Starmine: Visualization System for Cyber Attacks

In cyber attack monitoring systems, various types of visualizations, such as geographical visualization, temporal visualization, logical visualization, are being used. Each visualization has its own advantages and disadvantages. Since it is important to analyze the information from different viewpoints and to make a right decision in practical cyber attack monitoring, these visualization should be highly integrated. This paper describes a visualization system for cyber threat monitoring named STARMINE, which integrates three different views, that is geographical, temporal, and logical views, of the cyber threat in 3-D space. Since three views are seen simultaneously and are synchronized, it is helpful for administrators to analyze the threats much more easily. As an example, the propagation of Sasser.D worm were shown.