Home Advanced Event Processing Spotting Aggressive Clandestine BotNets

Spotting Aggressive Clandestine BotNets

5948
0
SHARE
Clandestine Indexing Botnet
Clandestine Indexing Botnet

Yesterday was making a typical “evening run” in cyberspace and noticed a strange pattern, zoomed in, and found an aggressive clandestine “indexing” botnet operating out of a dedicated hosting provider’s datacenter. The feature image in this post shows a screen capture of this visual. I’m finding spotting clandestine botnets easier than before I designed and coded this cyberspace SA visualization tool. Also, true to the MSDF software design model and OODA perspective, visualization has help me improve my back end anomaly detection code and risk scoring algorithms.

So, I keep adding more features and just updated my cyberspace visualization tool to version “Beta 50” and have added numerous new features.

Cyberspace Situational Awareness
Cyberspace Situational Awareness by Tim Bass

For example some of the features I have added are, (i) parameters to enable or disable drawing links, (ii) parameters to change scaling and color algorithms, (iii) local configuration files, (iv) app registration management, (v) back-end database pruning based on my risk scoring algorithm (low risk nodes are pruned when the database size exceeds a configureable size parameter), (vi) save autopilot / cyberspace travel configurations (speed, vectors, perspective) on reload, and more.

Cyberspace Virtualization by Tim Bass
Cyberspace Virtualization by Tim Bass

I’m now “accidentally” ahead of schedule for 2017, so I’m going to take a short vacation to Hong Kong this month.

Cyberspace Virtualization by Tim Bass
Cyberspace Virtualization by Tim Bass

Regarding my own research on cybersecurity, I’m very happy with the progress. I’m pleased with advances I have made in cyberspace SA on both the back-end (sensors and databases) and front-end (visualization). However, I’m sadly getting frustrated reading various social media “news feeds” where people share, like and comment on cybersecurity (for example LinkedIn), but do little to nothing “hands on” to advance the state-of-the-art forward. This is the core problem with cybersecurity; so many “expert” talkers, “sharers”, “likers” and “commenters” and very few “hands on cyberspace engineers”.