思科ETA主页 https://www.cisco.com/c/en/us/solutions/enterprise-networks/enterprise-network-security/eta.html ETA有关开源项目: https://github.com/cisco/joy/tree/master/src ETA数据分析思路: Understanding Network Traffic Through Intraflow Data https://resources.sei.cmu…

DPI,可分为三部分: https://blogs.cisco.com/enterprise/cisco-traffic-analysis-encrypted-threat-analytics 知名端口流量,非知名端口流量,加密流量. 加密浏览可参考 ETA  [knowledge][ETA] Encrypted Traffic Analytics AVC, 思科用来识别非知名端口应用的方法. https://www.cisco.com/c/en/us/products/routers/avc-…

catalogue . SCENARIO . QUESTIONS . Analysis:10.3.14.134 . Analysis:10.3.14.131 1. SCENARIO The pcap contains traffic from three different hosts.  You also have IDS alerts to help you figure out what's going on. Relevant Link: http://www.malware-traff…

What is Dark Social & Dark Traffic? By Iaroslav Kudritskiy Google Analytics is supposed to speak the truth about website traffic. However, looking into you're traffic channels, you'll find 20% or 30% of traffic is coming in direct. The user used a UR…

网络安全问题的背景 网络安全研究的内容包括很多方面,作者形象比喻为盲人摸象,不同领域的网络安全专家对网络安全的认识是不同的. For researchers in the field of cryptography, security is all about cryptographic algorithms and hash functions. Those who are in information security focus mainly on privacy, watermarkin…

2018 年的文章, Using deep neural networks to hunt malicious TLS certificates from:https://techxplore.com/news/2018-10-deep-neural-networks-malicious-tls.html 使用LSTM对恶意证书进行分类,准确率94% 下面是介绍. Moreover, encryption can give online users a false sense of securi…

Introduction Nginx is one of the most popular web servers in the world and is responsible for hosting some of the largest and highest-traffic sites on the internet. It is more resource-friendly than Apache in most cases and can be used as a web serve…

How HTML5 Web Sockets Interact With Proxy Servers Posted by Peter Lubberson Mar 16, 2010 With the recent explosion of WebSocket server implementations, a lot of questions have come up about how HTML5 Web Sockets deal with proxy servers, firewalls, an…

Computer EC2 – Virtual Servers in the Cloud EC2 Container Service – Run and Manage Docker Containers Elastic Beanstalk – Run and Manage Web Apps Lambda – Run Code in Response to Events Storage & Content Delivery S3 – Scalable Storage in the Cloud Clo…

As we all know that long2ip works as ip1.ip2.ip3.ip4 (123.131.231.212) long ip => (ip1 * 256 * 256 * 256) + (ip2 * 256 * 256) + (ip3 * 256) + ip4 2072242132 => (123 * 256 * 256 * 256) + (131 * 256 * 256) + (231 * 256) + 212 But what would be pseudo…