A Game-Theoretical Approach for Finding Optimal Strategies in a Botnet Defense Model

  • Alain Bensoussan
  • Murat Kantarcioglu
  • SingRu(Celine) Hoe
Conference paper

DOI: 10.1007/978-3-642-17197-0_9

Part of the Lecture Notes in Computer Science book series (LNCS, volume 6442)
Cite this paper as:
Bensoussan A., Kantarcioglu M., Hoe S. (2010) A Game-Theoretical Approach for Finding Optimal Strategies in a Botnet Defense Model. In: Alpcan T., Buttyán L., Baras J.S. (eds) Decision and Game Theory for Security. GameSec 2010. Lecture Notes in Computer Science, vol 6442. Springer, Berlin, Heidelberg

Abstract

Botnets are networks of computers infected with malicious programs that allow cybercriminals/botnet herders to control the infected machines remotely without the user’s knowledge. In many cases, botnet herders are motivated by economic incentives and try to significantly profit from illegal botnet activity while causing significant economic damage to society. To analyze the economic aspects of botnet activity and suggest feasible defensive strategies, we provide a comprehensive game theoretical framework that models the interaction between the botnet herder and the defender group (network/computer users). In our framework, a botnet herder’s goal is to intensify his intrusion in a network of computers for pursuing economic profits whereas the defender group’s goal is to defend botnet herder’s intrusion. The percentage of infected computers in the network evolves according to a modified SIS (susceptible-infectious-susceptible) epidemic model. For a given level of network defense, we define the strategy of the botnet herder as the solution of a control problem and obtain the optimal strategy as a feedback on the rate of infection. In addition, using a differential game model, we obtain two possible closed-loop Nash equilibrium solutions. They depend on the effectiveness of available defense strategies and control/strategy switching thresholds, specified as rates of infection. The two equilibria are either (1) the defender group defends at maximum level while the botnet herder exerts an intermediate constant intensity attack effort or (2) the defender group applies an intermediate constant intensity defense effort while the botnet herder attacks at full power.

Keywords

Botnet Defense Differential Game Nash Equilibrium 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Alain Bensoussan
    • 1
    • 2
  • Murat Kantarcioglu
    • 1
  • SingRu(Celine) Hoe
    • 1
  1. 1.University of Texas at DallasUSA
  2. 2.The Hong Kong Polytechnic UniversityHK

Personalised recommendations