NETSCOUT Uses Machine Learning to Help Thwart DDoS Attacks
NETSCOUT Systems this week revealed it is dynamically applying machine learning algorithms to combat distributed denial-of-service (DDoS) attacks.
Tom Bienkowski, director of product marketing for NETSCOUT, said the latest iteration of the Arbor Edge Defense (AED) platform is installed in enterprises alongside firewalls and other cybersecurity infrastructure that monitors for signs of DDoS attacks. These attacks have become more sophisticated as cybercriminals adjust to probe for weaknesses in defenses.
Historically, cybercriminals launched DDoS attacks and hoped for the best. Now they are monitoring the effectiveness of those attacks to enable them to adjust tactics and techniques based on the strength of defenses encountered, he noted. Many of these attacks are being launched after extensive reconnaissance efforts identified specific weaknesses, added Bienkowski.
The machine learning algorithms NETSCOUT added analyze inbound and outbound network packets to detect those shifts and surface mitigation recommendations in real-time. Armed with those insights, it becomes possible for cybersecurity teams to either remediate a vulnerability that is being exploited or shore up some other elements of the cybersecurity defenses in place.
NETSCOUT already maintains an Atlas cybersecurity sensor network that spans more than 500 internet service providers (ISPs) that enable it to analyze 400 Tbps of network traffic emanating from 93 countries. Analyzing this data, NETSCOUT’s security research and DDoS attack mitigation team, ASERT, has helped train the machine learning models now integrated into AED to detect and stop attacks automatically.
More than 10 million DDoS attacks are regularly launched today, many by activists looking to advance a cause by crippling the internet services of an entire country or a single organization that they perceive to be on the wrong side of an issue.
In addition, some of the entities that launch these types of attacks are now hiring out their services to any interested party, so it’s more common for cybercriminals to employ a DDoS attack as a diversion to prevent cybersecurity teams from detecting a more targeted attack.
DDoS attacks are a fairly blunt instrument, but as they become easier to launch, organizations are finding they now have to devote significant resources to defend against them. Doing so pulls limited resources away from other attack vectors that need to be defended. In effect, defending against DDoS attacks—just like every other type of cyberattack—has become a game of cat and mouse that pits one set of machines against another. The challenge is cybercriminals seem to have access to virtually unlimited resources compared to enterprise IT organizations that are constantly making economic tradeoffs between cybersecurity defense tactics.
Hopefully, there will come a day when ISPs and telecommunications carriers will be able to do more to prevent DDoS attacks. In the meantime, machine learning algorithms and other forms of artificial intelligence (AI) are, at the very least, starting to level what today is a very uneven playing field.
