The recent developments in DDoS attacks have been unnervingly rapid, not to mention scarily effective. It seems every time mitigation efforts adjust to a new attack type or innovation, something else comes along that upends what security professionals think they know and have prepared for.
Once in a great while, however, the rumblings and rumors about a new threat get a little overblown. That would appear to be the case currently as warnings about artificial intelligence being put to work in DDoS attacks are beginning to emerge. AI in DDoS is definitely primed to be a problem, but is it one you need to be worried about right now?
The situation isn’t quite what the scary headlines might have you believe.
A bad enough problem
There probably isn’t anyone out there thinking if AI isn’t a big problem in DDoS just yet, we can relax because as too many businesses and websites have learned first-hand, distributed denial of service attacks are bad enough as is.
These attacks can be sophisticated strategy attacks aimed at the application layer or bandwidth bruisers aimed at the network layer or even both if an attacker is suitably motivated and has the resources. While attacks coming from DDoS for hire services tend to be short-burst, low-volume and a single attack vector, the ones coming from professional attackers are commonly multi-vector, switching between attack techniques in order to try and outsmart mitigation efforts. These are a huge pain, and without the best of the best mitigation services, they’re often successful.
Worse yet, this multi-vector mayhem is where AI theoretically comes in.
What AI in DDoS will look like
When a business is getting smashed by a sophisticated multi-vector attack, the security staff at that business or at their DDoS mitigation service at least get to know that for all the infected devices and computers being put to work in the attacking botnet, at the core of the attack there is a human being. One that gets bored or has other things to do or doesn’t have the skills to defeat the protection put in place against DDoS attacks.
This is the “problem” AI will eventually address for attackers. Using either supervised or unsupervised machine learning, AI will be able to figure out how to perpetrate these attacks, analyzing defense efforts and adjusting attack strategy to attempt to overcome those efforts. Unlike human attackers, AI isn’t going to shrug its shoulders and go eat dinner. It can go as long as an attacker wants it to go using sophisticated analysis and algorithms to put forth the most effective attack attempt possible.
Where we’re at with AI
The scenario described above is a bleak DDoS future indeed, and it may very well be the near future. However, currently artificial intelligence technology is simply too expensive to be put to use in DDoS attacks, a point especially important as DDoS attacks are generally beloved by attackers for their low cost. It likely will not be a significant DDoS threat until AI is at the point where it has been fully commodified and is available as a more reasonably priced technology. At this time, AI will also be used widely by leading DDoS protection services, so instead of attackers and protectors going mano a mano (with both sides aided hugely by their automated technology), it will be AI vs. AI. A much fairer fight.
This doesn’t mean that AI isn’t already affecting the cybersecurity landscape. Both hackers and cybersecurity firms are already putting the technology to use, and on the attacking side it’s been proven useful in bypassing antivirus programs, social engineering attacks like phishing, and in data mining.
So, for the time being you can stop imagining your business being hugely damaged by a relentless DDoS attacking robot powered by unsupervised machine learning, and go back to picturing it being hugely damaged by a 20-year-old with an army of IoT devices and a brand new amplification method. Nobody said there wouldn’t be bad news here. Unless you have leading DDoS protection, and then it can at least be neutral news.