US Army Identifies How To Improve Cybersecurity

Cybersecurity is now one of the US nation's top security concerns as millions of people were affected by breaches around the world. Working on an idea that malevolent network activity would reveal its criminal purpose early,  US Army researchers have developed a tool that would stop transmitting traffic after a given number of messages had be transmitted.

The resulting compressed network traffic was analysed and compared to the analysis performed on the original network traffic.

This research was done at the US Army Combat Capabilities Development Command's Army Research Laboratory, and Towson University and they potentially identified new ways to improve network security.

Many cybersecurity systems use distributed network intrusion detection. This allows a small number of highly trained analysts to monitor several networks at the same time. The process reduces cost through economies of scale and more efficiently controls the limited cybersecurity expertise. 

However, the researchers realised that this approach requires data to be transmitted from network intrusion detection sensors on the defended network to central analysis severs. Transmitting all of the data captured by sensors requires too much bandwidth, researchers realised.

Because of this, most distributed network intrusion detection systems only send alerts, or summaries of activities, back to the security analyst. With only these summaries, cyber-attacks can go undetected because the analyst did not have enough information to understand the network activity, or, alternatively, time may be wasted chasing down false positives.

As suspected, researchers found cyber-attacks often do do the the most damage early in the transmission process. But when the team identified malicious activity later in the transmission process, it was usually not the first occurrence of malicious activity in that network flow.

"This strategy should be effective in reducing the amount of network traffic sent from the sensor to central analyst system," said Sidney Smith, an ARL researcher and the study's lead author.

"Ultimately, this strategy could be used to increase the reliability and security of Army networks."

For the next phase, researchers want to integrate this technique with network classification and lossless compression techniques to reduce the amount of traffic that needs to be transmitted to the central analysis systems to less than 10% of the original traffic volume while losing no more than 1% of cyber security alerts.

"The future of intrusion detection is in machine learning and other artificial intelligence techniques," Smith said.

"However, many of these techniques are too resource intensive to run on the remote sensors, and all of them require large amounts of data. A cybersecurity system incorporating our research

EurekaAlert:         FCW:       USArmyDevCom:

You Might Also Read:



 

« WannaCry Hero Deserves a Pardon, Not A Conviction
A Predictive Tool For Armed Police »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Galaxkey

Galaxkey

Galaxkey is a data protection product that protects email, documents and any data using access control and an encryption platform.

BruCON

BruCON

Brucon is Belgiums premium security and hacking conference.

Allianz

Allianz

Allianz Cyber Protect is a comprehensive cyber insurance provided internationally and tailored to your company´s risk profile.

Infiltrate

Infiltrate

INFILTRATE is a deep technical conference that focuses entirely on offensive security issues.

PlaxidityX

PlaxidityX

PlaxidityX (formerly Argus Cyber Security) is a global leader in mobility cyber security, provides DevSecOps, vehicle protection and fleet protection technologies and services.

Attivo Networks

Attivo Networks

Attivo Networks is an award winning provider of deception for in-network threat detection, attack forensic analysis, and continuous threat response.

Medigate

Medigate

Medigate is a dedicated medical device security platform protecting all of the connected medical devices on health care provider networks.

Gulf Computer Services Co (GCSC)

Gulf Computer Services Co (GCSC)

Gulf Computer Services is a major player in the field of networking & Communication solutions for emerging industries such as Internet Services and Information Technology in Saudi Arabia.

ST Engineering

ST Engineering

ST Engineering is a leading provider of trusted and innovative cybersecurity solutions.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MAXXeGUARD Data Safety

MAXXeGUARD Data Safety

MAXXeGUARD: The High Security Shredder. MAXXeGUARD easily destroys hard disks up to the highest security levels as well as other digital data carriers like SSD’s, LTO’s, USB’s, CD’s etc.

Acronis

Acronis

At Acronis, we protect the data, applications, systems and productivity of every organization – safeguarding them against cyberattacks, hardware failures, natural disasters and human errors.

Phriendly Phishing

Phriendly Phishing

Phriendly Phishing offers phishing awareness training programs designed to ward off potential security threats and minimise the impact of cyber attacks.

Flotek

Flotek

Flotek is an IT & Comms service provider delivering SMEs with trusted, innovative and cost effective cloud technology, with confidence, clarity and clout.

COPA-DATA

COPA-DATA

COPA-DATA is the only independent software manufacturer to combine in-depth experience in automation with new possibilities of digital transformation – reliable, future-proof and operating worldwide.

Finlaw Associates

Finlaw Associates

Finlaw Associates is a trusted cybercrime law firm providing a wide range of taxation, legal, advisory and regulatory services to the financial, commercial and industrial communities.