Cloud computing has brought about significant benefits to enterprises through its scalability, elasticity, and cost-effectiveness. But as with many technological innovations, irresponsible parties, namely cyber-attackers, may take advantage of the power and convenience of the cloud for personal benefit. Every day, enterprises face a barrage of cyberattacks that are continually evolving. With the massive scale of the cloud, defending against such attacks is no easy feat, especially when safeguarding mission critical applications and resources for your enterprise.
Just like every other enterprise, Alibaba was faced with an impossible challenge to defend its entire infrastructure on this year's 11.11 shopping festival (Singles' Day). This year, Alibaba handled a record-shattering USD38.4 billion of GMV in 24 hours, and a peak performance of 544,000 orders per second, all with zero downtime recorded. How did Alibaba Cloud defend its infrastructure despite facing hundreds of billions of access requests in such a short time frame?
The answer is human-machine collaboration. What does this mean? In the simplest terms, human-machine collaboration involves experts working closely with AI-based tools to enable robust security solutions. For this year's 11.11 shopping festival, security experts at Alibaba leverage their experience as well as pre-trained AI to empower the defense system with the capability of real-time risk detection and rapid response to emergency.
You might be wondering now, where is this artificial intelligence (AI) coming from?
The production of advanced security machine intelligence requires three prerequisites: massive historical attack and defense data, professional security experts who can train machine intelligence models, and various application scenarios that provides training environments. As the largest cloud service provider in the Asia-Pacific region, Alibaba Cloud provides enterprise-level security services for 200 thousand enterprises globally.
Alibaba Cloud has accumulated PB-level historical attack and defense data; a capacity that is equivalent to that of tens of millions of HD movies. All of these attack data resources are constantly transported to Alibaba Cloud's smart factory as "crude oil," laying the foundation for producing machine intelligence. In essence, Alibaba Cloud's intelligent security solution is not just an AI-enabled solution, but a comprehensive one that is based on years of experience, as well as the product of our cutting-edge research by industry experts.
Alibaba Cloud's Apsara connects a computing cluster that consists of thousands of servers to form a data kernel, which is known as a "data refinery." By extracting data from the original attack, such as the malicious IP address library, malicious domain name library, and malicious sample library, Apsara can compile and analyze this data to better defend against future attacks.
Specifically, all extracted data is input into the security intelligence kernel and intelligent knowledge engine to create defensive "weapons". The security intelligence kernel embodies the concept that "all normal behaviors are similar, but all abnormal behaviors are different". It accurately extracts the model and knowledge of all abnormal behaviors from the data vector space, and use the knowledge to empower the intelligent agents against threats. The biggest highlight of this solution is our use of intelligent agents that work 24/7, which significantly reduces the capacity for human errors.
Massive intelligent agents collaborate with each other and help security experts to proactively defend against large-scale attacks, allowing security experts to focus on research, judgment, and deduction at a higher level. In this case, the intelligent knowledge engine continuously extracts millions of data on cybersecurity defenses and generates multi-dimensional profiles for various threat entities. This empowers security experts with powerful insights into various threats during potential attacks.
On 11.11 every year, Alibaba Cloud faces billions of attacks from different countries around the world. During this year's 11.11 Shopping Festival, excluding the traffic generated by hacker attacks, the peak workload of processing was 544,000 transactions per second, and the daily data processing volume was 970 PB. Alibaba Cloud had to provide a solution that is capable of handling massive workloads for stability, and at the same time, analyzing and filtering all data flowing into the system for security.
Even when facing with such a huge amount of data, the collaboration between human experience and machine intelligence formed intelligent agents that mounted a successful defense of this year's 11.11. This year, we have recorded the following performance:
The intelligent agents intercepted 4.73 million attacks from 17 patterns and 29 thousand malicious IP addresses, and analyzed more than 283.6 billion behavior records in real time for Alibaba on 11.11.
As mentioned earlier, intelligent agents generated by the security intelligence kernel can proactively defend against threats, just as what security experts would normally do. By far, Alibaba Cloud's security team has created thousands of intelligent models and has set up thousands of intelligent agents by leveraging technologies such as batch computing, stream computing, and graph computing. These are all incorporated into the overall security defense system of Alibaba Cloud, working closely with security experts to form a solid line of security defense.
According to our experience, we know that the security battle is not just a confrontation between people or between machines, but rather a confrontation of knowledge between intelligent agents, which comprise of both human and machine intelligence. Attackers will always look for opportunities to exploit vulnerabilities, and defenders will always find ways to defend and intercept attacks through proactive detection and extensive research. At the end of the day, the winner of this battle is ultimately decided by the party that leverages the most resources, be it human or otherwise.
Learn the Strategies and Tactics of Cryptocurrency Mining Trojans
Decoding the AI Defense System Behind Alibaba Cloud Web Application Firewall (WAF)
32 posts | 15 followers
FollowAlibaba Clouder - September 7, 2017
Alibaba Clouder - January 22, 2020
Alibaba Clouder - May 9, 2020
Alibaba Clouder - July 12, 2019
Amuthan Nallathambi - August 24, 2023
Alibaba Cloud Security - December 12, 2019
32 posts | 15 followers
FollowA platform that provides enterprise-level data modeling services based on machine learning algorithms to quickly meet your needs for data-driven operations.
Learn MoreThis technology can be used to predict the spread of COVID-19 and help decision makers evaluate the impact of various prevention and control measures on the development of the epidemic.
Learn MoreOffline SDKs for visual production, such as image segmentation, video segmentation, and character recognition, based on deep learning technologies developed by Alibaba Cloud.
Learn MoreAlibaba Cloud is committed to safeguarding the cloud security for every business.
Learn MoreMore Posts by Alibaba Cloud Security