Let's try the tool
You can see how worms change their behavior over time in more detail by visualizing them with the tool introduced on this site. Click the link below to try the tool.
You can view the visualized worms with basic operation only, but you can also change the settings. Please see the description of each function for details.
CodeRed3 |
Nimda E |
SQLSlammer |
Blaster |
Sasser B |
Sasser C |
Zotob |
Worm activity visualized by the tool above can be viewed in a movie as well. To view the movie, please download and unzip the files.
We visualized the search activities of worms from various perspectives, in order to visually observe the characteristics of each worm's behavior, differing to the one we observed last time. We consider that we can use the characteristics of search activities quantified with observation axes, including the search and the random nature, as a criterion to detect the activities of worms and determine the types.
To resolve the problem of "invisibility of malicious activities" increasing in terms of both complexity and sophistication, we continue to try to visualize these events from a multilateral standpoint and introduce our efforts in the Publications.
"Proposal for visualization of node searching characteristics of worm", written by Hirofumi Nakakoji, Masato Terada, Seiichi Susaki, Computer security research paper Vol. 2007 No. 036, Information Processing Society of Japan (Mar. 2007) "Proposal for network worm behavior examination system" written by Masato Terada, Shingo Takada, Norihisa Doi, Information Processing Society of Japan Journal Vol. 46 No. 8, pp. 2014-2024 (2005)
Masato Terada, Shingo Takada, Norihisa Doi
Proposal for the experimental environment for Network Worm infection
17th Annual FIRST Conference (Shangri-La Hotel, Singapore, Jun.26 - Jul.1, 2005)
http://www.first.org/resources/papers/conf2005.html#p107
This is the outcome of the research project commissioned by National Institute of Information and Communications Technology (NICT), "Research and Development of a Decision Support System to Ensure Secure Information Flow by Real-Time Quantitative Measuring of Vulnerability Level in Network Environment". We'd like to express our sincere gratitude to NICT and all of those involved in the project.
Jun. 1, 2007 - This webpage was newly created and published.
Prepared by:
Nakakoji/Yokohama Research Laboratory, Terada/HIRT, Okashita/HIRT, Onishi/HIRT