In this session at M3AAWG’s 53rd general meeting October 2021, Johnathan Azaria describes the usage of machine learning to create better security configuration for DDoS protection
Finding the best security configuration is crucial - If set correctly, it provides maximum security with minimal risk by balancing between the false positives and false negatives. However, because domain experts often need to manually work on each security configuration, this process can't be scaled.
Azaria describes how his organization’s DDoS security service protects thousands of IP ranges and hundreds of thousands sites, each with its own unique security configuration. At first, these security configurations were set manually by domain experts, which resulted in a perfect configuration, but was limited in scale because it required human labor. As the organization grew, this approach no longer scaled effectively. To overcome this limitation, reduce the expert's workload and support an unlimited number of customers, Azaria described using an algorithm that will predict the best configuration for each customer.
How can we create an algorithm that works as well as the experts do? Azaria discussed training an algorithm to mimic a human expert by using artificial intelligence, while dealing with many obstacles along the way.
In the session Azaria presented the whole process of training a machine learning model: how to spot a problem that can be solved by machine learning, explaining the algorithm and data he used, dealing with challenges along the way, and describing the continuous interaction between security experts and data scientists during the development process.