You know those times when a website crashes because too many people are trying to use it at once?
It’s like a traffic jam on a busy road.
This can happen because of a big event like a famous artist releasing a new album, or a big game going live.
But sometimes, it can also happen because someone with bad intentions floods the website with tons of fake traffic to intentionally crash it.
This is called a “denial-of-service” attack, and it’s a big problem on the internet.
Usually, these bad guys (let’s call them internet bullies) get lots of computers to bombard a website with traffic, so it can’t handle real visitors. Sometimes they do it to ask for money, sometimes just to create chaos.
To catch these internet bullies, the people protecting websites often set a limit or “threshold”. They keep an eye on the traffic and if it goes above the limit, they assume an attack is happening.
The problem is, sometimes the traffic might be high because of a genuine reason (like that new album), and they end up blocking real users, which is exactly what the internet bullies want. This method is a bit like setting a trap that catches all big animals because you want to catch a bear.
A group of clever computer scientists at the Department of Energy’s Pacific Northwest National Laboratory (PNNL), led by scientist Omer Subasi, have come up with a much smarter way to catch these bullies.
They’ve found a way to tell the difference between a real traffic surge and a fake one.
Instead of just looking at how much traffic there is, they measure the “entropy” of the traffic. That’s a fancy word for the amount of disorder or mess in the system.
Imagine if you suddenly had hundreds of letters arriving at your house all at once – that’s high entropy. But if all those letters were going to different houses, that’s low entropy.
When a denial-of-service attack happens, there’s high entropy because lots of traffic is coming from many places, but it’s all going to one place (the target website), which is low entropy.
By watching how this entropy changes over time, the scientists can tell if an attack is happening.
They also use a special calculation called “Tsallis entropy” that’s really good at telling the difference between normal traffic and an attack. It’s like having a really accurate thermometer that can tell if you’re just a bit warm or if you have a fever.
This new method is so good, it can spot 99% of denial-of-service attacks. That’s much better than the usual way, which only spots about half of them.
And the best part is, it’s automatic. It doesn’t need someone watching it all the time, and it doesn’t need a supercomputer to run it.
The PNNL team are now looking into how this method can help with the growing problem of these attacks in the world of 5G and the “internet of things”.
As more and more devices connect to the internet, there are more chances for these attacks. We’re looking forward to seeing how this clever new tool can help keep the internet a safer place for everyone.
Follow us on Twitter for more articles about this topic.
Source: Pacific Northwest National Laboratory.