The Hillstone Advanced Threat Detection (ATD) Engine analyzes millions of known HTTP based malware samples with regular updates. It extracts the common characteristics of each malware family for further analysis. Using unsupervised machine learning algorithms and mathematical modeling, the common features for each of the thousands of malware families is poured into a clustering model and is loaded on the device.
The model is also regularly updated from Hillstone Cloud . This process is illustrated in the following diagram
When a suspected malware is detected, the packet is further inspected and relevant features are extracted and processed through the model. It is given a predicted result with a specific confidence level and is also delivered with forensic evidence, threat intelligence, as well as a proposed action, shown in the threat details pages in the iCenter.
Please view the Hillstone Intelligence Firewall /Hillstone Server Breach Detection to know more detail or contact Nessar Vietnam.