So to recap, Part 1 of this subject covered the deep web and its relationship to analytics, and the dark web and its relationship to nefarious activity in brief. As part of this week’s fun, I thought I would introduce you to Daisake Inoue. I met him several years ago at a VisWeek conference and was impressed with a design he and his team created. Daisake created a system called Daedulus to interface with JP-CERT’s (Computer Emergency Response Teams- Japan) Nicter.
Here is Daedulus: NICT Daedalus Cyber-Attack Alert System
You’ll see Daisake politely showing off his skillz almost immediately. The center sphere represents the internet as a focal point (not an empirical representation) and then traffic (at the packet level) extends to satellite rings circling the internet. One ring lists the DNS (Domain Name Server), the rest are port numbers (80, 50, etc.), with the inner portion of the ring representing IPs accessing the DNS via ports and tracking incoming IP addresses from the internet. You’ll note some rings have black areas. That’s where unused IP addresses reside. “Dark web” bounces. It’s a bounce in on unused addresses and then bounce out to a live site. In summary, there are systems out there than can track this behavior. Before we move on to Hyperboria, lets look at one more case study.