ABSTRACT
As cyber attacks continue to grow in number, scope, and severity, the cyber security problem has become increasingly important and challenging to both academic researchers and industry practitioners. We explore the applicability of game theoretic approaches to the cyber security problem with focus on active bandwidth depletion attacks. We model the interaction between the attacker and the defender as a two-player non-zero-sum game in two attack scenarios: (i) one single attacking node for Denial of Service (DoS) and (ii) multiple attacking nodes for Distributed DoS (DDoS). The defender's challenge is to determine optimal firewall settings to block rogue traffics while allowing legitimate ones. Our analysis considers the worst-case scenario where the attacker also attempts to find the most effective sending rate or botnet size. In either case, we build both static and dynamic game models to compute the Nash equilibrium that represents the best strategy of the defender. We validate the effectiveness of our game theoretic defense mechanisms via extensive simulation-based experiments using NS-3.
- D. G. Andersen. Mayday: Distributed filtering for internet services. In Proc. of the 4th Usenix Symposium on Internet Technologies and Systems, March 2003. Google ScholarDigital Library
- G. Carneiro, P. Fortuna, and M. Ricardo. Flowmonitor-a network monitoring framework for the network simulator 3 (ns-3). In NSTOOLS, Pisa, Italy, Oct. 19 2009. Google ScholarDigital Library
- R. Chertov, S. Fahmy, and N. Shroff. Emulation versus simulation: A case study of TCP-targeted denial of service attacks. In Proc. of the 2nd International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, page 10, 2006.Google ScholarCross Ref
- Security Focus. http://www.securityfocus.com/archive/1. Security Focus Bugtraq Vulnerability Notification Database, 2009.Google Scholar
- B. Gourley. Cloud computing and cyber defense. Crucial Point LLC, March 2009.Google Scholar
- F. Lau, S. Rubin, M. Smith, and L. Trajkovic. Distributed denial of service attacks. In IEEE International Conference on Systems, Man, and Cybernetics, volume 3, 2000.Google ScholarCross Ref
- M. Liljenstam, J. Liu, D. Nicol, Y. Yuan, G. Yan, and C. Grier. Rinse: the real-time immersive network simulation environment for network security exercises. In Workshop on Principles of Advanced and Distributed Simulation, pages 119--128, 2005. Google ScholarDigital Library
- J. Mirkovic. A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 34(2):39--53, 2004. Google ScholarDigital Library
- D. Nicol, W. Sanders, and K. Trived. Model-based evaluation: From dependability to security. IEEE Transactions on Dependable and Secure Computing, 1(1):48--65, 2004. Google ScholarDigital Library
- S. Roy, C. Ellis, S. Shiva, D. Dasgupta, V. Shandilya, and Q. Wu. A survey of game theory as applied to network security. To appear: The 43rd Hawaii International Conference on System Sciences, 2010. Google ScholarDigital Library
- C. Sarraute, F. Miranda, and J. L. Orlicki. Simulation of Computer Network Attacks. In Argentine Symposium on Computing Technology, Aug. 30 2007.Google Scholar
- Packet Storm. http://packetstormsecurity.org/. Packet Storm Vulnerability Database, 2009.Google Scholar
- US-CERT. http://www.us-cert.gov/. United States Computer Emergency Readiness Team, 2009.Google Scholar
- L. Wang, Q. Wu, and Y. Liu. Design and Validation of PATRICIA for the Mitigation of Network Flooding Attacks. In Proceedings of the 2009 International Conference on Computational Science and Engineering-Volume 02, pages 651--658. IEEE Computer Society, 2009. Google ScholarDigital Library
- Q. Wu, D. Ferebee, Y. Lin, and D. Dasgupta. Monitoring security events using integrated correlation-based techniques. In Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, page 47, 2009. Google ScholarDigital Library
- J. Xu and W. Lee. Sustaining availability of web services under distributed denial of service attacks. IEEE Transactions on Computers, pages 195--208, 2003. Google ScholarDigital Library
- A. Yaar, A. Perrig, and D. Song. Siff: A stateless internet flow filter to mitigate ddos flooding attacks. In In Proc of IEEE Symposium on Security and Privacy, pages 130--143, 2004.Google ScholarCross Ref
Recommendations
Moving Target Defense against DDoS Attacks: An Empirical Game-Theoretic Analysis
MTD '16: Proceedings of the 2016 ACM Workshop on Moving Target DefenseDistributed denial-of-service attacks are an increasing problem facing web applications, for which many defense techniques have been proposed, including several moving-target strategies. These strategies typically work by relocating targeted services ...
Towards a bayesian network game framework for evaluating DDoS attacks and defense
CCS '12: Proceedings of the 2012 ACM conference on Computer and communications securityWith a long history of compromising Internet security, Distributed Denial-of-Service (DDoS) attacks have been intensively investigated and numerous countermeasures have been proposed to defend against them. In this work, we propose a non-standard game-...
A game theoretic defence framework against DoS/DDoS cyber attacks
Game-theoretic approaches have been previously employed in the research area of network security in order to explore the interaction between an attacker and a defender during a Distributed Denial of Service (DDoS) attack scenario. Existing literature ...
Comments