Deep packet inspection (DPI) technology is widely used in network-side defense or detection equipment such as IPS/IDS/UTM. The signature/virus patterns (i.e., DPI Rules) used to detect threats can be treated as the DPI system's soul. In the past, the generation of DPI rules usually required threat researchers to study/collect the threat or weakness first and then generate the corresponding attack traffic, then rule makers used these traffic to write the rules fitting specific DPI engines. Such rule generation process relied on rich experience and consumed a lot of time. In recent years, with AI's help, we can have some automation in the rule generation process. Through this automation, we can lower the technical threshold of rule making and shorten rule generation time. This talk will share related technologies and provide a PoC demo.
He has been a DPI/IDS/IPS engineer since 2001.
He led the anti-botnet project of MoECC in NTHU (2009-2013) and held “Botnet of Taiwan” (BoT) workshops (2009-2014).
He spoke at HitCon2014 CMT,HitCon2015 CMT and HitCon 2019.
His primary research interests are in network security, intrusion detection systems, reversing engineering, malware detection, and embedded systems.