Google wants to stop DDoS attacks using machine learning

(Image credit: Shutterstock)

Google has rolled out a public preview of a new protection service powered by machine learning (ML (opens in new tab)) to help businesses shield their Google Cloud (opens in new tab) applications and services from DDoS attacks (opens in new tab)

Dubbed Google Cloud Armor Adaptive Protection, the rollout is part of Google’s DDoS defense and web application firewall (WAF) (opens in new tab) service, which enables Google’s customers to leverage the same technology Google uses to protect itself, according to reports.

Emil Kiner, a product manager for Google's Cloud Armor, told ZDNet that the new protection service uses ML models to analyze signals across web services to detect potential attacks. 

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window (opens in new tab) <<

"We have been building and maturing this technology with internal and external design partners and testers over the last few years," noted Kiner, adding that the technology is adept in detecting high volume application-layer DDoS attacks against web apps and services.

Spotting abnormal traffic

According to Google, Armor Adaptive Protection can help businesses spot abnormal traffic and take corrective action.

Kiner noted that while Level 3 and Level 4 attacks can be halted on Google's edge network, Level 7 attacks rely on legitimate web requests originating from compromised devices that have been tied into a botnet to bombard websites with an overwhelming volume of traffic.

"Adaptive Protection quickly identifies and analyzes suspicious traffic patterns and provides customized, narrowly tailored rules that mitigate ongoing attacks in near-real-time," explained Kiner.

Google notes that the service trains itself for at least an hour to establish a reliable baseline before it begins monitoring traffic. 

“When the training period is over, you receive real-time alerts when Adaptive Protection identifies high frequency or high volume anomalies in the traffic directed to any of the backend services associated with that security policy,” explains Google (opens in new tab).

Via ZDNet (opens in new tab)

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.