Doctoral student Chuck Smith, ARL team find new way to identify malicious attacks sooner
Chuck Smith ’90/’13/’19 walked off Towson University’s Commencement stage with a bachelor’s degree in computer science and a job as a computer scientist with the U.S. Army. Twenty-three years later – and still with the Army -- he returned to earn his master’s degree.
Now he’s about to be awarded a doctorate from TU.
In 2010, Smith transferred to the Army Research Lab (ARL) at Aberdeen Proving Ground. Three years later, the Harford County, Maryland, native enrolled at his alma mater to earn his master’s degree in computer science. He will graduate later this month with a doctorate in information technology.
Towson University is one of four institutions in the world to receive ABET accreditation under the cybersecurity criteria.
“I liked the way the computer science graduate program was structured,” Smith says. “I wanted to take classes in person. I liked how it was geared to working professionals, with night classes and professors who were practitioners in the field. The networking opportunities with classmates were tremendous as well.”
From 2010 until 2017 Smith led the team that developed and maintained the software and hardware used by the ARL cybersecurity service provider (CSSP), as well as the Department of Defense (DoD) initiative to protect DoD networks. The ARL CSSP employed a distributed network intrusion detection system in which sensors were deployed into the clients’ network. As part of the research for his doctorate, Smith looked for ways to reduce the amount of traffic that must be transmitted from the sensors to the central analysis servers without losing the evidence of malicious activity.
Working off the theory that malicious activity started occurring early in the transmission, Smith created prototype software that tracks network transmissions and stops collecting after a configurable threshold in either packets or bytes has been reached. This technique was tested against several data sets validating the theory that malicious activity starts early in the transmission.
Smith presented a paper on the research, “The Use of Flow Features in Lossy Network Traffic Compression for Network Intrusion Detection Applications,” at the 10th International Multi-Conference on Complexity, Informatics and Cybernetics (IMCIC 2019) in mid-March. It won the Best Paper award in the session on control, communications and network systems, technologies and applications.
The next step for Smith and his team is to integrate this technique with others already in use to reduce network intrusion data traffic to less than 10% of the original volume while losing no more than 1% of cybersecurity alerts.