Wednesday, 20 June 2012 09:50

New Tool Called Daedalus Developed By Japan's NICT For Monitoring The "Darknet"

Written by

Reading time is around minutes.

daedalusThere is an interesting habit in the world of science; when you cannot explain or categorize something add “dark” to the front of the regular word and that makes it all ok. We have seen this in astrophysics, particle physics, theoretical physics, and now to IT. With this maxim we get Dark Matter, Dark Energy and my favorite “Darknet” It just sounds cool right?

Ok while we are not going to even attempt to define the first two we can cover the last. The Darknet is a part of the internet that exists outside the “normal” internet. It is an IP only network of typically unused IP addresses. An IP address is the numeric address of a computer system on a network. When you browse to a website the name you type in is translated to an IP address by the Domain Name System. The use of DNS names is what most call the “real” internet.

Now sometimes malicious individuals (or governments and their agencies) will hijack an owned, but unused IP address for the purpose of controlling, spreading or monitoring malware. These IP addresses have also been used by people wanting to distribute illegal material over the internet. Some even believe that the Dark Net is where piracy starts as it trickles down to other sites and services like torrent and P2P file sharing.

Now researchers at NICT (National Institution for Communications Technology) in Japan have found a method to track and identify traffic going from the internet to those unused IP addresses. The technology that allows someone to track the packets as they move through the internet is nothing new and there are a multitude of products that will let you do this. Even your most basic home router can show you where your traffic is going. The problem is not the monitoring, but finding a way to make the information easy to read and informative enough that you will know then there is a real threat and when it is just random traffic.

The new system is called Daedalus (Direct Alert Environment for Darknet and Livenet Unified Security) is an alerting system that monitors and visualizes two existing tools nicter and the Darknet Observation Network. These two tools monitor traffic between the regular internet and the Darknet in real time. The system is looking for specific traffic between the two networks in order to identify the beginnings of a potential security threat (like a virus or an established attack).

Daedalus (as we have already mentioned) is a visualization tool for these two tools. It provides a 3D interface to show what is going on in the monitored networks (these are networks that have been added and not the entire internet). Right now the system monitors around 190,000 IP addresses, both used and unused. NICT will be providing these tools to universities in Japan for free, but has apparently singed a commercial contract with Clwit, an internet security company, that will integrate this with their SiteVisor product.

The video on this is pretty impressive as are the real-time alerts that pop up, but what interests me more is the potential for this product to be used for more than security. We are pretty sure that there are other applications like Daedalus that may already be in place that provide a visual representation of traffic on the internet what uses those are being put to is anyone’s guess.

Picture, video and srouce Diginfo.tv

Discuss this in our Forum

Final question!
At the end of Marvin’s (the Paranoid Android) looooooong life what part had not been replaced? Email this to us at This email address is being protected from spambots. You need JavaScript enabled to view it.!

Read 5866 times Last modified on Tuesday, 24 July 2012 13:09

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.