A Cyber Attack Analysis System: World's First Successful Real-time Visualization of Packets Flowing through the Vast IPv6 Address Space

The Cyber Security Laboratory of the National Institute of Information and Communications Technology (NICT) has enhanced the functionality of the Cyber Attack Integrated Analysis Platform Nirvana Kai to comply with IPv6, a successor to the Internet's communication protocol IPv4, thereby succeeding in visualizing packets flowing through the vast address space of IPv6 in real time for the first time in the world. NIRVANA Kai is a system for analyzing cyber-attacks that aggregates, classifies, and correlates alerts (warnings) from various security detection and defense systems, such as firewalls and intrusion detection systems in an organization and enables prioritization of alerts and automated measures to block abnormal communications. The technology has already been transferred and commercialized by DIT, NS Solutions, Kozo Keikaku Engineering, Nippon RAD, and Alaxala Networks, and is now being introduced in private companies and educational institutions.

With its new support for IPv6 communications, NICT expects that NIRVANA Kai, which has so far only been used to observe and analyze IPv4 communications, will be useful for security measures for a more diverse range of networks. IPv4, the communication protocol that defined the communication over the Internet, was established as a standard in 1981, but now, IPv6, which allows for more IP addresses, has been established as a successor standard and is spreading rapidly. IPv4 could handle only approximately 4.3 billion (2³²) IP addresses, which is less than the total population of the world, but IPv6 can use a huge number of IP addresses, approximately 340 undecillion, or 340 trillion trillion trillion (2¹²⁸).

The research and development of NICT's Cyber Attack Integrated Analytics Platform, NIRVANA Kai, was compatible only with IPv4 previously, so it has been a challenge to support IPv6 and the huge number of IP addresses it uses. Therefore, the functionality of NIRVANA Kai was strengthened to support IPv6 in each part of its systems, including communication observation, alert collection, and visualization. In particular, the visualization section has succeeded in efficiently visualizing the vast IPv6 address space by dynamically adding active IP address blocks where communications were observed.

A new indicator was also implemented to improve the visibility of the current position in the hierarchical architecture of the IPv6 address space. In addition, it also supports IPv6 related alert information issued by security devices and enables filtering based on IPv6 addresses. Thus, NIRVANA Kai has expanded its range of application by supporting IPv6 communications, and this is expected to simplify security operations in IPv6 networks. This IPv6-compliant NIRVANA Kai has already been commercialized in March this year since its technology was transferred to the private company DIT Co. Ltd. NICT exhibited a prototype of NIRVANA Kai with enhanced functions that supported IPv6 at the Interop Tokyo 2021 held at Makuhari Messe in Chiba City during April this year.