Researchers Create Tool to See Network Traffic, Stop Cyber Attacks

Researchers in Carnegie Mellon University‘s CyLab Security and Privacy Institute are creating a visual tool to help thwart the kind of massive distributed denial of service (DDoS) attack that recently crashed nearly 50 websites, including Amazon and Netflix.

“Lots of network traffic data is collected in the form of static reports, but it is very overwhelming for an analyst to digest those data,” said Yang Cai, a senior systems scientist who directs CyLab’s Visual Intelligence Studio. “Visualization is one way to change abstract data into pictures, sound and videos so you can see patterns in a very intuitive way.”

Cai and his colleague, Sebastian Peryt, have created a tool that allows users to visualize network traffic to more easily identify key changes and patterns. The researchers have used this tool to inspect network traffic during DDoS attacks and map out the structure of malware distribution networks.

The researchers recently presented the tool’s application in visualizing malware distribution networks at the IEEE Symposium on Visualization for Cybersecurity in Baltimore, Md.

“Based on these visualization graphs, analysts can focus on critical areas to help shut down a malware distribution network, or in the case of a DDoS attack, target a critical node to thwart the attack,” said Peryt, a research assistant in CyLab.

Moving forward, the team aims to consider human factors in making the tool more usable, operate more efficiently, and to integrate it into a virtual reality platform so analysts can more easily explore the graphs with intuitive motions.