Researchers Find Clues for Dramatically Reducing IDS Traffic VolumeResearchers Find Clues for Dramatically Reducing IDS Traffic Volume
Research at military labs and Towson University shows that identifying malicious activity may require much less captured data than has been the case.
April 20, 2019
Researchers at the US Army Combat Capabilities Development Command's Army Research Laboratory, the Army's corporate research laboratory (ARL), and Towson University have jointly developed techniques that should allow analysts to identify threats faster and with much less data than current methods.
In their research, the scientists found that malicious software tends to be malicious sooner, rather than later, in its network presence. This discovery has allowed them to perform analysis after transmitting much less traffic from an intrusion detection sensor to the analyst than is typically the case. The issue of intrusion detection sensor data volume has become critical as network traffic and malicious activity have both increased, leading to a dramatic increase in the sheer amount of data delivered for analysis.
The research goal is to use less than 10% of the original required data to perform analysis with less than 1% loss of security alerts. That compression will be the topic of the next phase in the research.
The research was presented in a paper at the 10th International Multi-Conference on Complexity, Informatics and Cybernetics.
Read more here.
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.
Read more about:2019
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023