Japan's National Institute of Information and Communications Technology (NICT) has developed a national cyber-attack alert system that can render network attacks as visible in realtime. The system, announced earlier this month and showcased at Interop Tokyo 2012, is called Daedalus, standing for Direct Alert Environment for Darknet and Livenet Unified Security. The system views computers for any suspicious activity and if it spots an attack it can visualize its progression as it moves through the network. It sees how data flows through the network and looks for inconsistencies.
Where administrators may have to comb through hundreds of lines of server logs to isolate a problem, the Daedalus system can reveal where attackers are focusing their flood of packets, as a stream of arrows moving along iridescent lines.
According to a NICT video on DigInfo TV, “the sphere in the center represents the Internet, and the circles moving around it represent networks under observation. The state of an attack is shown using 3-D graphics, and can be viewed from any perspective.” Today's cyber-attacks represent an assortment of malware via USB memory stick, mail attachments, and zero-day exploits. Daedalus can act as an alert system for the cyber-attacks; it can see if a USB flash drive with a virus infects a machine, for example.
Daedalus can identify and isolate the malignant traffic on-screen, sending an email to support staff and displaying a red alert through its user interface. Further descriptions of an attack showing up realtime are provided in the video demo:”The blue part in this organization shows IP addresses that are used, and the black part shows addresses that are not used.
This character indicates an alert. When you click on the alert, a message showing the cause appears. In this case, only two packets have been sent. But because the packets go from an address that's used to an address that's not used, this indicates that a virus is starting to spread within the organization." The system sends out an alert, saying, 'This IP address of yours is spreading a virus using this protocol at this time'." Daedalus is designed to be used together with conventional systems, to improve network security within organizations. "We previously created a system called nicter for observing cyber-attacks.
We also built an observation network in Japan, called the Darknet Observation Network, to cover IP addresses not used in nicter,” said a NICT source in the video. The nicter is a system for early detection and in-depth analysis of cyber-attacks.
That word stands for Network Incident Analysis Center for Tactical Emergency Response. NICT is to provide Daedalus free of charge to educational institutions where nicter sensors can be installed. NICT will also transfer access to the system to Clwit, a company described as a Tokyo-based business providing Internet security countermeasures. According to reports, Clwit will develop it into the product, SiteVisor.