SiteVisor is a real-time cyber-attack alert system employs a large-scale distributed darknet that consists of several contributing organizations that mutually observe the malicious packets transmitted from inside the organizations.
A darknet is a set of unused IPv4 addresses. Large-scale darknet monitoring is an effective approach to detect a global trend in malicious activities on the Internet, such as a worldwide spread of malwares.
SiteVisor utilizes a large-scale darknet monitoring facility deployed by Japan’s National Institute of Information and Communications Technology (NICT). As of August 2013, NICT is monitoring about 210,000 unused IPv4 addressess.
SiteVisor has a real-time 3D visualization engine to visualize alerts and darknet traffic. It allows operators to grasp visually and in real-time an overview of alert circumstances, and provides highly flexible and tangible interactivity.