Researchers at Carnegie Mellon University's CyLab Security and Privacy Institute are demonstrating that the tools needed to thwart distributed denial of service (DDoS) attacks, such as those in October 2016 that affected Amazon, Netflix and dozens of others, are on the horizon.

Network traffic can provide administrators with significant information about the nature of a cyber threat or attack. However, most of this information is displayed in the form of readouts that list IP addresses and timestamps, making recognition of patterns and trends difficult.

Network traffic data is collected in the form of static reports that show IP addresses and timestamps, making recognition of patterns and trends difficult. Image credit: Pixabay“Lots of network traffic data is collected in the form of static reports, but it is very overwhelming for an analyst to digest those data,” says Yang Cai, senior systems scientist who directs CyLab’s Visual Intelligence Studio. “Visualization is one way to change abstract data into pictures, sound and videos so you can see patterns in a very intuitive way.”

Cai and research assistant Sebastian Peryt have created a tool that allows for the visualization of network traffic so administrators can more readily grasp the "big picture" during a cyber event. The researchers have used the tool to inspect network traffic during DDoS attacks and map out the structure of malware distribution networks. A video showing the tool can be viewed here.

“Based on these visualization graphs, analysts can focus on critical areas to help shut down a malware distribution network or, in the case of a DDoS attack, target a critical node to thwart the attack,” says Peryt.

Moving forward, the team aims to make the tool more usable and to integrate it into a virtual reality platform so analysts can readily explore the graphs with intuitive motions.