Curtin researchers have developed a security software shield that can prevent distributed denial of service (DDoS) attacks, such as the 2016 Australian census website crash and the 2016 October shutdown of major US websites.
The software, dubbed the Probability Engine for Identifying Malicious Activity (PEIMA), is able to reduce DDoS attacks – where hackers swamp a computer system with artificially generated traffic to crash a server – by 90 to 96 per cent, rendering them effectively harmless.
The team behind the idea, comprising Associate Professor Mihai Lazarescu, Dr Sonny Pham, PhD candidate Stefan Prandl and Dr Sie Teng Soh in collaboration with Professor Subhash Kak from Oklahoma State University, is confident the software could prevent these attacks, which reportedly cost targeted organisations an average of US$2.5 million per incident* and can be crippling for small to medium-sized businesses.
“We have validated the software using data provided by Curtin IT Services and we know it works,” Lazarescu says excitedly.
“What’s interesting is that the industry had given up on trying to fix this problem and now we have the solution.”
Recent years have seen large scale DDoS attacks, the most well-known of which occurred in 2016 against the Australian census website, which left reportedly millions of Australians unable to submit their census forms online on its opening day, and Domain Name System provider Dyn, which led to many US-based users being unable to access popular websites including Airbnb, Amazon.com, Netflix, Reddit, Spotify and Twitter.
How does it work?
An analysis of DDoS traffic generated in an experiment.
The software incorporates powerful statistical techniques called ‘power law probability distributions’ to filter out the ‘bad’, artificially generated internet traffic from the ‘good’ human generated traffic.
In a power law, the digits or categories from a naturally generated process follow universal rules on their probabilities, so when there are changes to how these digits or categories appear it likely indicates that there is an abnormality.
This is useful in a DDoS attack because the fact that the attack is flooding the server with large amounts of artificial users sets it apart from the ‘naturalness’ of the network.
“Power laws can detect values that are considered to be anonymous,” explains Pham.
“It doesn’t matter what activity a user is undertaking: we know that a real person behaves differently to a computer program and that they leave a different signature.
“Power laws are very hard to beat. The only way to do it is to sacrifice the bandwidth that has been used to create the DDoS attack or to slow down the artificial traffic to the point where it looks normal, but that means it can’t attack the server.”
Get in touch
The PEIMA team. Dr Sonny Pham (back left), Dr Sie Teng Soh (back right), Associate Professor Mihai Lazarescu (front left) and Mr Stefan Prandl (front right). Lazarescu and Pham previously collaborated on the winning idea at the Curtin Commercial Innovation Awards: the iCetana surveillance system.
The team’s win at the 2017 Curtinnovation Awards as well as presentations they have given at information security event Black Hat USA 2017 and hacker convention DEF CON 25 in Las Vegas has led to significant interest in the PEIMA software from parties across varying industries.
“Our main goal is to commercialise this software as soon as possible because there’s a clear need for it. Let’s try this out in a real situation,” says Lazarescu.
“For example, if you work for a financial institution and you’re being blackmailed, let’s deploy this software. If hackers try to launch a DDoS attack, we can stop it for you.
“We’re going to put a lot of malicious people out of work.”
For more information, contact Curtin’s Office of Research and Development.
*Neustar, 2017