as a passive network sniffer/packet capturing tool in order to analyze the abnormal behavior of network traffic. These materials and methods can also help you analyze PCAP files to find out malicious behavior from network environment.