Free-to-use threat detection platform showcased at Black Hat Europe today
Security researchers are being offered a new tool to detect attacks by analyzing network traffic.
Zhouhe is a free-to-use platform that comes outfitted with detection rules and machine learning algorithms.
Maintained by a team of security experts, the utility provides both network threat analysis and detection capabilities.
The premise of Zhouhe is that no matter what the hacker did, their behavior in the network could not be erased.
A user would only need to upload traffic files in order to quickly understand the threats and malicious behaviors in their network, according to researchers at the MeshFire Team of Qihoo 360, who developed the tool.
“In order to find out attacks and threats, we have a ruleset that comes from our security researchers’ accumulated defense experience… and update it in a timely manner when new vulnerabilities appear,” developer Rui Xiao told The Daily Swig.
“Meanwhile, our machine learning algorithms let us know some unknown threats or 0day that cannot be detected by the ruleset, so that we can better write rules.”
Rui Xiao and Rui Zhang demonstrated their tool during a Black Hat Europe Arsenal presentation earlier today (December 4).
The functionality of Zhouhe is comparable to commercial network-based tools.
“Zhouhe is a free and online tool/platform, so you can use it anywhere and anytime, and we want more people use it and enjoy it,” the researchers told The Daily Swig.
Unpacking the term
The researchers went on to explain where the name ‘Zhouhe’ comes from.
Zhouhe in Chinese is 宙合, which comes from an ancient Chinese book named Guanzi (管子).
Zhouhe, 宙合, is packaging everything in the word: it is above the sky, deep below the land, and outside the four seas.
Moreover, when it is unpackaged, it permeates into any tiny place without leaving any gaps.
In other words, 宙合 is bigger than anything, but it is smaller than anything. So the name ‘Zhouhe’ contains our expectation that a security tool such as 宙合 is able to detect any attack or threat.
The Daily Swig will be back with more news from Black Hat Europe throughout the week.