Sci-Fi-Like Network Monitoring System Scans Darknet for Possible Attacks
A 3D real-time network monitoring and alert system named DAEDALUS (Direct Alert Environment for Darknet And Livenet Unified Security) was created to scan malicious packets sent by viruses inside a local network, rather than monitoring outbound traffic.
Introducing the the concept in a 2009 research paper, Japan’s National Institute of Information and Communications Technology (NICT) argues that it’s more efficient to monitor abnormal behavior within a network rather than to filter outgoing traffic.
“We propose a novel application of large-scale darknet monitoring that significantly contributes to the security of live networks,” according to the research paper. “In contrast to the conventional method, wherein the packets received from the outside are observed, we employ a large-scale distributed darknet that consists of several organisations that mutually observe the malicious packets transmitted from the inside of the organisations. Based on this approach, we have developed an alert system called DAEDALUS.”
The multitude of unused IP address within local networks is called “darknet.” A self-propagating virus first looks for viable computers to infest by scanning the entire range of local IP addresses. As not all addresses are allocated, DAEDALUS can monitor when suspicious packets are broadcast through the darknet , indicating a possible malware could be scanning for victims.
The sci-fi-like 3D interface is most interesting as it offers real-time information about all data packets sent through the local network. When suspicious behavior is detected, visually pinpointing the malware broadcasting unit is just a click away.
NICT plans to freely distribute the technology through Japanese universities, but commercial access to the tool has been given to a local tech firm named Clwit.