Why Game Studios Face Rising DDoS Threats and How to Build Resilient Defenses

Background and Attack Trends

The 2017 Game Industry DDoS Situation Report shows China accounts for 84.79% of global DDoS attacks, with large‑scale attacks (>100 Gbps) increasing year over year. Poker games suffer the most, representing 57% of >100 Gbps attacks. In April 2022, Tencent Cloud mitigated a 1.23 TB attack, highlighting the growing severity of threats.

Typical Game Risk Scenarios

Game security risks stem from two dimensions: business attributes and technical/deployment architecture.

Business Attributes

Game type: MOBA, MMO, and especially locally‑focused poker games have distinct exposure patterns; poker games are often targeted with DDoS to disrupt competitors.

Lifecycle stage: New releases are most vulnerable; early‑stage attacks can cripple reputation and user acquisition.

Latency requirements: Defense must not degrade player experience. MOBA/MMO benefit from BGP lines, while poker can combine BGP with multi‑carrier (三网) resources.

Attack type: Predominantly reflective UDP attacks, including Memcached amplification (up to 50 k×). Attack duration and frequency can indicate intent.

Attack size: 87.1% of attacks are <50 Gbps, 51.2% <10 Gbps, but occasional >100 Gbps spikes demand flexible capacity.

Technical and Deployment Architecture

Typical game flow: Players download assets via CDN, authenticate via a domain name, then connect to game servers. Exposed public services include CDN, DNS, login gateways, and game server entry points.

IP replaceability: Ability to switch IPs enables “hit‑and‑run” defense; without it, bandwidth must absorb the attack before cleaning.

Multi‑region deployment: Distributing services across regions improves resilience and player latency.

Protection Strategy Summary

A layered defense model is recommended:

Design stage: Use replaceable public IPs or domain‑based access, and enable multi‑region deployment.

Deployment stage: Limit the number of publicly exposed services, allocate dedicated protection resources per game type, and consider latency‑aware routing.

Attack response: Adjust baseline and elastic protection capacities based on attack frequency; employ high‑capacity bandwidth for large attacks and flexible IP scheduling for mitigation.

Advanced measures: Implement custom security policies for known attack signatures, CC (challenge‑response) protection, empty‑connection filtering, and watermarking to differentiate legitimate game traffic.

Cloud‑Based Defense Solutions

Tencent Cloud’s next‑generation DDoS protection offers:

Protected domains: Intelligent DNS resolution that prefers BGP lines and falls back to multi‑carrier routes when under attack.

High‑Protection IP (BGP): Front‑ends traffic to game servers, supporting both cloud and on‑premise back‑ends.

High‑Protection Packages: Single‑IP or multi‑IP packages that add a protective layer without changing existing service IPs.

Advanced security policies: Targeted packet filtering based on attack characteristics.

CC protection: Custom detection and handling rules, with an emergency mode for stricter filtering.

Empty‑connection protection: Delays establishing server connections until a valid payload is received.

Watermark protection: Embeds dynamic tags in traffic to verify legitimate game flows, achieving near‑100% CC mitigation.

Specific Recommendations by Game Type

MOBA/MMO

Use BGP high‑protection packages for all public services; new games may start with BGP high‑protection IPs and upgrade to packages if a black‑hole occurs.

Poker

Adopt a multi‑layered scheme: BGP high‑protection IP for normal traffic, multi‑carrier high‑protection as a fallback, custom packet filters for known attack signatures, and CC/empty‑connection/watermark defenses for persistent attacks.

By aligning protection resources with business attributes, latency constraints, and attack characteristics, game operators can achieve a cost‑effective, high‑availability architecture that withstands increasingly aggressive DDoS campaigns.