Detecting network cyber attacks earlier

hacker looking at screen

Protecting Defense Department networks from cyber attacks is critical, and Army researchers may now have figured out how to stop bad actors sooner.

Researchers with Army Research Laboratory and Towson University developed a tool to test the theory that attackers can be detected and stopped earlier by analyzing compressed network traffic.

Cyber intrusions are currently detected by analysts who monitor data transmitted from the defended network’s detection sensors to central analysis severs. The process requires so much bandwidth that most systems only send analysts alerts or summaries, which means some intrusions go undetected.

Instead, researchers found that compressing the traffic allowed analysts to detect intrusions earlier in the transmission process.

"This strategy should be effective in reducing the amount of network traffic sent from the sensor to central analyst system," Sidney Smith, an ARL researcher and the study's lead author, said. "Ultimately, this strategy could be used to increase the reliability and security of Army networks."

ARL's research echoes a recurring DOD theme that emphasizes network protection and the need for cybersecurity throughout the entire organization.

For example, DOD hopes to boost funds to cyber forces in the 2020 defense spending bill -- a move that’s in lockstep with the overall government budget. And back on the research side, the Defense Advanced Research Projects Agency is looking to solve cyber problems with tactics such as cyber hunting on an enterprise scale, conducting hackathons and building an air-gapped system to protect data at rest

Next on Army researchers’ agenda is to incorporate network classification and additional compression techniques to reduce the amount of traffic transmitted to central analysis systems to under 10% of original volume while losing less than 1% of cybersecurity alerts.

About the Author

Lauren C. Williams is senior editor for FCW and Defense Systems, covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


  • Comment
    customer experience (garagestock/

    Leveraging the TMF to improve customer experience

    Focusing on customer experience as part of the Technology Modernization Fund investment strategy will enable agencies to improve service and build trust in government.

  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

Stay Connected