ABSTRACT
With a long history of compromising Internet security, Distributed Denial-of-Service (DDoS) attacks have been intensively investigated and numerous countermeasures have been proposed to defend against them. In this work, we propose a non-standard game-theoretic framework that facilitates evaluation of DDoS attacks and defense. Our framework can be used to study diverse DDoS attack scenarios where multiple layers of protection are deployed and a number of uncertain factors affect the decision making of the players, and it also allows us to model different sophistication levels of reasoning by both the attacker and the defender. We conduct a variety of experiments to evaluate DDoS attack and defense scenarios where one or more layers of defense mechanisms are deployed, and demonstrate that our framework sheds light on the interplay between decision makings of both the attacker and the defender, as well as how they affect the outcomes of DDoS attack and defense games.
- A. Arad and A. Rubinstein. The 11-20 money request game: Evaluating the upper bound of k-level reasoning. Technical report, Tel Aviv University Working Paper, May 2010.Google Scholar
- B. Bencsath, I. Vajda, and L. Buttyan. A game based analysis of the client puzzle approach to defend against DoS attacks. In Proceedings of the 2003 International Conference on Software, Telecommunications and Computer Networks, pages 763--767, 2003.Google Scholar
- C. F. Camerer. Behavioral game theory: experiments in strategic interaction. Princeton University Press, 2003.Google Scholar
- N. Christin, S. Egelman, T. Vidas, and J. Grossklags. It's all about the Benjamins: An empirical study on incentivizing users to ignore security advice. In Proceedings of IFCA Financial Cryptography'11, pages 16--30, Saint Lucia, February 2011. Google ScholarDigital Library
- http://edition.cnn.com/2008/TECH/04/18/cnn.websites/.Google Scholar
- M. Fallah. A puzzle-based defense strategy against flooding attacks using game theory. IEEE Transactions on Dependable And Secure Computing, 7:5--19, January 2010. Google ScholarDigital Library
- T. Khirwadkar, K. C. Nguyen, D. M. Nicol, and T. Basar. Methodologies for evaluating game theoretic defense against DDoS attacks. In Proceedings of the 2010 Winter Simulation Conference, 2010. Google ScholarDigital Library
- D. Koller and N. Friedman. Probabilistic Graphical Models: Principles and Techniques. MIT Press, 2009. Google ScholarDigital Library
- I. Kotenko and A. Ulanov. Simulation of internet DDoS attacks and defense. In Proceedings of the 9th international conference on Information Security, ISC'06, pages 327--342, 2006. Google ScholarDigital Library
- R. Lee and D. Wolpert. Game theoretic modeling of pilot behavior during mid-air encounters. In Decision Making with Imperfect Decision Makers, pages 75--111. Springer, 2012.Google ScholarCross Ref
- Z. Li, Y. Xiang, and D. He. Computational intelligence and security. chapter Simulation and Analysis of DDoS in Active Defense Environment, pages 878--886. Springer-Verlag, 2007. Google ScholarDigital Library
- R. Mahajan, S. M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker. Controlling high bandwidth aggregates in the network. ACM SIGCOMM Computer Communication Review, 32:62--73, July 2002. Google ScholarDigital Library
- M. H. Manshaei, Q. Zhu, T. Alpcan, T. Basar, and J.-P. Hubaux. Game theory meets network security, 2010. Submitted to ACM Survey.Google Scholar
- J. Mirkovic and P. Reiher. A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communications Review, 34(2), April 2004. Google ScholarDigital Library
- J. Mirkovic, S. Wei, A. Hussain, B. Wilson, R. Thomas, S. Schwab, S. Fahmy, R. Chertov, and P. Reiner. DDoS benchmarks and experimenter's workbench for the deter testbed. In Proceedings of the 3rd International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities (TridentCom'07), pages 1--7, May 2007.Google ScholarCross Ref
- R. Nagel. Unraveling in guessing games: An experimental study. American Economic Review, 85(5):1313--26, December 1995.Google Scholar
- T. Peng, C. Leckie, and K. Ramamohanarao. Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Computing Surveys, 39, April 2007. Google ScholarDigital Library
- S. Roy, C. Ellis, S. Shiva, D. Dasgupta, V. Shandilya, and Q. Wu. A survey of game theory as applied to network security. In Proceedings of the 2010 43rd Hawaii International Conference on System Sciences, pages 1--10, 2010. Google ScholarDigital Library
- D. Schmidt, S. Suriadi, A. Tickle, A. Clark, G. Mohay, E. Ahmed, and J. Mackie. A distributed denial of service testbed. In Jacques Berleur, Magda Hercheui, and Lorenz Hilty, editors, What Kind of Information Society? Governance, Virtuality, Surveillance, Sustainability, Resilience, volume 328 of IFIP Advances in Information and Communication Technology. Springer Boston, 2010.Google Scholar
- P. Shi and Y. Lian. Game-theoretical effectiveness evaluation of DDoS defense. In Proceedings of the Seventh International Conference on Networking (ICN'08), pages 427 --433, April 2008. Google ScholarDigital Library
- H. A. Simon. Rational choice and the structure of the environment. Psychological Review, 63(2):129--138, 1956.Google ScholarCross Ref
- M. E. Snyder, R. Sundaram, and M. Thakur. A game-theoretic framework for bandwidth attacks and statistical defenses. In Proceedings of the 32nd IEEE Conference on Local Computer Networks, 2007. Google ScholarDigital Library
- http://www.sans.org/security-resources/malwarefaq/stacheldraht.php.Google Scholar
- D. Stiliadis and A. Varma. Latency-rate servers: a general model for analysis of traffic scheduling algorithms. IEEE/ACM Transactions on Networking, 6(5):611--624, October 1998. Google ScholarDigital Library
- http://www.internetnews.com/security/article.php/3933046/How+Much+Does+a+DDoS+Attack+Cost.htm.Google Scholar
- http://www.pcmag.com/article2/0,2817,2374063,00.asp.Google Scholar
- Q. Wu, S. Shiva, S. Roy, C. Ellis, and V. Datla. On modeling and simulation of game theory-based defense mechanisms against DoS and DDoS attacks. In Proceedings of the 2010 Spring Simulation Multiconference, SpringSim '10, pages 159:1--159:8. ACM, 2010. Google ScholarDigital Library
- J. Xu and W. Lee. Sustaining availability of web services under distributed denial of service attacks. IEEE Transactions on Computers, 52(2):195 -- 208, feb. 2003. Google ScholarDigital Library
- http://news.cnet.com/2100-1023-236621.html.Google Scholar
- G. Yan and S. Eidenbenz. DDoS mitigation in non-cooperative environments. In Proceedings of the 7th international IFIP-TC6 networking conference, NETWORKING'08, Singapore, 2008. Google ScholarDigital Library
- W. Zang, P. Liu, and M. Yu. How resilient is the Internet against DDoS attacks? -- a game theoretic analysis of signature-based rate limiting. International Journal of Intelligent Control and Systems, 12(4):307--316, December 2007.Google Scholar
Index Terms
- Towards a bayesian network game framework for evaluating DDoS attacks and defense
Recommendations
On modeling and simulation of game theory-based defense mechanisms against DoS and DDoS attacks
SpringSim '10: Proceedings of the 2010 Spring Simulation MulticonferenceAs cyber attacks continue to grow in number, scope, and severity, the cyber security problem has become increasingly important and challenging to both academic researchers and industry practitioners. We explore the applicability of game theoretic ...
A game theoretic defence framework against DoS/DDoS cyber attacks
Game-theoretic approaches have been previously employed in the research area of network security in order to explore the interaction between an attacker and a defender during a Distributed Denial of Service (DDoS) attack scenario. Existing literature ...
DDoS attacks and defense mechanisms: classification and state-of-the-art
Denial of Service (DoS) attacks constitute one of the major threats and among the hardest security problems in today's Internet. Of particular concern are Distributed Denial of Service (DDoS) attacks, whose impact can be proportionally severe. With ...
Comments