At 19:30 on December 13-14, the 2017 Alibaba Double 11 Technology Lectures co-sponsored by Alibaba Technology Association and Cloud Computing Community and exclusively live broadcast will come strongly. This Double 11 online technology forum will focus on a deeper level of science and technology, fully show the new black technology under the change of The Times, take you to understand the technology behind the 2017 Alibaba Double 11 in detail, and provide you with the opportunity to communicate with front-line experts face-to-face learning. Cloud community live registration through train.
In the summit, senior technical experts iron openwork alibaba will share the topic “bully – seven layers under flow cleaning, alibaba group, the network layer of malicious flow cleaning products under the” bully “to mix all requests of CC attack, Web attack, crawler, brush single malicious traffic such as washing machines, to ensure business under over load operation of the safety system. Before this, the author conducted an exclusive interview with it, and discussed the concept characteristics, technology and functional framework of seven-layer flow cleaning as well as application cases.
Alibaba senior technical expert Tie Hua
Tie Hua joined Alibaba in 2006 and began to engage in security-related work in 2008. She is the founder and implementer of taobao’s earliest SDL, the main developer of Taobao’s first-generation Web security solution and development framework, and the founder of the secure static code scanning platform. All in Wireless was once responsible for the overall server team and overall technical business security of Laiwang Business Division, and was one of the main designers of the internal IM instant messaging cloud platform. At present, I am in charge of building security technology platform product system and basic security development in the Department of Security. I am focusing on the export construction of security technology platform products to China and Taiwan, the construction of infrastructure hegemony technology system and the guarantee of major activities of the group.
Overview of Traffic Cleaning
Traffic cleaning, namely, anti-malicious Network Traffic cleaning, which aims to remove the dross, save the essence, remove the false and save the true of all Network Traffic that accesses services through the Network layer to ensure that the Traffic reaches the service system and is free from external attacks and non-human Malicious Traffic. In service scenarios, traffic cleaning covers DDoS attack defense, CC attack defense, Web attack defense, batch machine behavior defense, service security/risk control, and network traffic limiting. Traditional traffic cleaning solutions deploy a large number of security products on the entire service link, but they also bring a series of problems, such as high deployment, maintenance and operation costs, weak defense capability, and data loss.
Malicious flow cleaning iron openwork said, compared to the existing platform, bully – seven layers under flow cleaning presents new features: the first is fine scene, the face is no longer a single technical points of attack but a complex link attack scenarios, so the corresponding defense platform also need similar scenarios for different abstract optimization; The second is the whole link data through, from the client to the network connection layer to the business layer all the data through an integrated analysis and algorithm modeling, can achieve the optimal effect; Then comes intelligence. The existing strategy models of the current platform begin to adjust intelligently and carry out automatic defense.
For DDoS, malicious vulnerability scanning and other common malicious traffic, the industry’s conventional response means are anti-ddos system, waF-like Web firewall, and some security companies provided by the box firewall products and so on. Alibaba in addition to these conventional means, but also through refined scene horizontal and horizontal data through intelligent processing, can effectively resist malicious attacks brought by black ash production in the network layer.
Latest Application Achievements
At present, Baxia-Seven layer traffic cleaning is responsible for all network layer traffic cleaning and guarantee work of Alibaba Group. On November 11, 2017, it handled a peak flow of 20 million QPS, ensuring that the purity of the flow to the core trading system was greater than 99.85%.
“This year’s Singles’ Day is the smoothest and most effective year in the past, which is definitely not the result of any single system or platform.” Tiehua believes that the security business is special, so good results must rely on the formation of effective linkage between online and offline, from end to business all aspects of the overall consideration, stable and reliable system level is indispensable.
Functional and technical interpretation
Thanks to the complex and rapidly developing business of Ali, it is extremely difficult and challenging to build the corresponding security system, which not only needs to meet the basic business premise, but also needs to think about the future judgment and achieve a balance among security, performance and user experience.
“For security analysis, we have a dedicated security threat modeling team that designs business logic for the technical points used by a product or business. For performance requirements, especially for critical links, we will complete safe computation and interception within the limits acceptable to the service, such as delay within 3ms and limited memory consumption. In terms of user experience, we will pay more attention to the accuracy of the policy model, and put forward high accuracy requirements for all policies. Once the monitoring finds that the accuracy is too low or abnormal, the automatic offline rules can be implemented.”
Bully – seven – layer flow cleaning functional architecture
future
As mentioned above, the use of AI in Alibaba’s security is also on the agenda. Although there is still a big gap between the future of artificial intelligence envisaged by the team, the product has begun to try intelligent application and develop towards artificial intelligence. The future of network security, I believe, will become the final confrontation between AI and security defense AI.
Tiehua finally said that in this double 11 online technology forum, he will introduce in detail how Alibaba’s main defense product platform bulk-7 flow cleaning design and solve the security problem, welcome interested partners to sign up and watch.