Game-Theoretic Analysis of DDoS Attacks Against Bitcoin Mining Pools

One of the unique features of the digital currency Bitcoin is that new cash is introduced by so-called miners carrying out resource-intensive proof-of-work operations. To increase their chances of obtaining freshly minted bitcoins, miners typically join pools to collaborate on the computations. However, intense competition among mining pools has recently manifested in two ways. Miners may invest in additional computing resources to increase the likelihood of winning the next mining race. But, at times, a more sinister tactic is also employed: a mining pool may trigger a costly distributed denial-of-service (DDoS) attack to lower the expected success outlook of a competing mining pool. We explore the trade-off between these strategies with a series of game-theoretical models of competition between two pools of varying sizes. We consider differences in costs of investment and attack, as well as uncertainty over whether a DDoS attack will succeed. By characterizing the game’s equilibria, we can draw a number of conclusions. In particular, we find that pools have a greater incentive to attack large pools than small ones. We also observe that larger mining pools have a greater incentive to attack than smaller ones.

[1]  Amos Fiat,et al.  Untraceable Electronic Cash , 1990, CRYPTO.

[2]  Shafi Goldwasser,et al.  Advances in Cryptology — CRYPTO’ 88: Proceedings , 1990, Lecture Notes in Computer Science.

[3]  K. Dowd,et al.  Currency Competition, Network Externalities and Switching Costs: Towards an Alternative View of Optimum Currency Areas , 1993 .

[4]  Peng Liu,et al.  Incentive-based modeling and inference of attacker intent, objectives, and strategies , 2003, CCS '03.

[5]  Michael D. Smith,et al.  How Much Security Is Enough to Stop a Thief?: The Economics of Outsider Theft via Computer Systems and Networks , 2003, Financial Cryptography.

[6]  L. Camp Economics of Information Security , 2006 .

[7]  Hal R. Varian,et al.  System Reliability and Free Riding , 2004, Economics of Information Security.

[8]  Nicolas Christin,et al.  Near rationality and competitive equilibria in networked systems , 2004, PINS '04.

[9]  Dmitri Nizovtsev,et al.  Understanding and Influencing Attackers' Decisions: Implications for Security Investment Strategies , 2006, WEIS.

[10]  Tyler Moore,et al.  The Economics of Information Security , 2006, Science.

[11]  Derek J. Clark,et al.  Asymmetric Conflict , 2007 .

[12]  Huseyin Cavusoglu,et al.  Decision-Theoretic and Game-Theoretic Approaches to IT Security Investment , 2008, J. Manag. Inf. Syst..

[13]  Zhen Li,et al.  Botnet Economics: Uncertainty Matters , 2008, WEIS.

[14]  Nicolas Christin,et al.  Secure or insure?: a game-theoretic analysis of information security games , 2008, WWW.

[15]  M. Eric Johnson,et al.  Managing Information Risk and the Economics of Security , 2008, Managing Information Risk and the Economics of Security.

[16]  Jens Grossklags,et al.  Blue versus Red: Towards a Model of Distributed Security Attacks , 2009, Financial Cryptography.

[17]  Chase Qishi Wu,et al.  On modeling and simulation of game theory-based defense mechanisms against DoS and DDoS attacks , 2010, SpringSim.

[18]  Joseph Bonneau,et al.  What's in a Name? , 2010, Financial Cryptography.

[19]  Nicolas Christin,et al.  When Information Improves Information Security , 2010, Financial Cryptography.

[20]  Elmar Gerhards-Padilla,et al.  Case study of the Miner Botnet , 2012, 2012 4th International Conference on Cyber Conflict (CYCON 2012).

[21]  Aron Laszka,et al.  A Survey of Interdependent Security Games Working paper , 2012 .

[22]  Kevin Leyton-Brown,et al.  Proceedings of the 13th ACM Conference on Electronic Commerce, EC 2012, Valencia, Spain, June 4-8, 2012 , 2012, EC.

[23]  Elaine Shi,et al.  Bitter to Better - How to Make Bitcoin a Better Currency , 2012, Financial Cryptography.

[24]  Aviv Zohar,et al.  On bitcoin and red balloons , 2012, EC '12.

[25]  Tyler Moore,et al.  Beware the Middleman: Empirical Analysis of Bitcoin-Exchange Risk , 2013, Financial Cryptography.

[26]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.

[27]  Theodore Tryfonas,et al.  A game theoretic defence framework against DoS/DDoS cyber attacks , 2013, Comput. Secur..

[28]  Joshua A. Kroll,et al.  The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries , 2013 .

[29]  Tyler Moore,et al.  Empirical Analysis of Denial-of-Service Attacks in the Bitcoin Ecosystem , 2014, Financial Cryptography Workshops.