Feeds

Japanese boffins plumb darknet for cyber attack alerts

DAEDALUS system monitors unused IP addresses

Boost IT visibility and business value

Japanese boffins at the National Institute of Information and Communications Technology (NICT) have been showing off a new real-time alert system designed to help security teams spot and visualise cyber attacks more effectively.

The DAEDALUS (Direct Alert Environment for Darknet And Livenet Unified Security) system has been in the making for several years, and detects threats via large-scale monitoring of the internet’s unused IP addresses, which NICT calls the ‘darknet’.

Here’s an explanation from a 2009 research paper:

We propose a novel application of large-scale darknet monitoring that significantly contributes to the security of live networks. In contrast to the conventional method, wherein the packets received from the outside are observed, we employ a large-scale distributed darknet that consists of several organisations that mutually observe the malicious packets transmitted from the inside of the organisations. Based on this approach, we have developed an alert system called DAEDALUS.

DAEDALUS is able to alert security teams when an active IP address in the organisation is trying to send packets to an unused IP address on the darknet – a sure sign that a virus is beginning to spread internally.

The real whizz-bangery is in the 3-D user interface which represents this data.

Users are presented with a giant blue globe at the centre of the screen representing the internet, with a series of circles suspended around it in orbit – these are the networks under observation, as pictured below.

NICT's Daedelus security scanner

Each circle displays in blue the proportion of the network containing active IP addresses and in black those that are not used.

Alerts are also displayed and can be clicked through to present more information, for example on which IP address they are spreading from, the time and type of threat.

NICT currently monitors 190,000 IP addresses in Japan but the potential for use internationally is obvious.

The technology will be made available for free to Japanese universities, but local tech firm Clwit is the big winner as it will reportedly be given commercial access to the tool to wrap into a new product dubbed SiteVisor.

Check out the video courtesy of Japanese tech site DigInfo. ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?