US Army Identifies How To Improve Cybersecurity

Uploaded on 2019-06-04 in GOVERNMENT-Defence, FREE TO VIEW, TECHNOLOGY--Developments

Cybersecurity is now one of the US nation's top security concerns as millions of people were affected by breaches around the world. Working on an idea that malevolent network activity would reveal its criminal purpose early,  US Army researchers have developed a tool that would stop transmitting traffic after a given number of messages had be transmitted.

The resulting compressed network traffic was analysed and compared to the analysis performed on the original network traffic.

This research was done at the US Army Combat Capabilities Development Command's Army Research Laboratory, and Towson University and they potentially identified new ways to improve network security.

Many cybersecurity systems use distributed network intrusion detection. This allows a small number of highly trained analysts to monitor several networks at the same time. The process reduces cost through economies of scale and more efficiently controls the limited cybersecurity expertise. 

However, the researchers realised that this approach requires data to be transmitted from network intrusion detection sensors on the defended network to central analysis severs. Transmitting all of the data captured by sensors requires too much bandwidth, researchers realised.

Because of this, most distributed network intrusion detection systems only send alerts, or summaries of activities, back to the security analyst. With only these summaries, cyber-attacks can go undetected because the analyst did not have enough information to understand the network activity, or, alternatively, time may be wasted chasing down false positives.

As suspected, researchers found cyber-attacks often do do the the most damage early in the transmission process. But when the team identified malicious activity later in the transmission process, it was usually not the first occurrence of malicious activity in that network flow.

"This strategy should be effective in reducing the amount of network traffic sent from the sensor to central analyst system," said Sidney Smith, an ARL researcher and the study's lead author.

"Ultimately, this strategy could be used to increase the reliability and security of Army networks."

For the next phase, researchers want to integrate this technique with network classification and lossless compression techniques to reduce the amount of traffic that needs to be transmitted to the central analysis systems to less than 10% of the original traffic volume while losing no more than 1% of cyber security alerts.

"The future of intrusion detection is in machine learning and other artificial intelligence techniques," Smith said.

"However, many of these techniques are too resource intensive to run on the remote sensors, and all of them require large amounts of data. A cybersecurity system incorporating our research

EurekaAlert:         FCW:       USArmyDevCom:

You Might Also Read:



 

« WannaCry Hero Deserves a Pardon, Not A Conviction
A Predictive Tool For Armed Police »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

AusCERT

AusCERT

AusCERT is the premier Computer Emergency Response Team (CERT) in Australia and a leading CERT in the Asia/Pacific region

VMworld

VMworld

VMworld is a global conference for virtualization and cloud computing, including associated security issues.

Jones Day

Jones Day

Jones Day is an international law firm based in the United States. Practice areas include Cybersecurity, Privacy & Data Protection.

Radware

Radware

Radware is a global leader of application delivery and cyber security solutions for virtual, cloud and software defined data centers.

StickyMinds

StickyMinds

StickyMinds is the web's first interactive testing community exclusively engaged in improving software quality throughout the software development lifecycle.

APWG

APWG

APWG is the international coalition unifying the global response to cybercrime across industry, government, law-enforcement and NGO communities.

ISACA Conferences

ISACA Conferences

ISACA is dedicated to offering the most dynamic and inclusive conferences to keep you abreast of the latest advances in IT and Information Security.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cobalt Strike

Cobalt Strike

Cobalt Strike is penetration testing software designed to execute targeted attacks.

Teramind

Teramind

Teramind provides a user-centric security approach to monitor employee behavior in order to identify suspicious activity, detect possible threats, monitor efficiency, and ensure industry compliance.

Cyfirma

Cyfirma

CYFIRMA offers Cyber threat visibility and intelligence suite and services aimed at keeping your organization’s cybersecurity posture up-to-date.

ValidSoft

ValidSoft

ValidSoft is a security software company, providing telecommunications-based multi-factor authentication, identity and transaction verification technology.

Secura B.V.

Secura B.V.

Secura is an independent specialized cybersecurity expert, providing insights to protect valuable assets and data.

Inpher

Inpher

Inpher has pioneered cryptographic Secret Computing® that enables advanced analytics and machine learning while keeping data private, secure, and distributed.

Fescaro

Fescaro

FESCARO is a trusted cybersecurity partner for global automakers and their partners, helping them transition to software-defined vehicles (SDVs) with tailored automotive software solutions.

Beacon Technology

Beacon Technology

Beacon Technology offers a comprehensive platform consisting of XDR, VMDR, and Breach and Attack simulation tools.