Security Teams Safety Research Institutes National Engineering Laboratory

Security Teams

360 Vulcan Team

NEL for Big Data Analysis and Applied Technology

A next-generation localized intelligence platform with the capability of managing, improving/empowering, evaluating and sharing intelligence. It can be used to improve the detection of critical threats, automatically identify key incidents among alarms, and provide advanced capabilities such as intelligence analysis, management of external attack surface and analysis of industrial intelligence, in order to help certain organization be prepared for security risks in the Information Age. This intelligence platform can be smoothly expanded to a set of intelligence infrastructure. This intelligence platform can be smoothly expanded to a set of intelligence infrastructure., in order to help certain organization be prepared for security risks in the Information Age.

Safety Research Institutes

Focus on cutting-edge research on network security and explore future development directions

TIANSHUZHIKU

天枢智库

360NETLAB

360Netlab

GONGCHENGYANJIUYUAN

工程研究院

SHUJUANQUANYANJIUYUAN

数据安全研究院

Data Security Research Institute relies on 360 Group's continuous accumulation in the field of big data security and big data security for many years, covering the whole process flow monitoring of data from big data collection, transmission, sharing and exchange, storage and destruction, combined with multi-dimensional user portraits and data portrait, accurate identification of data risks, real-time risk warning and interception. Its main research directions include big data UEBA, privacy management and dynamic data masking technology. Its product areas cover big data risk scanning, big data security desensitization, big data monitoring and auditing, big data firewall, etc. It was committed to promoting the rapid implementation and efficient application of AI capabilities in the field of data security, building a leading industry-university-research system, and building a benchmark for data security operations.

360Netlab was established in 2014. Unlike traditional network security which is mainly based on rules, data analysis is the main direction of the team. The team continues to focus on DNS and botnets and maintain a leadership position in the field.

Since 2014, the team has built the Passive DNS basic database with the longest history and the widest coverage in China in the direction of DNS, as well as other affiliated basic databases, continuously analyzed and produced threat intelligence and applied it to the 360 network security brain as well as making public presentations at technical conferences in the DNS field. In the field of botnets, the team has been working on discovering and tracking botnet activities for many years, and has disclosed several major security threats including Mirai and Satori, and received thanks from the FBI and the US Department of Justice for the continuous analysis of the Mirai botnet.

360 Engineering Research Institute is an indispensable and important force in 360 Group's security strategy. It is the top technical team with core technical support and cutting-edge product research and development capabilities in the industry. It is an engineering capability output center integrating engineering implementation and cutting-edge technology research and development. The research institute focuses on virtualization technology, cloud security, APT detection and defense, 0day vulnerability detection and defense, kernel security protection, mobile security and other fields. Relying on the security brain security strategy, it solves technical problems for national security and supplies urgently needed products and realize the goal of empowering the healthy and rapid development of all social and economic fields through safety.

The 360 Engineering Research Institute includes Ice sword Lab and several product departments, which have shouldered extremely critical and important responsibilities and missions in various periods of the company's development, including architectural design and development of kernel assemblies of 360 Security Guard, 360 Antivirus, Sandbox and other series of products which are responsible for the largest number of users ; design and develop the world's top ice sword safe nested virtual machine, and based on it, establish a client virtual machine system that is opened in real time and running tens of millions of machines at the same time; design and develop the industry-leading, hardware-assisted automatic vulnerability mining system. The 360 All-Seeing Eye 0-day vulnerability radar system constructed was awarded the leading scientific and technological achievements of the World Internet Conference. It was also responsible for the research and development of mobile platform permission escalation and reinforcement systems.

Data Security Research Institute relies on 360 Group's continuous accumulation in the field of big data security and big data security for many years, covering the whole process flow monitoring of data from big data collection, transmission, sharing and exchange, storage and destruction, combined with multi-dimensional user portraits and data portrait, accurate identification of data risks, real-time risk warning and interception. Its main research directions include big data UEBA, privacy management and dynamic data masking technology. Its product areas cover big data risk scanning, big data security desensitization, big data monitoring and auditing, big data firewall, etc. It was committed to promoting the rapid implementation and efficient application of AI capabilities in the field of data security, building a leading industry-university-research system, and building a benchmark for data security operations.

GONGYEHULIANWANGYANJIUYUAN

工业互联网安全研究院

AIANQUANYANJIUYUAN

AI安全研究院

YUNANQUANYANJIUYUAN

云安全研究院

BIAOZHUNHUABU

标准化部

360 Industrial Internet Security Research Institute focuses on the research of industrial Internet security technologies, including: IoT, mobile communications, Internet of Vehicles, industrial control, and security issues in the process of digital transformation of industrial manufacturing.

At present, the main research direction of IoT security is IoT/IIoT security research based on large-scale firmware samples. The main research results include:

1. Establish a global-scale firmware sample database, which contains hundreds of thousands of IoT/IIoT firmware samples across the entire network, and extracted hundreds of millions of file samples.

2. Based on the sample database, a Firmware Total is established. The platform supports the tracking and analysis of multiple IoT 0day attack events in the wild, and outputs advanced threat intelligence; in addition, the platform also supports the assessment of the impact scope of multiple IoT/IIoT supply chain vulnerability propagation security incidents.

3. Develop products such as firmware automatic security audit system and firmware simulation system to support wider firmware security analysis, such as IoT/IIoT high-interaction honeypot, batch simulation and vulnerability verification, automatic vulnerability mining, etc.

4. Mobile communication security research was dedicated to perceiving, identifying and locating wireless communication attacks and researching corresponding defense strategies, focusing on wireless communication and embedded system security research. The research direction of wireless communication security is mainly the security research of communication link and communication protocol, including satellite communication, mobile communication, IOT communication, etc.; and the security research of wireless communication physical layer using SDR (software radio) technology. The security research was mainly conducted on device firmware in the security direction of the embedded system. At the same time, it conducts research and development of hardware tools related to security research and provides device security evaluation services.

360AI Security Research Institute focuses on the research on cutting-edge technologies of artificial intelligence and security. It has taken the lead in discovering many artificial intelligence security problems on a global scale, and has carried out research work on artificial intelligence empowerment security: more than 70 basic software and hardware vulnerabilities of artificial intelligence have been discovered. The affected target objects include cloud AI frameworks such as Tensorflow and Caffe, terminal AI frameworks such as SNPE and Intel NCS2, and a variety of commonly used GPUs; published papers at top international information security academic conferences such as USENIX Security and S&P, and published a lot of topics in HITB, Defcon China, Syscan360, ISC, CNCC, POC and other well-known security conferences at home and abroad.

With the evolution and development of cloud computing technology, the functional system of cloud has become more and more abundant and perfect, involving storage, database, serverless and other aspects, and the attack surface has also greatly increased. Attacks on the virtualization layer, SaaS services, and user security configurations have become hot spots, affecting the security of government clouds and various industry clouds. As the attacks on the cloud intensify, 360, as a member of the Cloud Security Alliance, has established a special cloud security research department, that is, 360 Cloud Security Research Institute.

360 Group has nearly ten years of cloud platform construction experience, more than ten years of security operation and maintenance experience and technology accumulation, and manages 100,000+ orders of magnitude servers, 1,000+ service modules, 10+ data centers, and 100+ IDCs. At the same time, it provides services for hundreds of businesses and hundreds of millions of users, such as mobile phone guards, Hua Jiao live broadcasts, browsers, and search. Relying on the historical accumulation of cloud and operation and maintenance, 360 has a solid research foundation in the direction of cloud security. The current research results are mainly divided into the following three aspects:

1. Virtualization layer security: It forms a complete solution for the monitoring and protection of virtualization escape attacks, detects virtualization escape attacks in real time and supports blocking and other responses, and also provides vulnerability scanning for virtualization layer and cloud management platform serve.

2. Cloud workload security, forming a cloud workload security detection scheme based on the CWPP capability model, real-time detection of cloud workload threats, real-time push, and timely response.

3. Cloud application security. The Zero Trust-based security access and detection scheme for internal applications is formed.

360 Cloud Security Research Institute focuses on cutting-edge cloud security research. Relying on the empowerment of 360 Security Brain and combining more than ten years of cloud and operation and maintenance experience, the research institute will continue to conduct research on virtualization and container technology, cloud workload security, cloud application security, cloud data security, cloud emergency response identity authorization, access management and other aspects, committed to protecting cloud security and building a more secure cloud environment.

The main purpose of the 360 Standardization Department is to effectively improve the development of security compliance, contribute to the company's professional security capabilities, and actively participate in the formulation and internationalization of national security standards, committed to the company's leading ability in China's security technology, through standardization and the industry to jointly improve security capabilities, give full play to corporate value, and at the same time build a mutually beneficial and win-win development ecosystem.

Focusing on the 'safe brain' strategy, the department has participated in the formulation of a number of standards in the fields of big data, Internet of Things, intelligent connected vehicles, artificial intelligence, block chain, mobile terminals, and personal information protection. Among them, there are 6 leading standards, over 80 participation standards, and over 150 review standards.

1. It leads and participates in over 10 automotive information security standards, and escorts the security of intelligent networked vehicles together with international and domestic counterparts. The ITU-T Anomaly Behavior Detection Mechanism of Connected Vehicles Using Big Data Analysis led by it progresses steadily; participate in the preparation of the ISO Road Vehicles-Safety Engineering standard, and the research of Internet-connected Vehicle Information Security Evaluation Criteria Based on ISO/IEC 15408 and participate in the formulation and research of 5+ national standards for automotive safety. General Technical Requirements for Automotive Information Security and other issues have entered the draft stage.

2. Participate in the formulation of a number of national standards for vulnerability management. The Guidelines for Classification and Classification of Network Security Vulnerabilities and Guidelines for Management of Network Security Vulnerabilities have been submitted for approval.

3. It leads and participates in over 10 Internet of Things security standards, and the 'Technical Requirements for Mobile Intelligent Terminal Situational Awareness System' has been submitted for review; participate in ' General Technical Requirements and Test Evaluation Methods for Smart Home Security', 'Technical Requirements and Testing Methods for Smart Speaker Security Capability' and other national and industry standards.

National Engineering Laboratory/Research Center

Participate in construction, creating a domestic first-class scientific research environment, and promote industrial development