A solution to the problem of how to spot cyber attacks on a network as soon as they have begun might just be coming from Japan, reports DigInfo TV.
Researchers from the country’s National Institute of Information and Communications Technology (NICT) have recently revealed a real-time network monitoring system that is capable of alerting support staff as soon as it notices malignant traffic going outside the network, and of showing the evolution of the attack on its 3D user interface.
The system is called DAEDALUS (Direct Alert Environment for Darknet And Livenet Unified Security), and it is a direct successor of the NICTER (Network Incident Analysis Center for Tactical Emergency Response) internet monitoring system presented at the Interop conference in 2010.
By using the Darknet Observation Network that monitors 190,000 IP unused addresses in Japan, DAEDALUS is able to detect when an IP address from inside the network sends packets to an IP address that is currently not used, indicating that a virus is likely spreading within the organization.
“The system automatically sends an alert, saying, ‘This IP address of yours is spreading a virus using this protocol at this time’,” explained Daisuke Inoue, the Director of the Cybersecurity Laboratory at NICT.
DAEDALUS is not supposed to supplant conventional security systems, but to be added to them. Obviously, for an international use, the number and span of monitored addresses should be increased.
NICT aims to offer DAEDALUS free of charge to all educational institutions where NICTER sensors can be installed, but should be available to businesses and other organizations through SiteVisor, a commercial alert service.
For more details, check out the video at DigInfo TV.