How Cloudflare Fights Back DDoS Attacks With AI

A DDoS attack is a type of cyber attack that aims to flood a How Cloudflare Fights  website or service with abnormal traffic , making it inaccessible to legitimate users. Imagine a horde of people trying to enter a store at the same time, crowding it and making it unusable for everyone.

What is the goal of a DDoS attack?

DDoS attacks aim to overwhelm the proper functioning of websites by overloading the server with bogus requests.

The attacker’s goal is to flood the website with so many requests that the server cannot handle them all. Users attempting to access the resources may experience slow or unavailable service.

Volumetric DDoS attacks target networks

With massive amounts of traffic and, given their scale, use botnets created from a militia of individual devices infected with malware. The bots are used to cause congestion with malicious traffic that takes over all available bandwidth.

How to spot a DDoS attack?
The initial symptom of an ongoing DDoS attack is a sudden gambling number data slowdown in the loading of web pages. However, even a traffic spike could cause a similar disruption, so it is best to proceed with caution by checking the source of the traffic and related information, for example, whether the traffic comes from the same geographic location, the same type of device or the same web browser and points to a single page.

HTTP/2 DDoS Attack

In late August 2023, Cloudflare systems began detecting anomalous HTTP attacks that gradually reached record sizes, peaking at over 201 million requests per second . This far exceeds the scale of the record attack seen in February (71 million requests per second).

What was concerning was the fact that cybercriminals managed to carry out this attack using a botnet of just 20,000 machines. The impact on traffic of websites protected by the CDN involved approximately 1% of requests.

HTTP/2 Protocol Vulnerability

These attacks were orchestrated by exploiting a vulnerability in the. HTTP/2 protocol that involves the rapid initiation and cancellation of streams. To do this, attackers establish a set of HTTP/2 connections and send requests immediately. Followed by improvements to measure engagement resets (RST_STREAM frames), which allows the server to. Be saturated without reaching the concurrent flow threshold.

DDoS Attacks and Artificial Intelligence

As attacks evolve to the point of becoming more sophisticated. Cloudflare works tirelessly to proactively identify new threats to ensure protection for websites protected by the CDN.

Hackers, in fact, exploit AI to automate and refine their snbd host attacks, making. Them more difficult to detect and counter. Cloudflare uses cutting-edge technologies to stay ahead of threats: in this direction it looks at the “ firewall for. AI ”, a tool that helps to promptly identify attacks based on artificial intelligence, in particular malicious. Attempts that affect generative models (LLM) for the provision of services.