1 views collected around this technical thread.
Ant Group’s “Aspect‑Fusion Intelligence” system, recognized as an outstanding cybersecurity case at the 2025 Beijing Cybersecurity Conference, leverages large‑model AI and expert knowledge to enhance threat detection, lower false positives, and improve explainability in large‑scale intrusion detection.
At the second Wuhan Cybersecurity Innovation Forum, Ant Group unveiled its AI‑powered "parallel security slice" approach for threat detection, detailing a multi‑layer defense system that leverages a DKCF framework, large‑model reasoning, and knowledge graphs to improve accuracy, reduce false alarms, and uncover unknown threats in complex digital enterprises.
The article details Ant Group’s AI‑driven security parallel plane and intelligent threat detection system, its DKCF‑based architecture, key modules for data correlation, unknown threat discovery, alarm reduction, and knowledge‑graph integration, and its recognition in the 2024 AI Pioneer Case Collection.
The article details Ant Group’s security parallel aspect fusion AI solution, selected as an exemplary case at the 2024 World Intelligent Industry Expo, explaining its multi‑dimensional data collection, large‑model integration, baseline construction, knowledge‑graph generation, and superior threat‑detection performance.
The article explains how to enable Kubernetes audit logging and use its detailed fields—such as userAgent, responseStatus, requestURI, and object references—to detect CDK‑generated attacks and other threats like CVE‑2022‑3172, privilege escalation, and backdoor deployment, offering practical detection examples and security recommendations.
This article details the challenges, design choices, deployment steps, detection model creation, data processing, visualization, and future plans of JD Daojia's security operations platform, highlighting the use of Graylog, Elasticsearch, and MongoDB to achieve scalable, real‑time threat detection and response.
This article explains how DNS, the Internet's core naming protocol, can be leveraged for large‑scale network measurement and security analysis, covering DNS hijacking metrics, NTP pool observations, passive DNS techniques, and the DNSMon threat‑detection system with practical insights and references.
This article explains how DNS data can be leveraged for both network measurement—such as quantifying global DNS hijacking and analyzing NTP pool servers—and security analysis, including threat detection with systems like DNSMon, highlighting the protocol’s growing importance for privacy, performance, and threat intelligence.
This article presents a comprehensive overview of DNS-based network measurement and security analysis, covering DNS fundamentals, hijacking metrics, NTP pool studies, passive DNS applications, and the DNSMon threat‑detection system, highlighting methods, findings, and practical implications for internet security.
This article explains practical methods for detecting account security threats—such as blacklisted, expired, or abnormal login behaviors—by analyzing Linux and Windows login logs, defining detection rules, and leveraging automated tools to generate timely alerts and reduce security risks.
A Cloud Access Security Broker (CASB) sits between cloud service consumers and providers to enforce security, compliance, and governance policies, offering visibility, data protection, threat detection, and control over shadow IT, with various deployment modes and integration options for modern cloud environments.
This guide explains why web log analysis is essential for security, demonstrates how to parse Apache logs, distinguishes normal from malicious requests, and provides practical Secsoso commands for business behavior statistics, traffic monitoring, and detecting attacks such as CC, SQL injection, file inclusion, and XSS.
The article explains the fundamental differences between intrusion detection systems (IDS), intrusion prevention systems (IPS), and unified threat management (UTM) devices, covering their detection methods, placement strategies, operational trade‑offs, and maintenance requirements to help security professionals choose and manage the appropriate solution.
JD Security’s Silicon Valley AI security scientist unveiled a novel container‑based sandbox at BlackHat Europe, detailing how contextual behavior analysis can detect and trace malicious code by leveraging lightweight containers, improving threat detection speed and accuracy for enterprise defenses.
The article presents a comprehensive list of one hundred concrete web‑application security techniques—ranging from HTTP request analysis and token validation to WAF rule conversion, honeypot deployment, IP reputation checks, and response‑time monitoring—derived from the book “Web Application Defender's Cookbook” and illustrated with real‑world examples and tool references.