A Game-Theoretical Approach for Finding Optimal Strategies in a Botnet Defense Model

  • Alain Bensoussan
  • Murat Kantarcioglu
  • SingRu(Celine) Hoe
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6442)


Botnets are networks of computers infected with malicious programs that allow cybercriminals/botnet herders to control the infected machines remotely without the user’s knowledge. In many cases, botnet herders are motivated by economic incentives and try to significantly profit from illegal botnet activity while causing significant economic damage to society. To analyze the economic aspects of botnet activity and suggest feasible defensive strategies, we provide a comprehensive game theoretical framework that models the interaction between the botnet herder and the defender group (network/computer users). In our framework, a botnet herder’s goal is to intensify his intrusion in a network of computers for pursuing economic profits whereas the defender group’s goal is to defend botnet herder’s intrusion. The percentage of infected computers in the network evolves according to a modified SIS (susceptible-infectious-susceptible) epidemic model. For a given level of network defense, we define the strategy of the botnet herder as the solution of a control problem and obtain the optimal strategy as a feedback on the rate of infection. In addition, using a differential game model, we obtain two possible closed-loop Nash equilibrium solutions. They depend on the effectiveness of available defense strategies and control/strategy switching thresholds, specified as rates of infection. The two equilibria are either (1) the defender group defends at maximum level while the botnet herder exerts an intermediate constant intensity attack effort or (2) the defender group applies an intermediate constant intensity defense effort while the botnet herder attacks at full power.


Botnet Defense Differential Game Nash Equilibrium 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bensoussan, A., Kantarcioglu, M., Hoe, C.: Botnet Defense Under Uncertainty: A Stochastic Differential Game Approach, Working Paper, UT Dallas (2010)Google Scholar
  2. 2.
    Bensoussan, A., Kantarcioglu, M., Hoe, C.: A Game-Theoretical Approach for Finding Optimal Strategies in a Botnet Defense Model, Technical Report, UTDCS-14-10,
  3. 3.
    Dagon, D., Zou, C., Lee, W.: Modeling Botnet Propagation Using Time Zones. In: Proc. of the 13th Network and Distributed System Security Symposium NDSSGoogle Scholar
  4. 4.
    Cohen, F.: Computer Viruses Theory and Practice. Computer and Security 6, 22–35 (1987)CrossRefGoogle Scholar
  5. 5.
    Theodorakopoulos, G., Baras, J.S., Le Boudec, J.-Y.: Dynamic Network Security Deployment under Partial Information. In: Proc. of the 46th Annual Allerton Conference on Communication, Control, and Computing, pp. 261–267 (2008)Google Scholar
  6. 6.
    Grossklags, J., Christin, N., Chuang, J.: Security investment (failures) in five economic environments: A comparison of homogeneous and heterogeneous user agents. In: Proc. of the 7th Workshop on the Economics of Information Security (WEIS 2008) (2008)Google Scholar
  7. 7.
    Liu, J., Tang, Y., Yang, Z.R.: The Spread of Disease with Birth and Death on Networks. Journal of Statistical Mechanics: Theory and Experiment (2004)Google Scholar
  8. 8.
    Kephart, J.O., White, S.R.: Directed-Graph Epidemiological Models of Computer Viruses. In: Proc. of IEEE Symposium on Security and Provacy, pp. 343–361 (1991)Google Scholar
  9. 9.
    Lye, K.W., Wang, J.: Game Strategies in Network Securities. International Journal of Information Security 1(1-2), 71–86 (2005)CrossRefGoogle Scholar
  10. 10.
    Bloem, M., Aplcan, T., Basar, T.: Optimal and Robust Epidemic Response for Multiple Networks. IFAC Control Engineering Practice 17(5), 525–533 (2009)CrossRefGoogle Scholar
  11. 11.
    Lelarge, M.: Economics of Malware: Epidemic Risks Model, Network Externalities and Incentives. In: The 8th Workshop on the Economics of Information SecurityGoogle Scholar
  12. 12.
    Lelarge, M., Bolot, J.: A Local Mean Field Analysis of Security Investments in Networks. In: Proc. of the 3rd International Workshop on Economics of Networked Systems, pp. 25–30 (2008)Google Scholar
  13. 13.
    Fultz, N., Grossklags, J.: Blue versus Red: Towards a model of distributed security attacks. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 167–183. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  14. 14.
    Toutonji, O., Yoo, S.-M.: An Approach against a Computer Worm Attack. International Journal of Communication Networks and Information Security 1(2), 47–53 (2009)Google Scholar
  15. 15.
    Baucher, P., Holz, T., Kotter, M., Wicherski, G.: Konw your Enemy: Tracking Botnets,
  16. 16.
    Alpcan, T., Basar, T.: A Game Theoretic Appropach to Decision and Analysis in Network Intrusion Detection. In: Proceeding of the 42nd IEEE Conference on Decision and Control, pp. 2595–2600Google Scholar
  17. 17.
    Alpcan, T., Basar, T.: An Inrtusion Detection Game with Limited Observations. In: The 12th Int. Symp. on Dynamic Games and Applications (2006)Google Scholar
  18. 18.
    Namestnikov, Y.: The Economics of Botnets,
  19. 19.
    Li, Z., Liao, Q., Striegel, A.: Botnet Economics: Uncertainty Matters. In: The 7th Workshop on the Economics of Information Security (WEIS 2008) (2008)Google Scholar
  20. 20.
  21. 21.
  22. 22.
    Kaspersky Security Bulletin: Malware evolution (2008),

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Alain Bensoussan
    • 1
    • 2
  • Murat Kantarcioglu
    • 1
  • SingRu(Celine) Hoe
    • 1
  1. 1.University of Texas at DallasUSA
  2. 2.The Hong Kong Polytechnic UniversityHong Kong

Personalised recommendations