A new network traffic splitting system could provide security professionals with advance warning of cyber-attacks.
Security researchers from the University of Tulsa are reporting that they have found a way to allow network admins to take pre-emptive protective measures to secure their networks by identifying an attack before it even reaches its target. The report was published in the International Journal of Critical Infrastructure Protection; in it, the researchers and engineers who worked on the project explain that by slowing network traffic almost imperceptibly (just a few milliseconds per packet), network security software would be given enough time to identify whether a packet is malicious or not.
After identifying the attack, an algorithm developed by the team would send high-speed, high-priority packets across the network to the target of the attack, engaging defensive measures before the attack can even be carried out. It works by reserving optimal network paths for high-priority traffic and routing everything else across an extra connection or two, slightly slowing normal traffic across the network.
This new method, one of the authors of the report cautions, shouldn’t be seen as a miracle cure for network security. Adapting an existing network to run this algorithm would require investing in caching technology and defensive programs, and allocation of network pathways for the command and control signals for the defensive measures could be seen as a waste of network capacity. Additionally, the system is only as capable as the sensors being used to detect an attack. Attack variants or newly created attacks the sensors are unable to detect can still slip through and cause havoc.
New security software in development is showing promise, however. One program, being developed at Dartmouth College and the University of Calgary would allow network infrastructure to effectively monitor itself by detecting changes in sequences of code from within the kernel, potentially identifying malicious programs. When combined with the new hyperspeed signaling algorithms, the network security professional now has the capability of preventing all but the most serious attacks from even breaching the first line of defense.