9499威尼斯登录-Mobile Internet Malware Monitoring System

www.9499.com-9499威尼斯登录

Product features
Product function
Product architecture
Customer case

Product features

Efficient software capabilities

Supports a broad spectrum of black and white lists. By analyzing the relationship between domain names, application are associated to form a broad-spectrum black-and-white list database;It supports the classification of application tags. Through the clustering learning of the application's signature, publishing provider, application description and other features, it forms classification tags and associates similar applications.

Static detection: through the authority and behavior of APK code, the risk weight is calculated and the score is determined;
Dynamic detection: load APK program in sandbox and start running, track and analyze abnormal process of program startup, communication and invoking, and make comprehensive judgment according to the risk of ations and data sensitivity.
Multi engine detection: integrate a variety of common malware detection engines, perform parallel detection, and judge the software.
High performance hardware

Analysis and disposal equipment is divided into equipment frame and special analysis & disposal equipment node.
With compact structure, four independent two-way server nodes can be built into a compact 2U frame to realize intelligent horizontal expansion; hot swapping server nodes, power supplies and disk drives significantly enhance the availability and reduce maintenance costs; the use of shared redundancy and platinum grade efficient power supply and centralized installation of fan units minimize energy consumption; the use of dual server nodes, power supplies and disk drives can significantly enhance the availability and reduce maintenance costs. A maximum of four analysis & disposal equipment nodes can be installed in each 2U cabinet, which makes the density of the system double that of the standard rack server. Dpdk packet receiving technology is adopted in the bottom layer to support high-speed data acquisition and rule detection engine; 1-4 business processing cards are optional, with a maximum processing capacity of 80G.

Product function

The analysis module is implemented by the probe, which is responsible for packet capture, protocol analysis, data aggregation, virus scanning, result sorting and other functions. It is specifically divided into packet capture layer, protocol analysis layer, preprocessing layer, anti-virus engine layer, data layer, etc.

According to the instructions of the management platform, the disposal module completes the processing page push and malicious traffic blocking by matching the interception characteristics and traffic analysis results. It is divided into traffic analysis module, interception / redirection module and page push interface module.

Product architecture

The system is divided into front-end analysis equipment and back-end analysis platform

图片3.png

The analysis module enables the probe to capture the data packets in the network through the packet capture platform, accurately identify the protocol in a variety of ways, and judge whether to process the data according to the protocol type. Through the analysis of the known virus attack module, we can compare and scan the data from different virus transmission engine. For all kinds of events found, the anti-virus engine will upload the detailed associated data.

The workflow of the analysis module is shown in the following figure:

图片4.png

The processing module is transparent to the original network, and does not change the topology, IP address, routing protocol, access control strategy, etc.; that is, it does not change the routing direction of the original data stream, does not increase nor reduce the route hops of the original data flow; it does not send a large amount of data to the existing network to achieve the purpose of controlling the flow volume, and the maximum interference data sent is not more than 0.1% of the link bandwidth. The schematic diagram of its working mode is as follows:

图片5.png

Customer case

Mobile phone malware monitoring system of China Mobile (centralized SCA platform)

Mobile phone malware monitoring system of China Mobile (centralized SCA platform)

Mobile phone malware monitoring system of China Mobile focuses on SCA platform, covering 27 provinces. It mainly processes 2G / 3G / 4G network logs, finds suspected malicious behaviors
Mobile Internet malware monitoring and prevention system of China Telecom

Mobile Internet malware monitoring and prevention system of China Telecom

The system was constructed according to China Telecom Groups real-time monitoring, disposal, early warning and trend analysis of malicious code in mobile network. It has the ability to monitor and dispose malicious code in mobile Internet of China Telecom.
Malware monitoring system of Planning Institute of MIIT

Malware monitoring system of Planning Institute of MIIT

According to the research needs of the Planning Institute of MIIT, we cooperate with the construction of malware monitoring system. By deploying crawler server, we can crawler APP in the designated app store, and analyze the samples in the background

TongTech brands

Consult
?
Service

www.9499.com-9499威尼斯登录

Efficient software capabilities

High performance hardware

www.9499.com|9499威尼斯登录