C&C ASN "Clusters"

C&C ASN "Clusters"

As I've been putting together an R package for mining open source IP "intelligence" data, I decided to play with visualizing malicious host categories in AlienValut's IP reputation database. This image is a network graph plot (using R & igraph) of AlienVault identified C&C nodes as they relate to host ASNs (with ASN peers included). Red nodes are the C&C hosts, gold nodes are the the ASNs.

I did the same with a subset of "Malicious Hosts" in AlienValut's db and am thinking that tracking these over a day (/week/month/year) would make for an interesting view of the ebb & flow of C&C hosts.