Warding off DDoS Attacks with Anti-DDoS — Part 4: Global DDoS Collaborative Protection and GameShield
By Shantanu Kaushik
Struggling with DDoS Attacks? Get Free Support Now! Contact Us >>
So far, we have discussed several types of DDoS attacks and how to counter them using Alibaba Cloud’s industry-leading solutions. In this article, we will discuss Alibaba Cloud’s Global Collaborative Protection, how GameShield works, and the best practices associated with it.
Let’s discuss the Global DDoS Collaborative Protection from Alibaba Cloud:
Alibaba Cloud DDoS protection utilizes smart algorithms and technology to distribute denial of service attacks that incur massive traffic loads to global scrubbing centers that are nearest to the source of the DDoS attack. The Alibaba Cloud Anti-DDoS service uses Global Server Load Balancing (GSLB) and anycast to distribute this traffic.
This methodology filters out the malicious traffic to maximize the effectiveness of the solution and overcome the single-region bottleneck that could hinder the effectiveness of the protection service, to help with volumetric attacks.
Global distribution helps the Anti-DDoS protection service manage the computing power seamlessly. It enables a super-overlay of service that utilizes the power from multiple scrubbing centers to resolve a denial of service attack quickly and efficiently.
GameShield | Alibaba Cloud
GameShield provides T-level protection against DDoS attacks in the gaming industry. It is an end-to-end solution to ward off flood attacks specific to the gaming industry. Let’s take a look at the flow architecture it works with on the chart below:
Features and Usage
How does GameShield operate?
GameShield uses edge devices that operate with the Alibaba Cloud Elastic Security Network. This network can be easily accessed using security SDKs to mitigate HTTP flood attacks and DDoS attacks. GameShield allows access to its security service using a local proxy server to allow gamers to access secure ports with the origin IP using a node group.
GameShield works with two modules that make up the entire system:
1. Game Security Gateway
It is used to decode protocols that enable the defense against HTTP flood attacks.
2. Distributed Anti-DDoS Nodes
These nodes are utilized to ward off DDoS attacks.
Flood attacks indicate the usage of HTTP(S). However, when it comes to the gaming industry, flood attacks do not follow the standard protocols of websites. These protocols are mostly proprietary and do not belong to a standard service operation. Alibaba Cloud introduced Game Security Gateway with its GameShield service to overcome this varied service scenario.
Let’s take a look at how GameShield works with flood attacks on the chart below:
Game Security Gateway
Game Security Gateway is an intelligent service that can decipher a genuine player and an attacker based on the TCP connection behavior and traffic analysis.
Some features associated with the Game Security Gateway are listed below:
- Supports Big Data — Data Analytics
- Detects invalid protocols
- Distinguishes between attackers and genuine users
- Region-based filtering using blacklist and whitelist parameters
- Supports encrypted communication link with Alibaba Cloud’s security SDKs and other SDKs
- Supports dynamic strategy management based on collected metrics and traffic data
While defending against DDoS attacks, Alibaba Cloud GameShield implements anti-DDoS nodes. This is unlike other DDoS solutions. Anti-DDoS Premium uses huge amounts of bandwidth to segregate network traffic and sends it to the nearest scrubbing center.
The Anti-DDoS nodes with GameShield work to slice and distribute the DDoS attacks, so they are not concentrated on a single point. GameShield isolates attackers from genuine users using data analytics through Alibaba Cloud SDK and dynamic scheduling. GameShield scales the Anti-DDoS nodes in and out and the Game Security Gateway instance efficiently.
Alibaba Cloud GameShield can handle CC attacks, such as forged TCP connection requests or malicious protocol packets, transmitted by attacker bots. GameShield enables a pre-SDK inclusion scenario using packet inspection that enables protection against CC attacks.
You can adjust the number of Game Security Gateway instances to prevent mass CC attacks. Increasing the number of instances allows the system to intercept more queries per second. Alibaba Cloud GameShield provides a blacklist and whitelist functionality, which can be implemented with a dedicated cluster of Game Security Gateways. Alibaba Cloud Machine Learning algorithms identify the attacker IPs and blacklist them. Similarly, if a region is blocked by the blacklist, you can add specific IP addresses or an IP address range to the whitelist to allow data transmission.
Alibaba Cloud GameShield offers an SDK for connection diagnosis. This SDK helps you diagnose slow networks or network latency issues. The network probing functionality can be implemented using manual or automatic probing based on requirements.
This monitoring SDK is self-sufficient and provides detailed reports for network diagnostics for one or multiple client systems. All of the collected monitoring data can be used for log analysis that uses the Alibaba Cloud Object Storage Service (OSS) to store data.
Based on the monitoring data and metrics, GameShield nodes can be configured for query management from a specific client to avoid network congestion or slowdowns.
Alibaba Cloud GameShield uses advanced AI-based learning techniques by enabling:
- Packer Behavior
- Environment Monitoring
- Device Fingerprints
Alibaba Cloud GameShield incorporates encryption tunnels between SDKs and Game Security Gateways to accelerate traffic within the network. GameShield nodes are deployed over the entire network, and configuration is managed based on the collected SDK data.
The chart below depicts connectivity for GameShield:
A denial of service is a major concern today. Alibaba Cloud makes it feasible for enterprises of every scale to utilize its Anti-DDoS solutions for better business productivity and continuity. Anti-DDoS Premium, Origin, Basic, and GameShield want to ward off the DDoS evil.
- IDaaS — How Identity as a Service Works
- Better Operations and Maintenance With Bastionhost