Computer scientists at the Department of Energy's Pacific Northwest National Laboratory (PNNL) have developed an innovative technique to enhance the detection of a common internet attack, vastly improving accuracy compared to existing methods.
The new approach focuses on monitoring ever-changing internet traffic patterns to recognize denial-of-service attacks. In these attacks, hackers flood a website with requests, attempting to shut it down. The motives behind such attacks vary, ranging from ransom demands to disrupting businesses or users.
BERLIN, GERMANY - JANUARY 25: In this photo illustration a young man types on an illuminated computer keyboard typically favored by computer coders on January 25, 2021 in Berlin, Germany.
More Sophisticated Strategy to Detect a Common Internet Attack
Current systems often rely on a single threshold value to detect attacks. However, this simplistic approach leaves systems vulnerable to missing genuine attacks or generating false alarms, causing disruptions to legitimate traffic.
To overcome these limitations, the PNNL team devised a more sophisticated strategy centered around entropy, a measure of disorder in a system.
The researchers explained that during denial-of-service attacks, two measures of entropy behave differently. There is a low entropy at the target address due to an unusually high volume of clicks.
Conversely, the sources of those clicks exhibit high entropy as they come from various places. By analyzing this mismatch, the new technique identifies potential attacks more accurately.
During the team's testing, 10 standard algorithms detected, on average, 52 percent of Denial-of-Service (DoS) attacks, with the best one identifying 62 percent. On the other hand, the PNNL formula achieved an impressive 99 percent in identifying such attacks.
The improvement stems not only from avoiding static thresholds but also from incorporating trend analysis. According to the research team, instead of merely looking at entropy levels, the PNNL method continuously monitors entropy changes over time.
Moreover, the researchers employed the Tsallis entropy formula, which they claimed to be significantly more sensitive than the widely-used Shannon entropy for identifying false alarms and distinguishing legitimate traffic surges from attacks.
The PNNL Solution on a Common Internet Attack
The PNNL solution is automated, requiring minimal computing power and network resources to function effectively. Unlike machine learning and artificial intelligence-based approaches, which necessitate extensive training data, the PNNL method is lightweight and efficient.
With the development of 5G networking and the flourishing of the internet of things landscape, the team at PNNL aims to assess the impact of these developments on denial-of-service attacks.
"With so many more devices and systems connected to the internet, there are many more opportunities than before to attack systems maliciously," principal investigator Kevin Barker said in a statement.
"And more and more devices like home security systems, sensors and even scientific instruments are added to networks every day. We need to do everything we can to stop these attacks," he added.
PNNL scientist Omer Subasi presented the research team's findings at the IEEE International Conference on Cyber Security and Resilience. The team's work was also hailed as the best research paper at the meeting.
Related Article: FBI Urges Athletes, Audiences to Use Temporary Phones For Upcoming Beijing Winter Olympics; Cites Potential Cyberattack
