Scientists detect DDOS threats detected thanks to asymmetric behavior

To improve detection accuracy, the PNNL team sidestepped the concept of thresholds completely. Instead, the team focused on the evolution of entropy, a measure of disorder in a system.

Usually on the internet, there's consistent disorder everywhere. But during a denial-of-service attack, two measures of entropy go in opposite directions. At the target address, many more clicks than usual are going to one place, a state of low entropy. But the sources of those clicks, whether people, zombies or bots, originate in many different places -- high entropy. The mismatch could signify an attack.