New way to improve cybersecurity

Science Daily  April 17, 2109
Use of distributed network intrusion detection requires data to be transmitted from sensors requiring large bandwidth, hence most systems only send alerts or summaries of activities back to the security analyst. To overcome this, a team of researchers in the US (ARL, Towson University) developed a tool that would stop transmitting traffic after a given number of messages had been transmitted based on the theory that malicious network activity would manifest its maliciousness early in the transmission process. In tests they found their theory to be correct. They are working to reduce the amount of traffic that needs to be transmitted to the central analysis systems to less than 10% of the original traffic volume while losing no more than 1% of cyber security alerts…read more.