Detecting network cyber attacks earlier

hacker looking at screen

Protecting Defense Department networks from cyber attacks is critical, and Army researchers may now have figured out how to stop bad actors sooner.

Researchers with Army Research Laboratory and Towson University developed a tool to test the theory that attackers can be detected and stopped earlier by analyzing compressed network traffic.

Cyber intrusions are currently detected by analysts who monitor data transmitted from the defended network’s detection sensors to central analysis severs. The process requires so much bandwidth that most systems only send analysts alerts or summaries, which means some intrusions go undetected.

Instead, researchers found that compressing the traffic allowed analysts to detect intrusions earlier in the transmission process.

"This strategy should be effective in reducing the amount of network traffic sent from the sensor to central analyst system," Sidney Smith, an ARL researcher and the study's lead author, said. "Ultimately, this strategy could be used to increase the reliability and security of Army networks."

ARL's research echoes a recurring DOD theme that emphasizes network protection and the need for cybersecurity throughout the entire organization.

For example, DOD hopes to boost funds to cyber forces in the 2020 defense spending bill -- a move that’s in lockstep with the overall government budget. And back on the research side, the Defense Advanced Research Projects Agency is looking to solve cyber problems with tactics such as cyber hunting on an enterprise scale, conducting hackathons and building an air-gapped system to protect data at rest

Next on Army researchers’ agenda is to incorporate network classification and additional compression techniques to reduce the amount of traffic transmitted to central analysis systems to under 10% of original volume while losing less than 1% of cybersecurity alerts.

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at, or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


  • Defense

    DOD wants prime contractors to be 'help desk' for new cybersecurity model

    The Defense Department is pushing forward with its unified cybersecurity standard for contractors and wants large companies and industry associations to show startups and smaller firms the way.

  • FCW Perspectives
    tech process (pkproject/

    Understanding the obstacles to automation

    As RPA moves from buzzword to practical applications, agency leaders say it’s forcing broader discussions about business operations

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.