Scientists at the Department of Energy’s Pacific Northwest National Laboratory have developed a new way to detect denial-of-service attacks.
The new technique is more accurate than current methods, correctly identifying 99% of attacks in testing.
The technique works by tracking the evolution of entropy, a measure of disorder in a system.
During a denial-of-service attack, two measures of entropy go in opposite directions. At the target address, many more clicks than usual are going to one place, a state of low entropy. But the sources of those clicks, whether people, zombies or bots, originate in many different places—high entropy. The mismatch could signify an attack.
The new technique is automated and doesn’t require close oversight by a human to distinguish between legitimate traffic and an attack.
The researchers say that their program is “lightweight”—it doesn’t need much computing power or network resources to do its job.
The PNNL team is now looking at how the buildout of 5G networking and the booming internet of things landscape will have an impact on denial-of-service attacks.