×
Community Blog Successful Defense against 6 Billion Attacks through Human-Machine Collaboration

Successful Defense against 6 Billion Attacks through Human-Machine Collaboration

This article explores how Alibaba Cloud security solutions helped ensure the success of this year's Alibaba Singles' Day (Double 11) Shopping Festival through human-machine collaboration.

Cloud computing has brought about significant benefits to enterprises through its scalability, elasticity, and cost-effectiveness. But as with many technological innovations, irresponsible parties, namely cyber-attackers, may take advantage of the power and convenience of the cloud for personal benefit. Every day, enterprises face a barrage of cyberattacks that are continually evolving. With the massive scale of the cloud, defending against such attacks is no easy feat, especially when safeguarding mission critical applications and resources for your enterprise.

Just like every other enterprise, Alibaba was faced with an impossible challenge to defend its entire infrastructure on this year's 11.11 shopping festival (Singles' Day). This year, Alibaba handled a record-shattering USD38.4 billion of GMV in 24 hours, and a peak performance of 544,000 orders per second, all with zero downtime recorded. How did Alibaba Cloud defend its infrastructure despite facing hundreds of billions of access requests in such a short time frame?

The answer is human-machine collaboration. What does this mean? In the simplest terms, human-machine collaboration involves experts working closely with AI-based tools to enable robust security solutions. For this year's 11.11 shopping festival, security experts at Alibaba leverage their experience as well as pre-trained AI to empower the defense system with the capability of real-time risk detection and rapid response to emergency.

You might be wondering now, where is this artificial intelligence (AI) coming from?

Machine Intelligence from Smart Factory

The production of advanced security machine intelligence requires three prerequisites: massive historical attack and defense data, professional security experts who can train machine intelligence models, and various application scenarios that provides training environments. As the largest cloud service provider in the Asia-Pacific region, Alibaba Cloud provides enterprise-level security services for 200 thousand enterprises globally.

Alibaba Cloud has accumulated PB-level historical attack and defense data; a capacity that is equivalent to that of tens of millions of HD movies. All of these attack data resources are constantly transported to Alibaba Cloud's smart factory as "crude oil," laying the foundation for producing machine intelligence. In essence, Alibaba Cloud's intelligent security solution is not just an AI-enabled solution, but a comprehensive one that is based on years of experience, as well as the product of our cutting-edge research by industry experts.

_final_final

Alibaba Cloud's Apsara connects a computing cluster that consists of thousands of servers to form a data kernel, which is known as a "data refinery." By extracting data from the original attack, such as the malicious IP address library, malicious domain name library, and malicious sample library, Apsara can compile and analyze this data to better defend against future attacks.

Specifically, all extracted data is input into the security intelligence kernel and intelligent knowledge engine to create defensive "weapons". The security intelligence kernel embodies the concept that "all normal behaviors are similar, but all abnormal behaviors are different". It accurately extracts the model and knowledge of all abnormal behaviors from the data vector space, and use the knowledge to empower the intelligent agents against threats. The biggest highlight of this solution is our use of intelligent agents that work 24/7, which significantly reduces the capacity for human errors.

Massive intelligent agents collaborate with each other and help security experts to proactively defend against large-scale attacks, allowing security experts to focus on research, judgment, and deduction at a higher level. In this case, the intelligent knowledge engine continuously extracts millions of data on cybersecurity defenses and generates multi-dimensional profiles for various threat entities. This empowers security experts with powerful insights into various threats during potential attacks.

Performance of Human-Machine Intelligence Collaboration

On 11.11 every year, Alibaba Cloud faces billions of attacks from different countries around the world. During this year's 11.11 Shopping Festival, excluding the traffic generated by hacker attacks, the peak workload of processing was 544,000 transactions per second, and the daily data processing volume was 970 PB. Alibaba Cloud had to provide a solution that is capable of handling massive workloads for stability, and at the same time, analyzing and filtering all data flowing into the system for security.

Even when facing with such a huge amount of data, the collaboration between human experience and machine intelligence formed intelligent agents that mounted a successful defense of this year's 11.11. This year, we have recorded the following performance:

  • The cloud platform automatically identified and intercepted 6 billion attacks from 184 countries or regions. It promptly responded to any security incidents and controlled and eliminated risks without affecting business stability.
  • The intelligent agents intercepted 4.73 million attacks from 17 patterns and 29 thousand malicious IP addresses, and analyzed more than 283.6 billion behavior records in real time for Alibaba on 11.11.

    • The cloud platform supported a peak traffic of 10 Tbit/s and successfully defended against 1,917 DDoS attacks with a peak attack traffic of 223 Gbit/s. The cloud-native anti-DDoS services solution supports the dual-stack traffic of IPv4 and IPv6.
  • The intelligent agents provided comprehensive protection for more than 100 11.11 activities inside and outside China on the Alibaba Cloud official website. They analyzed and processed 20 million business requests, and provided 200 million risk identification services for more than 400 customers of Alibaba Cloud to protect customer security.
  • The intelligent system guarded 33 Alibaba Cloud customers who participated in the shopping festival. It inspected configurations in advance to avoid risks, performed active monitoring and alerting for 20 times, responded to 5 emergencies, and ensured that the customers' activities were smoothly and successfully completed when the queries per second (QPS) was four times the usual value.

Security Attack vs. Defense: An Endless Battle of Intelligence

As mentioned earlier, intelligent agents generated by the security intelligence kernel can proactively defend against threats, just as what security experts would normally do. By far, Alibaba Cloud's security team has created thousands of intelligent models and has set up thousands of intelligent agents by leveraging technologies such as batch computing, stream computing, and graph computing. These are all incorporated into the overall security defense system of Alibaba Cloud, working closely with security experts to form a solid line of security defense.

According to our experience, we know that the security battle is not just a confrontation between people or between machines, but rather a confrontation of knowledge between intelligent agents, which comprise of both human and machine intelligence. Attackers will always look for opportunities to exploit vulnerabilities, and defenders will always find ways to defend and intercept attacks through proactive detection and extensive research. At the end of the day, the winner of this battle is ultimately decided by the party that leverages the most resources, be it human or otherwise.

0 0 0
Share on

Alibaba Cloud Security

32 posts | 15 followers

You may also like

Comments

Alibaba Cloud Security

32 posts | 15 followers

Related Products