README_DEV.md

1. # USA-live-cyber-attack-map
2. Origin of attack === USA
3.  
4. ## Background & Overview
5.  
6. This application receives data on malicious internet traffic originating in the USA in real time (RT), visualizes its origin with Google Maps, and provides informative tables.
7.  
8. Information security companies install '[honeypots][honeypot]' (intentionally vulnerable networks) in various countries to
9. collect malware samples. Honeypots appear to have valuable data, but in reality contain software to capture or log malware
10. activity. Data of interest to a research honeypot could be origin IP, geolocation, protocol, and port. Most of the data
11. provided to this application is the product of research honeypots staffed by various organizations.
12.  
13. It is important to note that IPs can be [altered][spoof] easily - so origin data should not be taken as definitive.
14.  
15. ## Functionality & MVP
16.  
17. - Google map drops custom points at attack origins in real time. Points display attack info when clicked.
18. - Feed shows JSON data in RT.
19. - Table shows 'top attackers' based on origin of malicious traffic. (All tables update and sort in RT)
20. - Table shows top malware attack types.
21. - Table shows top countries targeted.
22.  
23. ## Snapshot
24.  
25. All data for the app will come from the RT feed, the site will consist of one main page.
26.  
27. ![page][page]
28.  
29. ## Implementation Timeline
30.  
31. Over the weekend:
32.  
33. - Set up Satori RT feed
34. - Get permanent API keys
35. - Filter data appropriately
36.  
37. Day 1:
38.  
39. - Create logic for data tables
40. - Overall CSS
41.  
42. Day 2:
43.  
44. - Research Google Maps Javascript API
45.  
46. Day 3-4:
47.  
48. - Implement Google Maps visualization for RT data
49. - Polishing of visualization and CSS
50.  
51. [honeypot]: https://en.wikipedia.org/wiki/Honeypot_(computing)
52. [spoof]: https://en.wikipedia.org/wiki/IP_address_spoofing
53. [page]: ./images/page.png "main page"
54.