Detecting network cyber attacks earlier

hacker looking at screen

Protecting Defense Department networks from cyber attacks is critical, and Army researchers may now have figured out how to stop bad actors sooner.

Researchers with Army Research Laboratory and Towson University developed a tool to test the theory that attackers can be detected and stopped earlier by analyzing compressed network traffic.

Cyber intrusions are currently detected by analysts who monitor data transmitted from the defended network’s detection sensors to central analysis severs. The process requires so much bandwidth that most systems only send analysts alerts or summaries, which means some intrusions go undetected.

Instead, researchers found that compressing the traffic allowed analysts to detect intrusions earlier in the transmission process.

"This strategy should be effective in reducing the amount of network traffic sent from the sensor to central analyst system," Sidney Smith, an ARL researcher and the study's lead author, said. "Ultimately, this strategy could be used to increase the reliability and security of Army networks."

ARL's research echoes a recurring DOD theme that emphasizes network protection and the need for cybersecurity throughout the entire organization.

For example, DOD hopes to boost funds to cyber forces in the 2020 defense spending bill -- a move that’s in lockstep with the overall government budget. And back on the research side, the Defense Advanced Research Projects Agency is looking to solve cyber problems with tactics such as cyber hunting on an enterprise scale, conducting hackathons and building an air-gapped system to protect data at rest

Next on Army researchers’ agenda is to incorporate network classification and additional compression techniques to reduce the amount of traffic transmitted to central analysis systems to under 10% of original volume while losing less than 1% of cybersecurity alerts.

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at, or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.