• Search engine for YARA signature pattern selection.
• Automatically generating YARA rules/signatures that cover a specific set of files.
• Short scanning time for YARA signatures on large amount of data (clean set) for identifying the best signature candidate.
• The generated YARA rules should be generic i.e. single signature should cover multiple malware samples.
Develop a network intrusion detection system with high network throughput.
The system should scan, classify and monitor the network traffic in realtime without affecting the network throughput.
Following are the features
- Real time traffic analysis
- Protocol analysis
- Content searching
- Detect variety of attacks and probes
Adopting a collaborative approach to sharing the threat intelligence has its own benefits. The volume of threat incidences along with sophistication of techniques used demands implementation of effective protective system. You always see only view through one angle and no one has the full picture.
Ability to find needle in a haystack gives the notion of today's threat landscape.
The system should build capability of collective threat intelligence to prioritize, focus and detect threats.