Skip to main content

Google wants to stop DDoS attacks using machine learning

Ransomware
(Image credit: Shutterstock)

Google has rolled out a public preview of a new protection service powered by machine learning (ML) to help businesses shield their Google Cloud applications and services from DDoS attacks

Dubbed Google Cloud Armor Adaptive Protection, the rollout is part of Google’s DDoS defense and web application firewall (WAF) service, which enables Google’s customers to leverage the same technology Google uses to protect itself, according to reports.

Emil Kiner, a product manager for Google's Cloud Armor, told ZDNet that the new protection service uses ML models to analyze signals across web services to detect potential attacks. 

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window <<

"We have been building and maturing this technology with internal and external design partners and testers over the last few years," noted Kiner, adding that the technology is adept in detecting high volume application-layer DDoS attacks against web apps and services.

Spotting abnormal traffic

According to Google, Armor Adaptive Protection can help businesses spot abnormal traffic and take corrective action.

Kiner noted that while Level 3 and Level 4 attacks can be halted on Google's edge network, Level 7 attacks rely on legitimate web requests originating from compromised devices that have been tied into a botnet to bombard websites with an overwhelming volume of traffic.

"Adaptive Protection quickly identifies and analyzes suspicious traffic patterns and provides customized, narrowly tailored rules that mitigate ongoing attacks in near-real-time," explained Kiner.

Google notes that the service trains itself for at least an hour to establish a reliable baseline before it begins monitoring traffic. 

“When the training period is over, you receive real-time alerts when Adaptive Protection identifies high frequency or high volume anomalies in the traffic directed to any of the backend services associated with that security policy,” explains Google.

Via ZDNet

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.