Researchers Strengthen Defenses Against Common Cyberattack | News Release | PNNL
www.pnnl.gov
Scientists have developed a better way to recognize denial-of-service internet attacks, improving detection by 90 percent.

To improve detection accuracy, the PNNL team sidestepped the concept of thresholds completely. Instead, the team focused on the evolution of entropy, a measure of disorder in a system.

Usually on the internet, there’s consistent disorder everywhere. But during a denial-of-service attack, two measures of entropy go in opposite directions. At the target address, many more clicks than usual are going to one place, a state of low entropy. But the sources of those clicks, whether people, zombies or bots, originate in many different places – high entropy. The mismatch could signify an attack.