By Shantanu Kaushik
Struggling with DDoS Attacks? Get Free Support Now! Contact Us >>
So far, we have discussed several types of DDoS attacks and how to counter them using Alibaba Cloud's industry-leading solutions. In this article, we will discuss Alibaba Cloud's Global Collaborative Protection, how GameShield works, and the best practices associated with it.
Let's discuss the Global DDoS Collaborative Protection from Alibaba Cloud:
Alibaba Cloud DDoS protection utilizes smart algorithms and technology to distribute denial of service attacks that incur massive traffic loads to global scrubbing centers that are nearest to the source of the DDoS attack. The Alibaba Cloud Anti-DDoS service uses Global Server Load Balancing (GSLB) and anycast to distribute this traffic.
This methodology filters out the malicious traffic to maximize the effectiveness of the solution and overcome the single-region bottleneck that could hinder the effectiveness of the protection service, to help with volumetric attacks.
Global distribution helps the Anti-DDoS protection service manage the computing power seamlessly. It enables a super-overlay of service that utilizes the power from multiple scrubbing centers to resolve a denial of service attack quickly and efficiently.
GameShield provides T-level protection against DDoS attacks in the gaming industry. It is an end-to-end solution to ward off flood attacks specific to the gaming industry. Let's take a look at the flow architecture it works with on the chart below:
GameShield uses edge devices that operate with the Alibaba Cloud Elastic Security Network. This network can be easily accessed using security SDKs to mitigate HTTP flood attacks and DDoS attacks. GameShield allows access to its security service using a local proxy server to allow gamers to access secure ports with the origin IP using a node group.
GameShield works with two modules that make up the entire system:
1. Game Security Gateway
It is used to decode protocols that enable the defense against HTTP flood attacks.
2. Distributed Anti-DDoS Nodes
These nodes are utilized to ward off DDoS attacks.
Flood attacks indicate the usage of HTTP(S). However, when it comes to the gaming industry, flood attacks do not follow the standard protocols of websites. These protocols are mostly proprietary and do not belong to a standard service operation. Alibaba Cloud introduced Game Security Gateway with its GameShield service to overcome this varied service scenario.
Let's take a look at how GameShield works with flood attacks on the chart below:
Game Security Gateway is an intelligent service that can decipher a genuine player and an attacker based on the TCP connection behavior and traffic analysis.
Some features associated with the Game Security Gateway are listed below:
While defending against DDoS attacks, Alibaba Cloud GameShield implements anti-DDoS nodes. This is unlike other DDoS solutions. Anti-DDoS Premium uses huge amounts of bandwidth to segregate network traffic and sends it to the nearest scrubbing center.
The Anti-DDoS nodes with GameShield work to slice and distribute the DDoS attacks, so they are not concentrated on a single point. GameShield isolates attackers from genuine users using data analytics through Alibaba Cloud SDK and dynamic scheduling. GameShield scales the Anti-DDoS nodes in and out and the Game Security Gateway instance efficiently.
Alibaba Cloud GameShield can handle CC attacks, such as forged TCP connection requests or malicious protocol packets, transmitted by attacker bots. GameShield enables a pre-SDK inclusion scenario using packet inspection that enables protection against CC attacks.
You can adjust the number of Game Security Gateway instances to prevent mass CC attacks. Increasing the number of instances allows the system to intercept more queries per second. Alibaba Cloud GameShield provides a blacklist and whitelist functionality, which can be implemented with a dedicated cluster of Game Security Gateways. Alibaba Cloud Machine Learning algorithms identify the attacker IPs and blacklist them. Similarly, if a region is blocked by the blacklist, you can add specific IP addresses or an IP address range to the whitelist to allow data transmission.
Alibaba Cloud GameShield offers an SDK for connection diagnosis. This SDK helps you diagnose slow networks or network latency issues. The network probing functionality can be implemented using manual or automatic probing based on requirements.
This monitoring SDK is self-sufficient and provides detailed reports for network diagnostics for one or multiple client systems. All of the collected monitoring data can be used for log analysis that uses the Alibaba Cloud Object Storage Service (OSS) to store data.
Based on the monitoring data and metrics, GameShield nodes can be configured for query management from a specific client to avoid network congestion or slowdowns.
Alibaba Cloud GameShield uses advanced AI-based learning techniques by enabling:
Alibaba Cloud GameShield incorporates encryption tunnels between SDKs and Game Security Gateways to accelerate traffic within the network. GameShield nodes are deployed over the entire network, and configuration is managed based on the collected SDK data.
The chart below depicts connectivity for GameShield:
A denial of service is a major concern today. Alibaba Cloud makes it feasible for enterprises of every scale to utilize its Anti-DDoS solutions for better business productivity and continuity. Anti-DDoS Premium, Origin, Basic, and GameShield want to ward off the DDoS evil.
Alibaba Cloud support provides another layer of trust. These solutions are state-of-the-art and provide high-end security and compliance standards.
Data Lake Analytics (DLA): An Interactive Analytics Service That Utilizes Serverless Architecture
2,599 posts | 762 followers
FollowAlibaba Clouder - January 20, 2021
Alibaba Clouder - January 20, 2021
Alibaba Clouder - January 20, 2021
Alibaba Clouder - July 15, 2021
Alibaba Clouder - December 23, 2020
Alibaba Clouder - January 13, 2021
2,599 posts | 762 followers
FollowRespond to sudden traffic spikes and minimize response time with Server Load Balancer
Learn MoreA platform that provides enterprise-level data modeling services based on machine learning algorithms to quickly meet your needs for data-driven operations.
Learn MoreThis technology can be used to predict the spread of COVID-19 and help decision makers evaluate the impact of various prevention and control measures on the development of the epidemic.
Learn MoreExplore Web Hosting solutions that can power your personal website or empower your online business.
Learn MoreMore Posts by Alibaba Clouder