The number of internet attacks is growing rapidly, which puts a very heavy strain on traditional methods of intrusion detection. Also, these classic methods are not prepared for the growing number of connected devices or Internet of Things. The good news is, a researcher from University of Twente’s CTIT institute has developed another method of monitoring internet traffic, offering a better way to trace attacks and intrusions.
The new method is an open source software that is not only being tested but also already used by several major organizations and companies in the world.
The classic approach consists of checking the contents of a vast amount of data coming in, analyzing network traffic and then logging files on every computer. According to the researcher that developed a completely new approach, the old way implies analyzing huge amounts of data that will never actually have effect. Additionally, within a network of large organizations with thousands of computers, phones, and other devices connected, it will soon be impossible to check every device.
That’s why the new detection method chooses a “flow based” approach: looking at the data from a higher level and detecting patterns. This approach can take place at a central spot, like a router taking care of traffic, which means that even if the number of devices connected to this router is growing, the detection can be scaled up quickly and easily.
The detection accuracy of the new method is 100%.
Chanwoo's Weekly Tech 