NICT Daedalus Cyber-attack alert system
NICT has developed Daedalus, a cyber-attack alert system.
Daedalus renders attacks on networks visible in real time. The sphere in the center represents the Internet, and the circles moving around it represent networks under observation. The state of an attack is shown using 3D graphics, and can be viewed from any perspective.
"We previously created a system called nicter for observing cyber-attacks. We also built an observation network in Japan, called the Darknet Observation Network, to cover IP addresses not used in nicter. Now, we're observing 190,000 IP addresses in Japan. Daedalus is an alert system using that observation network."
Today's cyber-attacks breach boundary defenses from inside and outside organizations, including the spread of malware via USB memory sticks and mail attachments, as well as zero-day exploits. So, using Daedalus together with conventional boundary systems is expected to improve network security within organizations.
"The blue part in this organization shows IP addresses that are used, and the black part shows addresses that are not used. This character indicates an alert. When you click on the alert, a message showing the cause appears. In this case, only two packets have been sent. But because the packets go from an address that's used to an address that's not used, this indicates that a virus is starting to spread within the organization."
"If this kind of situation is input to our observation network, we can observe it, and find out things like that. The system automatically sends an alert, saying, 'This IP address of yours is spreading a virus using this protocol at this time'."
The technology for this system will be transferred to clwit, which will include it in a commercial alert service called SiteVisor. NICT also provides the system free of charge to educational institutions where nicter sensors can be installed.
- This Week
- This Month
- All Time