New ways to detect network attacks sooner
- By Lauren C. Williams
- Apr 25, 2019
Army researchers may have figured out how to detect bad actors earlier in their attacks, which will help better defend Defense Department networks.
Cyber intrusions are currently detected by analysts who monitor data transmitted from the defended network’s detection sensors to central analysis severs. The process requires so much bandwidth that most systems only send analysts alerts or summaries, which means some intrusions go undetected.
Now, researchers with Army Research Laboratory and Towson University found that compressing the traffic allowed analysts to detect intrusions earlier in the transmission process.
"This strategy should be effective in reducing the amount of network traffic sent from the sensor to central analyst system," Sidney Smith, an ARL researcher and the study's lead author, said. "Ultimately, this strategy could be used to increase the reliability and security of Army networks."
Next on Army researchers’ agenda is to incorporate network classification and additional compression techniques to reduce the amount of traffic transmitted to central analysis systems to under 10% of original volume while losing less than 1% of cybersecurity alerts.
ARL's research echoes a recurring DOD theme that emphasizes network protection and the need for cybersecurity throughout the entire organization.
For example, DOD hopes to boost funds to cyber forces in the 2020 defense spending bill -- a move that’s in lockstep with the overall government budget. And back on the research side, the Defense Advanced Research Projects Agency is looking to solve cyber problems with tactics such as cyber hunting on an enterprise scale, conducting hackathons and building an air-gapped system to protect data at rest.
This article was first posted to FCW, a sibling site to Defense Systems.
Lauren C. Williams is senior editor for FCW and Defense Systems, covering defense and cybersecurity.
Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.
Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.
Click here for previous articles by Wiliams.