{"id":2590,"date":"2013-08-21T08:04:34","date_gmt":"2013-08-21T13:04:34","guid":{"rendered":"http:\/\/rud.is\/b\/?p=2590"},"modified":"2017-04-02T22:51:50","modified_gmt":"2017-04-03T03:51:50","slug":"zeroaccess-bots-desperately-seeking-freedom-visualization","status":"publish","type":"post","link":"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/","title":{"rendered":"ZeroAccess Bots Desperately Seeking Freedom (Visualization)"},"content":{"rendered":"

I’ve been doing a bit of graphing (with real, non-honeypot network data) as part of the research for the book<\/a> I’m writing with @jayjacobs and thought one of the images was worth sharing (especially since it may not make it into the book :-). <\/p>\n

\"Threat_View\"<\/a>
Click image for larger view<\/center><\/p>\n

This is a static screen capture of a D3<\/a> force-directed graph made with R, igraph & Vega<\/a> of four ZeroAccess infected nodes desperately<\/i> (each node tried ~200K times over a couple days) trying to break free of a firewall over the course of 11 days. The red nodes are unique destination IPs and purple ones are in the AlienVault IP Reputation database<\/span>. Jay & I have read and blogged<\/a> a great deal about ZeroAccess over the past year and finally had the chance to see a live slice of how pervasive (and, noisy) the network is even with just a view from a few infected nodes.<\/p>\n

While the above graphic is the composite view of all 11 days, the following one is from just a single day with only two infected nodes trying to communicate out (this is a pure, hastily-crafted R\/igraph image):<\/p>\n

\"Two<\/a>
Click image for larger view<\/center><\/p>\n

There are some common destinations among the two, but each has a large list of unique ones; even the best, open IP reputation database on the planet only included a handful of the malicious endpoints, which means you really need to be looking at holistic behavior modeling vs port\/destination alone (I filtered out legit destination traffic for these views) if you’re trying to find egressing badness (but you hopefully already knew that).<\/p>\n","protected":false},"excerpt":{"rendered":"

I’ve been doing a bit of graphing (with real, non-honeypot network data) as part of the research for the book I’m writing with @jayjacobs and thought one of the images was worth sharing (especially since it may not make it into the book :-). Click image for larger view This is a static screen capture […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":true,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":""},"categories":[678,673,674,3,76],"tags":[685,28,697,698],"class_list":["post-2590","post","type-post","status-publish","format-standard","hentry","category-data-visualization","category-datavis-2","category-dataviz","category-information-security","category-malware","tag-alienvault","tag-botnet","tag-bots","tag-zeroaccess"],"yoast_head":"\nZeroAccess Bots Desperately Seeking Freedom (Visualization) - rud.is<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ZeroAccess Bots Desperately Seeking Freedom (Visualization) - rud.is\" \/>\n<meta property=\"og:description\" content=\"I’ve been doing a bit of graphing (with real, non-honeypot network data) as part of the research for the book I’m writing with @jayjacobs and thought one of the images was worth sharing (especially since it may not make it into the book :-). Click image for larger view This is a static screen capture […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/\" \/>\n<meta property=\"og:site_name\" content=\"rud.is\" \/>\n<meta property=\"article:published_time\" content=\"2013-08-21T13:04:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-04-03T03:51:50+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/rud.is\/b\/wp-content\/uploads\/2013\/08\/Threat_View-530x467.png\" \/>\n<meta name=\"author\" content=\"hrbrmstr\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"hrbrmstr\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/\"},\"author\":{\"name\":\"hrbrmstr\",\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\"},\"headline\":\"ZeroAccess Bots Desperately Seeking Freedom (Visualization)\",\"datePublished\":\"2013-08-21T13:04:34+00:00\",\"dateModified\":\"2017-04-03T03:51:50+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/\"},\"wordCount\":276,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\"},\"image\":{\"@id\":\"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/rud.is\/b\/wp-content\/uploads\/2013\/08\/Threat_View-530x467.png\",\"keywords\":[\"alienvault\",\"botnet\",\"bots\",\"zeroaccess\"],\"articleSection\":[\"Data Visualization\",\"DataVis\",\"DataViz\",\"Information Security\",\"Malware\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/\",\"url\":\"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/\",\"name\":\"ZeroAccess Bots Desperately Seeking Freedom (Visualization) - rud.is\",\"isPartOf\":{\"@id\":\"https:\/\/rud.is\/b\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/rud.is\/b\/wp-content\/uploads\/2013\/08\/Threat_View-530x467.png\",\"datePublished\":\"2013-08-21T13:04:34+00:00\",\"dateModified\":\"2017-04-03T03:51:50+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/#primaryimage\",\"url\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2013\/08\/Threat_View.png?fit=1080%2C953&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2013\/08\/Threat_View.png?fit=1080%2C953&ssl=1\",\"width\":1080,\"height\":953},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/rud.is\/b\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ZeroAccess Bots Desperately Seeking Freedom (Visualization)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/rud.is\/b\/#website\",\"url\":\"https:\/\/rud.is\/b\/\",\"name\":\"rud.is\",\"description\":\""In God we trust. All others must bring data"\",\"publisher\":{\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/rud.is\/b\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\",\"name\":\"hrbrmstr\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\",\"url\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\",\"width\":460,\"height\":460,\"caption\":\"hrbrmstr\"},\"logo\":{\"@id\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\"},\"description\":\"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7\",\"sameAs\":[\"http:\/\/rud.is\"],\"url\":\"https:\/\/rud.is\/b\/author\/hrbrmstr\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ZeroAccess Bots Desperately Seeking Freedom (Visualization) - rud.is","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/","og_locale":"en_US","og_type":"article","og_title":"ZeroAccess Bots Desperately Seeking Freedom (Visualization) - rud.is","og_description":"I’ve been doing a bit of graphing (with real, non-honeypot network data) as part of the research for the book I’m writing with @jayjacobs and thought one of the images was worth sharing (especially since it may not make it into the book :-). Click image for larger view This is a static screen capture […]","og_url":"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/","og_site_name":"rud.is","article_published_time":"2013-08-21T13:04:34+00:00","article_modified_time":"2017-04-03T03:51:50+00:00","og_image":[{"url":"https:\/\/rud.is\/b\/wp-content\/uploads\/2013\/08\/Threat_View-530x467.png","type":"","width":"","height":""}],"author":"hrbrmstr","twitter_card":"summary_large_image","twitter_misc":{"Written by":"hrbrmstr","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/#article","isPartOf":{"@id":"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/"},"author":{"name":"hrbrmstr","@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"headline":"ZeroAccess Bots Desperately Seeking Freedom (Visualization)","datePublished":"2013-08-21T13:04:34+00:00","dateModified":"2017-04-03T03:51:50+00:00","mainEntityOfPage":{"@id":"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/"},"wordCount":276,"commentCount":0,"publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"image":{"@id":"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/#primaryimage"},"thumbnailUrl":"https:\/\/rud.is\/b\/wp-content\/uploads\/2013\/08\/Threat_View-530x467.png","keywords":["alienvault","botnet","bots","zeroaccess"],"articleSection":["Data Visualization","DataVis","DataViz","Information Security","Malware"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/","url":"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/","name":"ZeroAccess Bots Desperately Seeking Freedom (Visualization) - rud.is","isPartOf":{"@id":"https:\/\/rud.is\/b\/#website"},"primaryImageOfPage":{"@id":"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/#primaryimage"},"image":{"@id":"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/#primaryimage"},"thumbnailUrl":"https:\/\/rud.is\/b\/wp-content\/uploads\/2013\/08\/Threat_View-530x467.png","datePublished":"2013-08-21T13:04:34+00:00","dateModified":"2017-04-03T03:51:50+00:00","breadcrumb":{"@id":"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/#primaryimage","url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2013\/08\/Threat_View.png?fit=1080%2C953&ssl=1","contentUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2013\/08\/Threat_View.png?fit=1080%2C953&ssl=1","width":1080,"height":953},{"@type":"BreadcrumbList","@id":"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/rud.is\/b\/"},{"@type":"ListItem","position":2,"name":"ZeroAccess Bots Desperately Seeking Freedom (Visualization)"}]},{"@type":"WebSite","@id":"https:\/\/rud.is\/b\/#website","url":"https:\/\/rud.is\/b\/","name":"rud.is","description":""In God we trust. All others must bring data"","publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/rud.is\/b\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886","name":"hrbrmstr","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","contentUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","width":460,"height":460,"caption":"hrbrmstr"},"logo":{"@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1"},"description":"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7","sameAs":["http:\/\/rud.is"],"url":"https:\/\/rud.is\/b\/author\/hrbrmstr\/"}]}},"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p23idr-FM","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":1591,"url":"https:\/\/rud.is\/b\/2012\/10\/05\/diy-zeroaccess-geoip-plots\/","url_meta":{"origin":2590,"position":0},"title":"DIY ZeroAccess GeoIP Plots","author":"hrbrmstr","date":"2012-10-05","format":false,"excerpt":"Since F-Secure was #spiffy enough to provide us with GeoIP data for mapping the scope of the ZeroAccess botnet, I thought that some aspiring infosec data scientists might want to see how to use something besides Google Maps & Google Earth to view the data. If you look at the\u2026","rel":"","context":"In "Charts & Graphs"","block_context":{"text":"Charts & Graphs","link":"https:\/\/rud.is\/b\/category\/charts-graphs\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1622,"url":"https:\/\/rud.is\/b\/2012\/10\/05\/diy-zeroaccess-geoip-visualizations-back-to-the-basics\/","url_meta":{"origin":2590,"position":1},"title":"DIY ZeroAccess GeoIP Visualizations :: Back To The Basics","author":"hrbrmstr","date":"2012-10-05","format":false,"excerpt":"While shiny visualizations are all well-and-good, sometimes plain ol' charts & graphs can give you the data you're looking for. If we take the one-liner filter from the previous example and use it to just output CSV-formatted summary data: cat ZeroAccessGeoIPs.csv | cut -f1,1 -d\\,| sort | uniq -c |\u2026","rel":"","context":"In "Charts & Graphs"","block_context":{"text":"Charts & Graphs","link":"https:\/\/rud.is\/b\/category\/charts-graphs\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1667,"url":"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/","url_meta":{"origin":2590,"position":2},"title":"DIY ZeroAccess Analysis Lesson #1 : Treat GeoIP Results Lightly","author":"hrbrmstr","date":"2012-10-11","format":false,"excerpt":"UPDATE: While the cautionary advice still (IMO) holds true, it turns out that \u2013 once I actually looked at the lat\/lng pair being returned for the anomaly presented below, the weird results come from horrible precision resolution from the initial IP address \u2192 lat\/lng conversion (which isn't the fault of\u2026","rel":"","context":"In "Charts & Graphs"","block_context":{"text":"Charts & Graphs","link":"https:\/\/rud.is\/b\/category\/charts-graphs\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1640,"url":"https:\/\/rud.is\/b\/2012\/10\/08\/diy-zeroaccess-geoip-analysis-so-what\/","url_meta":{"origin":2590,"position":3},"title":"DIY ZeroAccess GeoIP Analysis : So What?","author":"hrbrmstr","date":"2012-10-08","format":false,"excerpt":"NOTE: A great deal of this post comes from @jayjacobs as he took a conversation we were having about thoughts on ways to look at the data and just ran like the Flash with it. Did you know that \u2013\u00a0if you're a US citizen \u2013\u00a0you have approximately a 1 in\u2026","rel":"","context":"In "Charts & Graphs"","block_context":{"text":"Charts & Graphs","link":"https:\/\/rud.is\/b\/category\/charts-graphs\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1611,"url":"https:\/\/rud.is\/b\/2012\/10\/05\/more-diy-zeroaccess-geoip-fun-jqueryd3-choropleths\/","url_meta":{"origin":2590,"position":4},"title":"More DIY ZeroAccess GeoIP Fun : jQuery\/D3 Choropleths","author":"hrbrmstr","date":"2012-10-05","format":false,"excerpt":"In the spirit of the previous example this one shows you how to do a quick, country-based choropleth in D3\/jQuery with some help from the command-line since not everyone is equipped to kick out some R and most folks I know are very handy at a terminal prompt. I took\u2026","rel":"","context":"In "Charts & Graphs"","block_context":{"text":"Charts & Graphs","link":"https:\/\/rud.is\/b\/category\/charts-graphs\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2068,"url":"https:\/\/rud.is\/b\/2013\/02\/08\/visualizing-malicious-clusters-outliers\/","url_meta":{"origin":2590,"position":5},"title":"Visualizing Malicious Clusters & Outliers","author":"hrbrmstr","date":"2013-02-08","format":false,"excerpt":"So, I've had some quick, consecutive blog posts around this R package I'm working on, and this one is more of an answer to my own, self-identified question of \"so what?\". As I was working on an importer for AlienValut's IP reputation database, I thought it might be interesting to\u2026","rel":"","context":"In "Data Analysis"","block_context":{"text":"Data Analysis","link":"https:\/\/rud.is\/b\/category\/data-analysis-2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/2590","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/comments?post=2590"}],"version-history":[{"count":0,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/2590\/revisions"}],"wp:attachment":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/media?parent=2590"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/categories?post=2590"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/tags?post=2590"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}