Scientists may have identified a new way to improve network security

With cybersecurity one of the nation’s top security concerns and billions of people affected by breaches last year, government and businesses are spending more time and money defending against it. Researchers at the U.S. Army Combat Capabilities Development Command’s Army Research Laboratory, the Army’s corporate research laboratory also known as ARL, and Towson University may have identified a new way to improve network security. Many cybersecurity systems use distributed network intrusion detection that allows a small number of highly trained analysts to monitor several networks at the same time, reducing cost through economies of scale and more efficiently leveraging limited cybersecurity expertise; however, this approach requires data be transmitted from network intrusion detection sensors on the defended network to central analysis severs. Transmitting all of the data captured by sensors requires too much bandwidth, researchers said. Because of this, most distributed network intrusion detection systems only send alerts or summaries of activities back to the security analyst. With only summaries, cyber-attacks can go undetected because the analyst did not have enough information to understand the network activity, or, alternatively, time may be wasted chasing down false positives.