Abstract
Denial of service (DoS) or distributed denial of service (DDoS) attacks based on bandwidth depletion remain a persistent network security threat and have always been an important issue for system administrators and researchers. Defence mechanisms proposed so far to defend against such attacks could not address the problem adequately and efficiently due to lack of quantitative approaches in modelling defence strategies against DoS/DDoS attacks. Game theory is a microeconomic and mathematical tool that provides a quantitative framework to model such attacks. A model based on game theory can act as a decision support system to the defender and augments its capabilities to take best decisions for maintaining an optimum level of network security round the clock against such attacks. Inspired by this, different DoS/DDoS scenarios, where game theory has been used to represent the strategic interaction between the attacker and a defender, are investigated. Based on the strategic interactions, a game theoretical defence mechanism is proposed to mitigate DoS/DDoS attacks. The proposed mechanism is based on two-player zero-sum game. It considers DoS/DDoS attack based on bandwidth depletion where an attacker wants to occupy maximum bandwidth of a link having a limited capacity. The attacker does so by flooding the network with unsolicited or malicious flows. The attacker has to decide an effective attack rate per flow. It has to choose an optimal size of botnet also for a cost-effective attack. It does trade-off analysis prior to attack. If its payoff or benefit obtained is less than the attack cost, it chooses to refrain from launching such a costlier DoS/DDoS attack. On the other hand, to set an upper bound on network traffic, the defender needs to set an optimum threshold per flow so that maximum attack flows are either dropped or redirected to a honeypot deployed in the network. Arbitrary setting of a threshold for flow rates can also cause a loss of legitimate flows. The defender chooses the optimum threshold value with precise estimation to minimize loss of legitimate flows. The defender also does trade-off analysis and sets the threshold in a way that can minimize the attacker’s payoff. This optimization problem is presented as a game between the attacker and defender. Action sets and objective functions of both players are defined. The network constrains are modelled and payoffs are calculated. The game converges to Nash equilibrium. The best course of actions is deduced from the Nash strategies. Results obtained by simulation and numerical calculations are in favour of the proposed game theoretical defence mechanism and strongly advocate the worthiness of using game theory to defend against DoS and DDoS attacks to strengthen network security.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Available at https://sourceforge.net/projects/loic0/.
Available at https://packetstormsecurity.com/distributed/tfn2k.tgz.
References
Zargar S T, Joshi J and Tipper D 2013 A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Communications Surveys and Tutorials 15: 2046–2069
Mircovik J and Reither P 2004 A taxonomy of DDoS attack and DDoS defense mechanism. ACM SIGCOMM Computer Communication Review 34: 39–53
Liu P, Zang W and Yu M 2005 Incentive-based modelling and inference of attacker intent, objectives, and strategies. ACM Transactions on Information and System Security (TISSEC) 8: 78–118
Manshaei M H, Zhu Q, Alpcan T, Basar T and Hubaux J P 2011 Game theory meets network security and privacy. ACM Computing Surveys 45: 25–25
Bedi H S, Roy S and Shiva S 2011 Game theory based defense mechanism against DDoS attacks on TCP/TCP IP friendly flow. In: Proceedings of the IEEE Symposium on Computational Intelligence in Cyber Security (CICS), pp. 129–136
Osborne M J 2004 An introduction to game theory. Oxford University Press, Inc. 198 Madison Avenue, New York, 10016 https:////www.oup-usa.org
Yaar A, Perrig A and Song D 2004 SIFF: Stateless Internet Flow Filter to mitigate DDoS flooding attack. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 130–143
Xu J and Lee W 2003 Sustaining availability of web services under distributed denial of service attack. IEEE Transactions on Computers 52(2): 195–208
He W, Xia C, Wang H, Zheng C and Ji Y 2008 A game theoretical attack defense model oriented to network security risk assessment. In: Proceedings of the International Conference on Computer Science and Software Engineering, pp. 498–504
Alpcan T and Sonja B 2011 Security games for vehicular networks. IEEE Transactions on Mobile Computing 10: 280–290
Zhu Q, Li H, Han Z and Basar T 2010 A stochastic game model for jamming in multi channel cognitive radio systems. In: IEEE Proceedings of the International Conference on Communications (ICC), pp. 1–6
Kiekintveld C, Lisý V and Píbil R 2015 Game theoretic foundations for the strategic use of honeypots in network security. In: Cyber Warfare. Cham: Springer, pp. 81–101
Durkota K, Kiekintveld C and Bosansky B 2015 Game theoretic algorithms for optimal network security hardening using attack graphs. In: Proceedings of the 14th International Conference on Autonomous Agents and Multiagent Systems (AAMAS), pp. 1773–1774
Garnaev A, Baykal-Gursoy M and Poor H V 2016 A game theoretic analysis of secret and reliable communication with active and passive adversarial modes. IEEE Transactions on Wireless Communications 15: 2155–2163 https://doi.org/10.1109/TWC.2015.2498934
Yang J, Kim I M and Kim D I 2013 Optimal cooperative jamming for multiuser broadcast channel with multiple eavesdroppers. IEEE Transactions on Wireless Communications 12: 2840–2852
Zhang N, Lu N, Cheng N, Mark J W and Shen X 2013 Cooperative spectrum access towards secure information transfer for CRNS. IEEE Journal on Selected Areas in Communications 31: 2453–2464
Zheng G, Choo L and Wong K 2011 Optimal cooperative jamming to enhance physical layer security using relays. IEEE Transactions on Signal Processing 59: 1317–1322
Paramasivan B, John M, Prakash V and Kaliappan M 2015 Development of a secure routing protocol using game theory in mobile ad hoc networks. Journal of Communication and Networks 17: 75–80
Abegunde J, Xio H and Spring J 2015 Resilient tit for tat (RTFT): a game solution for wireless misbehaviour. In: Proceedings of the International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 904–909
Prasad R, Constantinos D, Margaret M and Claffy K C 2003 Bandwidth estimation: metrics, measurement techniques, and tools. IEEE Network 17: 27–35
Antoniades D, Manos A, Papadogiannakis A, Evangelos P M and Constantine D 2006 Available bandwidth measurement as simple as running wget. In: Proceedings of the Passive and Active Measurement Conference (PAM), pp. 61–70
Moti G, Herzberg A and Gev Y 2014 Bandwidth distributed denial of service: attacks and defenses. IEEE Security and Privacy 12: 54–61
Mirkovic J and Terry B 2012 Teaching cyber security with DeterLab. IEEE Security and Privacy 10: 73–76 https://www.isi.deterlab.net/index.php3
Mirkovic J, Fahmy S, Reiher P and Roshan K T 2009 How to test DoS defenses. In: Proceedings of the Conference on Homeland Security (CATCH’09), Cybersecurity Applications and Technology, pp. 103–111
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kumar, B., Bhuyan, B. Using game theory to model DoS attack and defence. Sādhanā 44, 245 (2019). https://doi.org/10.1007/s12046-019-1228-4
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s12046-019-1228-4