Abstract: Distributed techniques for detecting atypical or malicious wireless communications activity are disclosed. A server can iteratively generate sets of filters based at least in part upon observation data received from one or more Protects. The filters can be used by the Protect(s) to distinguish between sniffed wireless messages that are to be discarded and those that are to be reported to the server. The server can provide the generated sets of filters to the Protect(s) to cause the Protect(s) to process additional sniffed wireless messages utilizing the one or more sets of filters. Updated filters can cause fewer subsequent sniffed wireless messages to be reported than would have been reported by use of previous filters. Limited activity reporting by the Protect(s) enables a reduced communication load compared to full activity reporting without degrading the ability of the server to detect the atypical or malicious wireless communications activity.

Abstract: Distributed techniques for detecting atypical or malicious wireless communications activity are disclosed. A server can iteratively generate sets of filters based at least in part upon observation data received from one or more Protects. The filters can be used by the Protect(s) to distinguish between sniffed wireless messages that are to be discarded and those that are to be reported to the server. The server can provide the generated sets of filters to the Protect(s) to cause the Protect(s) to process additional sniffed wireless messages utilizing the one or more sets of filters. Updated filters can cause fewer subsequent sniffed wireless messages to be reported than would have been reported by use of previous filters. Limited activity reporting by the Protect(s) enables a reduced communication load compared to full activity reporting without degrading the ability of the server to detect the atypical or malicious wireless communications activity.

Abstract: A deep packet inspection method and device, and a coprocessor. The deep packet inspection method includes receiving, by a transceiver module of the coprocessor, an original data packet sent by a general processor, and sending the original data packet to a processor core of the coprocessor; invoking, by the processor core, a sub-coprocessor of the coprocessor to perform application layer parsing on the original data packet so as to obtain an application layer parsing result; and sending, by the processor core, the parsing result to the general processor so that the general processor processes the original data packet according to the parsing result. The deep packet inspection method and device provided by the embodiments of the present disclosure reduce resource occupation of a general processor and increase a running speed.