In 1999 two colonels in the People’s Liberation Army (PLA) published their treatise, “Unrestricted Warfare” which details asymmetric strategies for defeating opponents that have technological or numerical superiority over your own forces. Cyberwarfare is explicitly called out, identifying the internet and computers in general as a new, fifth domain of warfare (in addition to land, sea, air, and space). A key element of the strategy is to deploy methods of warfare that your opponent chooses not to use for policy, legal, or moral reasons. This creates an “asymmetry” in the engagement, with the advantage accruing to the side that is more “unrestricted.” Since 1999, we have seen huge increases in cyberwarfare activities by nation states against both commercial enterprises and other nation states.
The power of asymmetric strategies has been the subject of much analysis consequently. A simple but powerful modeling method for attrition warfare (a.k.a “damage races”) applied to the problem is based on Lanchester’s Laws (due to Frederick Lanchester). The basic model has two opposing forces, usually called the red force and the blue force. There are initial numbers of soldiers in each force, and each force is characterized by a ‘lethality coefficient’ indicating how readily one soldier is able to dispatch his opponents in a unit of time. The ratio of the two forces’ lethalities is called the ‘firepower ratio’. We have asymmetric warfare when the firepower ratio differs significantly from 1.0. Modeling proceeds from these initial conditions in discrete steps of time. As time goes by, the number of soldiers in each force declines due to lethality of the opponent. Eventually, one of the forces size is reduced to zero. Those guys are the losers. The winner is the last one standing, hence the term ‘damage race’. There are some variations involving reinforcements, and dynamic lethality based on innovation etc. but the basic model works fairly well. (The first panel in the graphic shows this situation with a smaller but much more powerful red force prevailing over blue).
In a DDoS scenario, the red force (attacker) enjoys a huge firepower ratio advantage because of amplification, reflection, and infection techniques. And, critical in the Layer 7 attack, only a few packets sent to a web server can cause vast amounts of memory, CPU, or network resources to be consumed in serving the request, making the firepower ratio climb to huge levels in favor of the attacker. So, you don’t really have a chance with typical defenses based on filtering. If a determined attacker sets their sites on your site, your site is going down.
Turn the Tables with Magnus. The only way to prevail in this scenario is to eliminate the asymmetric advantage of the attacker, and turn the tables in your favor. This is what Magnus does for you (this is shown in the second panel of the Lanchester scenarios). By engaging Layer 7 attackers in our protocol before delivering any content or allocating any resources to satisfy a request, the attacker’s bots are neutralized. In Lanchester terms, the bot is removed from the battlefield. Typically in less than one minute the entire attacking force is neutralized. This is a unique and powerful approach for protecting your digital assets from DDoS attacks.
