Scientists detect DDOS threats detected thanks to asymmetric behavior
Scientists detect DDOS threats detected thanks to asymmetric behavior
Scientists have developed a better way to recognize denial-of-service internet attacks, improving detection by 90 percent.
To improve detection accuracy, the PNNL team sidestepped the concept of thresholds completely. Instead, the team focused on the evolution of entropy, a measure of disorder in a system.
Usually on the internet, there's consistent disorder everywhere. But during a denial-of-service attack, two measures of entropy go in opposite directions. At the target address, many more clicks than usual are going to one place, a state of low entropy. But the sources of those clicks, whether people, zombies or bots, originate in many different places -- high entropy. The mismatch could signify an attack.