Layer 8 DDOS and AI
The concept of a Layer 8 DDOS is based on the “OSI Model”. Traditionally, DDoS or DOS attacks are aimed at specific layers within the OSI model with the goal of consuming all available resources. Taking some creative liberty here, “Layer 8” refers to the person behind the computer.
Suppose you have a ticketing system which receives support requests from users. With widespread access to AI, it is feasible to overload a ticketing system with questionably genuine support requests. The result is an overload of requests, which block human operators from processing “real” tickets.
Aside from the evilness of the act, how would a company even set up safeguards for such an “attack”? They would need to discern whether the person creating the data is a bot or not.
What initially comes to mind are some basic heuristics which could filter out certain tickets. However, I’m not entirely sure heuristics would hold strong enough to deter a bad actor from actively breaking them.
Citations
Ferrara, Emilio et al. “The rise of social bots.” Communications of the ACM 59 (2014): 96 - 104.
Liu, Fang and Ness B. Shroff. “Data Poisoning Attacks on Stochastic Bandits.” ArXiv abs/1905.06494 (2019): n. pag.
Wang, Yizhen and Kamalika Chaudhuri. “Data Poisoning Attacks against Online Learning.” ArXiv abs/1808.08994 (2018): n. pag.