Summary

• Scientists at the Department of Energy’s Pacific Northwest National Laboratory have developed a new way to detect denial-of-service attacks.
• The new technique is more accurate than current methods, correctly identifying 99% of attacks in testing.
• The technique works by tracking the evolution of entropy, a measure of disorder in a system.
• During a denial-of-service attack, two measures of entropy go in opposite directions. At the target address, many more clicks than usual are going to one place, a state of low entropy. But the sources of those clicks, whether people, zombies or bots, originate in many different places—high entropy. The mismatch could signify an attack.
• The new technique is automated and doesn’t require close oversight by a human to distinguish between legitimate traffic and an attack.
• The researchers say that their program is “lightweight”—it doesn’t need much computing power or network resources to do its job.
• The PNNL team is now looking at how the buildout of 5G networking and the booming internet of things landscape will have an impact on denial-of-service attacks.