I have come across a very interesting project today. Microsoft’s Digital Crimes Unit came up with a novel way of examining botnets. As a result of this effort, they developed Specimen Box, “a prototype exploratory tool that allows DCU’s investigators to examine the unique profiles of various botnets, focusing on the geographic and time-based communication patterns of millions of infected machines,” states the official website.

Specimen has three views so far, all of which resemble something out of a Sci-Fi movie:

In the first, named ‘Board View’, “all of the botnets are displayed as spheres, and every incoming message from an infected computer (more than 2,000 messages per second) is visible as a colored dot moving into the sphere.”

The second, ‘Portrait View’, “allows for a deep analysis of an individual botnet’s activity. Circular ‘retina plots’ show the complete activity of a bot over a default time period of 24 hours, displaying up to 500 million messages in a single visualization.” This view in particular looks very futuristic.

In the third, ‘Graph View’, “users can examine the character of individual botnets by plotting them on graphs with one, two, or three axes. Again, users can cleave these visualizations in order to facilitate comparison. An intuitive interface allows for easy addition and removal of axes and variables, making it easy to compare the data across various dimensions.”

The Specimen Box appears to be a promising project that certainly helps visualize extremely large amounts of data in a unique, simple, yet intuitive way. It would be great if they made a simpler version that people could experience on their computers at home.