Feeds

Japanese boffins plumb darknet for cyber attack alerts

DAEDALUS system monitors unused IP addresses

The Power of One eBook: Top reasons to choose HP BladeSystem

Japanese boffins at the National Institute of Information and Communications Technology (NICT) have been showing off a new real-time alert system designed to help security teams spot and visualise cyber attacks more effectively.

The DAEDALUS (Direct Alert Environment for Darknet And Livenet Unified Security) system has been in the making for several years, and detects threats via large-scale monitoring of the internet’s unused IP addresses, which NICT calls the ‘darknet’.

Here’s an explanation from a 2009 research paper:

We propose a novel application of large-scale darknet monitoring that significantly contributes to the security of live networks. In contrast to the conventional method, wherein the packets received from the outside are observed, we employ a large-scale distributed darknet that consists of several organisations that mutually observe the malicious packets transmitted from the inside of the organisations. Based on this approach, we have developed an alert system called DAEDALUS.

DAEDALUS is able to alert security teams when an active IP address in the organisation is trying to send packets to an unused IP address on the darknet – a sure sign that a virus is beginning to spread internally.

The real whizz-bangery is in the 3-D user interface which represents this data.

Users are presented with a giant blue globe at the centre of the screen representing the internet, with a series of circles suspended around it in orbit – these are the networks under observation, as pictured below.

NICT's Daedelus security scanner

Each circle displays in blue the proportion of the network containing active IP addresses and in black those that are not used.

Alerts are also displayed and can be clicked through to present more information, for example on which IP address they are spreading from, the time and type of threat.

NICT currently monitors 190,000 IP addresses in Japan but the potential for use internationally is obvious.

The technology will be made available for free to Japanese universities, but local tech firm Clwit is the big winner as it will reportedly be given commercial access to the tool to wrap into a new product dubbed SiteVisor.

Check out the video courtesy of Japanese tech site DigInfo. ®

Designing a Defense for Mobile Applications

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.