Network Purification
In order to stop the spread of mobile internet malicious programs to ensure the security of mobile internet, and improve the management of network security to meet the regulatory requirements of national authorities, Byzoro network purification system, based on MIIT's Monitoring and Disposal Mechanism for Mobile Internet Malicious Programs and CDMA Information Collection Equipment Technical Specification of China Telecom and through the construction of system for monitoring and controlling mobile internet malicious programs, gradually realizes the real-time monitoring, disposal, early warning and trend analysis of malicious codes in the Internet and has the capacity of monitoring and disposing malicious codes in the Internet.
Functions and Characteristics
File-Based Detection
Byzoro network purification system detects virus, worm, Trojan horse and other malicious codes based on files. The file formats include SIS, SISX, EXE, JAR, APK, CAB, RAR, ZIP, IPA, COD, ALX, PRC, ELF, etc.
Security Event Detection
Byzoro network purification system supports the detection of botnet, network worm, DDOS, system destruction, malicious charging software, malicious ordering, access to user privacy, junk mail and other security events, as well as collects and reports relevant weblog information to the centralized management module.
Perfect Filter Rules
1) An HTTP request contains user's IMSI, terminal type and other information.
2) Users having the same network behavior exceed the threshold/day.
3) The number of the same cellphone software file being propagated exceeds threshold/day.
4) The network packet contains abnormal characteristic word.
5) The number of the same cellphone software file contained in MMS as an attachment exceeds threshold/day, etc.
6) The filter rules shall allow the custom keyword, threshold, etc. to be used as the filter rule item. The rule items can be set up in combination, and the thresholds can be set up separately.
7) Screening analysis of malicious API ordering behavior is supported.
8) Information screening analysis is supported. Relevant file information will be scanned and recorded, and then be screened and analyzed for a specific keyword, malicious information, etc.
Malicious Code Blacklist
Byzoro network purification system supports the malicious code blacklist, and has the blocking/deblocking capacity based on the malicious code blacklist. The access to the information in the blacklist by the user covered by the system will be blocked/deblocked, and the success rate will be 100%. The user's access to the information not in the blacklist will not be affected. The forms of blocking/deblocking include:
1) The system supports the control of access to malicious codes in the blacklist. The access strategies include blocking without warning and blocking with warning.
2) The system can be selected to show the warning page and warning file to the blocked user.
3) The system supports the manual configuration of blocking/deblocking of blacklist.