During a distributed denial of service (DDoS) attack, an attacker overwhelms a domain-name server with traffic until it collapses. The traditional way of fending off an attack like this is to pile up bandwidth so the server under attack always has more than enough volume to handle what the attacker has released. But as hackers become capable of attacks with bigger and bigger data volumes, this is no longer feasible.
Since the target of DDoS attacks is a website’s IP address, Hanqing Wu, the chief security scientist at Alibaba Cloud, devised a defense mechanism through which one Web address can be translated into thousands of IP addresses. This “elastic security network” can quickly divert all benign traffic to a new IP address in the face of a DDoS attack. And by eliminating the need to pile up bandwidth, this system would greatly reduce the cost of keeping the Internet safe.
—Yiting Sun