ANMAS, AI Network Malicious PCAP Analysis System

ANMAS, AI Network Malicious PCAP Analysis System, performs deep AI analysis of network packet files to detect whether internal network activity conceals APT attacks and malware activities, including: MITRE T0843, T1048, T1071, T1078, T1102, T1132, T1571, T1572, T1595, and other potential anomalous network threat activities witch is unpredictable and unknown potential network threats (abnormal network activity).
Base on Small Language Model (SLM) throughs fine-tuning data and enhanced retrieval (RAG), the AI Malicious Packets Analysis System (ANMAS) examines internal network activity for potential hidden malware and abnormal network activity.
This system performs deep AI-based packet analysis using a local language model and RAG data. Compared to rule-based network packet analysis, this system fine-tunes the AI data using SLM (Small Language Model) and employs enhanced RAG retrieval technology to train the AI's intelligent recognition and learning by combining packet data from over 400 types of malicious program activities with normal network activity packet data. Through parameter fine-tuning, the AI model (which can be set by the user) interfaces with the fine-tuned packet training data and RAG data to generate potential malicious program network activity identification alerts and cybersecurity reports.
AMNAS elevates traditional network packet analysis from network information statistics reports to potential network threat pattern reports, and advances from rule-based network detection mechanisms (IDS, IPS) to dedicated AI small language model mechanisms, thereby improving and optimizing packet analysis capabilities for potential network activity threats.

MASA, Mobile AI Security Analysis System

MASA, Mobile AI Security Analysis System, is an AI network traffic analysis system for Mobile devices. This system can analysis many different abnormal network activities which include Trojan, Network Worms, Downloader, and all traffic from a Mobile device. The detail abnormal items about MASA are:

Application Layer Protocol: MITRE-T1071 C&C HTTP, HTTPS, SMTP, FTP
Web Service: Normal HTTP, Normal HTTPS(TLS), MITRE-T1102 C&C Normal HTTP, HTTPS
Multiband Communication: MITRE-T1206
Data Encoding: MITRE-T1132 Base64 Encoding
Protocol Tunneling: MITRE-T1572 DNS Tunnel
Traffic Signaling: MITRE-T1205 Port Knocking
Malware: Downloader, Info Stealer, Files Stealer, Keylogger, Beeping Beacon, Network Worms Infecting.
Web Instant Message System: Telegram, WhatsApp, Messenger, Singal, Zalo and more.
Common Web Application Service: Youtube, Facebook, IG, GMail, Dropbox and more.
Other unknown network traffic on a Mobile device.

Based on these key PCAPs and descriptions, MASA can be provided a full report for network security and TCP/IP research, as well as for many different applications, such as security examination services and ISO-27001 network security services for IoT/Mobile devices.

Case Study - Network PCAP Analysis Materials

To find out the network traffic which can lead us to understand the footprints of cyber attacking. Not only to sniffer a network but also to trace the track of user behavior.

We provide a lot of Network Behavior Analysis Studying Cases. Just like NSPA trainning courses, our course material files can be used as a passive network sniffer/packet capturing tool in order to analyze the abnormal behavior of network traffic. These materials and methods can also help you analyze PCAP files to find out malicious behavior from network environment.

MultiComponents SWARM System

A SWARM system is an TCP/IP message switching system for different agents. These agents are made by different purposes with Python, Java or C/C++/C#. Developers can use SWARM system to send/recevie/transfer their messages in a localhost or different hosts.

This SWARM system uses simple method to transfer messages between different agents (programs). For example, developer can design an agent to read an email system and transfers this mail content to a Log-Agent and a GPT-Agent to process the reaction. Another example is an UI agent recieives a message from user's input text, and sends the message to a GPT-Agent to process user's content.

SWARM system can be used for multiple hosts and transfers messages between different hosts, different agents (programs). This SWARM system allows developers define their own commands to extent their TCP/IP methods.