Automating DDoS mitigation with artificial intelligence

Distributed Denial of Service (DDOS) attacks are becoming prevalent due to their multi-vector nature and the ability to morph over time. DDoS attacks deny access to a service, website, or a network resource by flooding the target service with an overload of internet traffic—largely comprising fraudulent requests. This prevents genuine users from accessing the service, which causes losses to the business.

In simpler terms, DDoS attack resembles a shop whose entry gates have been crowded by a group of people that prevent genuine customers from entering the shop. Just that the shop in case of a DDoS attack is a big digital business—financial services, travel websites, and online gaming platforms—where attackers usually demand ransom to stop.

Types of DDoS attacks

There are three main categories of DDoS attacks:

1. Application layer attacks: That look to exhaust the resources of the target.
2. Protocol attacks: That disrupt a service by consuming all the state table capability, firewalls, and/or load balancers.
3. Volumetric attacks: That consume all the bandwidth to create congestion.

Some of the common DDoS attacks are:

• UDP (User Datagram Protocol) Flood
• ICMP (Ping) Flood
• SYN Flood
• Ping of Death (PoD)
• NTP Amplification
• Slowloris
• HTTP Flood
• Zero-day DDoS Attacks

One of the earliest and probably the first recorded DDoS attack is attributed to a 15-year old boy who went by the online name 'Mafiaboy' in 2000. The 'DD4BC' came in 2015 and in 2016 came 'Dyn' which was accomplished through the Mirai malware.

A bigger headache awaits

DDoS attacks are likely to grow into a bigger headache with greater adoption of smart devices powered by the Internet of Things (IoT) and transition to 5G networks. IoT devices increase the possibility of cybercriminals planting malware and converting these devices into bots. The cybercriminals remotely control this group of bots, collectively called botnets—a network of bots. Cybercriminals can then manipulate these devices at whim and orchestrate a DDoS attack at scale. Since DDoS attacks emanate from multiple internet devices, it becomes difficult to identify malicious traffic from normal traffic on the internet.

Mitigating DDoS attacks

Most businesses including cloud and service providers cite detection and mitigation as prime concerns for a DDoS attack. To counter DDoS attacks, speed to response is key. This is because DDoS attacks are increasingly becoming sophisticated and multi-vector. A speedy response can help businesses minimize downtime.

Mitigation solutions powered by artificial intelligence and machine learning can help identify and remediate DDoS accounts quickly and without human intervention. Human intervention can cause a delay in detection and response resulting in loss of time. Automated identification of a prospective DDoS attack can help deploy appropriate countermeasures and mitigation filters quickly for superior mitigation at scale.

The article has been written by Neetu Katyal, Content and Marketing Consultant

She can be reached on LinkedIn.