Skip to main content
SpringerLink
Log in

Game Theoretical Defense Mechanism Against Bandwidth Based DDoS Attacks

  • Conference paper
  • First Online:
Proceedings of the International Conference on Computing and Communication Systems

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 170))

Abstract

DDoS attacks deplete network bandwidth and render the services unavailable to normal users. In spite of various qualitative and rule based defense mechanisms, the threat persists continuously because such mechanisms do not capture the incentive oriented attacker’s intentions. Game theory promises to provide incentive based decision support system to defend against such attacks. The current work proposes a defense mechanism designed as two player zero sum finite horizon repeated game where decisions to allow or drop an incoming traffic at edge router are taken based on a flow-rate threshold. The flow-rate threshold is dynamically adjusted and updated based on maximum payoff obtained by the defender at a particular stage of the game. Payoff is computed by quantifying network conditions and parameters. The normal and attack traffic are modelled using normal and poisson distribution functions respectively. Using these functions, drop and pass probabilities of flows are computed. Further, costs and benefits in respect of the attacker and defender are computed based on the bandwidth utilized by the flows. Subsequently, payoff functions are designed for attacker and defender. Payoff functions are optimized to construct baseline optimal strategies. Nash Equilibrium is obtained using numerical computations which suggests an optimal flow-rate threshold to be set by the defender to secure the network against DDoS attacks round the clock.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Stephen J (2001) The changing face of distributed denial of service mitigation. Available via SANS Institute. https://www.sans.org/reading-room/whitepapers/threats/changing-face-distributed-denial-service-mitigation-462. Accessed 14 Feb 2020

    Google Scholar 

  2. Langner R (2011) Stuxnet: Dissecting a cyberwarfare weapon. IEEE Security & Privacy 9(3):49–51. https://doi.org/10.1109/MSP.2011.67

    Article  Google Scholar 

  3. Corp Symantec (2017) Symanatec internet security threat report, vol 22. https://docs.broadcom.com/doc/istr-22-2017-enAccessed 14 Feb 2020

  4. Innab N, Alamri A (2018) The impact of DDoS on e-commerce. In: IEEE 21st Saudi computer society national computer conference (NCC), Riyadh, Saudi Arabia, 25-26 Apr 2018, pp 1–4. https://doi.org/10.1109/NCG.2018.8593125

  5. Said N B, Biondi F, Bontchev V et al (2018) Detection of Mirai by syntactic and behavioral analysis. In: IEEE 29th international symposium on software reliability engineering (ISSRE), Memphis, TN, USA, 15–18 Oct 2018, pp 224–235. https://doi.org/10.1109/ISSRE.2018.00032

  6. Garg K, Chawla R (2011) Detection of DDoS attacks using data mining. Int J Comput Bus Res (IJCBR) 2(1)

    Google Scholar 

  7. Jaikumar P, Kak AC (2015) A graph-theoretic framework for isolating botnets in a network. Secur Commun Netw 8(16):2605–2623. https://doi.org/10.1002/sec.500

    Article  Google Scholar 

  8. Singh S, Gyanchandani M (2010) Analysis of botnet behavior using queuing theory. Int J Comput Sci Commun 1(2):239-241. Available http://csjournals.com/IJCSC/PDF1-2/49.pdf. Accessed 07 Feb 2020

    Google Scholar 

  9. Zhang B, Zhang T, Yu Z (2017) DDoS detection and prevention based on artificial intelligence techniques. In: 3rd IEEE Int Conf on Computer and Communications (ICCC). p 1276-1280. https://doi.org/10.1109/CompComm.2017.8322748

  10. He Z, Zhang T, Lee R B (2017) Machine learning based DDoS attack detection from source side in cloud. In: 4th international conference on cyber security and cloud computing (CSCloud), pp 114–120. https://doi.org/10.1109/CSCloud.2017.58

  11. Bedi HS, Roy S, Shiva S (2011) Game theory based defense mechanism against DDoS attacks on TCP/TCP IP friendly flow. In: Proceedings of computational intelligence in cyber security (CICS), IEEE Symposium, pp 129–136. https://doi.org/10.1109/CICYBS.2011.5949407

  12. Wu Q, Shiva S, Roy S et al (2010) On modeling and simulation of game theory-based defense mechanisms against DoS and DDoS attacks. In: Proceedings of 2010 spring simulation multiconference, pp 1–8. https://doi.org/10.1145/1878537.1878703

  13. Liu P, Zang W, Yu M (2005) Incentive based modelling and inference of attacker intent, objectives, and strategies. ACM Trans Inf Syst Secur (TISSEC) 8(1):78–118. https://doi.org/10.1145/1053283.1053288

    Article  Google Scholar 

  14. Kumar B, Bhuyan B (2019) Using game theory to model DoS attack and defence. Sadhana 44(12):245. https://doi.org/10.1007/s12046-019-1228-4

    Article  MathSciNet  Google Scholar 

  15. Osborne MJ (2004) An introduction to game theory. Oxford University Press, London. ISBN 978-0-19-808610-9

    Google Scholar 

  16. Zheng G, Choo L, Wong K (2011) Optimal cooperative jamming to enhance physical layer security using relays. IEEE Trans Sig Process 59(3):1317–1322. https://doi.org/10.1109/TSP.2010.2092774

    Article  MathSciNet  MATH  Google Scholar 

  17. Yang J, Kim IM, Kim DI (2013) Optimal cooperative jamming for multiuser broadcast channel with multiple eavesdroppers. IEEE Trans Wirel Commun 12(6):2840–2852. https://doi.org/10.1109/TWC.2013.040413.120972

    Article  Google Scholar 

  18. Zhang N, Lu N, Cheng N et al (2013) Cooperative spectrum access towards secure information transfer for CRNS. IEEE J Sel Areas Commun 31(11):2453–2464. https://doi.org/10.1109/JSAC.2013.131130

    Article  Google Scholar 

  19. Manshaei MH, Zhu Q, Alpcan T et al (2011) Game theory meets network security and privacy. ACM Comput Surv 45(3). https://doi.org/10.1145/2480741.2480742

  20. Prasad R, Constantinos D, Margaret M et al (2003) Bandwidth estimation: metrics, measurement techniques, and tools. IEEE Netw 17(6):27–35. https://doi.org/10.1109/MNET.2003.1248658

    Article  Google Scholar 

  21. Antoniades D, Manos A, Papadogiannakis A et al (2006) Available bandwidth measurement as simple as running wget. In: Proceedings of 7th international conference on passive and active measurements (PAM), Adelaide, Australia, 30–31 March 2006, pp 61–70

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Technology, North Eastern Hill University, Umshing Mawkynroh, Shillong, Meghalaya, 793002, India

    Bhupender Kumar & Bubu Bhuyan

Authors
  1. Bhupender Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bubu Bhuyan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bhupender Kumar .

Editor information

Editors and Affiliations

  1. Department of Information Technology, North-Eastern Hill University, Shillong, Meghalaya, India

    Arnab Kumar Maji

  2. Department of Information Technology, North-Eastern Hill University, Shillong, Meghalaya, India

    Goutam Saha

  3. Department of Information Technology, North-Eastern Hill University, Shillong, Meghalaya, India

    Sufal Das

  4. Department of Computer Science and Engineering, Jadavpur University, Kolkata, West Bengal, India

    Subhadip Basu

  5. Departamento de Engenharia Mecânica, Faculdade de Engenharia, Universidade do Porto, Porto, Portugal

    João Manuel R. S. Tavares

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kumar, B., Bhuyan, B. (2021). Game Theoretical Defense Mechanism Against Bandwidth Based DDoS Attacks. In: Maji, A.K., Saha, G., Das, S., Basu, S., Tavares, J.M.R.S. (eds) Proceedings of the International Conference on Computing and Communication Systems. Lecture Notes in Networks and Systems, vol 170. Springer, Singapore. https://doi.org/10.1007/978-981-33-4084-8_58

Download citation

Publish with us

Policies and ethics

Search

Navigation