Game Theory for Strategic DDoS Mitigation

Mitigating DDoS attacks on the networks is an important security challenge for the Internet Service Providers. Recent work has shown a flexible and elastic DDoS defense mechanism via Software Defined Networking/Network functions virtualization and such systems are showing increasingly efficient performance. However, an intelligent attacker can exploit the system by dynamically adapting the attack profile which a static defense cannot adequately handle. We propose a game theoretic model for a dynamic deceptive defense. We decompose the problem in two phases. The first phase focuses on optimising the defense while trying to deceive the attacker with dynamic adaptations in the defense strategy. The second phase consists of optimising the resource allocation in order to execute the pre-computed defence strategy. We show analytical and numerical results showing the efficiency of our computation algorithms.

[1]  Haifeng Xu,et al.  Cyber Camouflage Games for Strategic Deception , 2019, GameSec.

[2]  Haifeng Xu,et al.  Deceiving Cyber Adversaries: A Game Theoretic Approach , 2018, AAMAS.

[3]  Mina Guirguis,et al.  Don't Bury your Head in Warnings: A Game-Theoretic Approach for Intelligent Allocation of Cyber-security Alerts , 2017, IJCAI.

[4]  Quanyan Zhu,et al.  Decision and Game Theory for Security , 2016, Lecture Notes in Computer Science.

[5]  Branislav Bosanský,et al.  Optimal Network Security Hardening Using Attack Graph Games , 2015, IJCAI.

[6]  Milind Tambe,et al.  When Security Games Go Green: Designing Defender Strategies to Prevent Poaching and Illegal Fishing , 2015, IJCAI.

[7]  Vyas Sekar,et al.  Bohatei: Flexible and Elastic DDoS Defense , 2015, USENIX Security Symposium.

[8]  Sushil Jajodia,et al.  Pareto-Optimal Adversarial Defense of Enterprise Systems , 2015, TSEC.

[9]  Yevgeniy Vorobeychik,et al.  Optimal Personalized Filtering Against Spear-Phishing Attacks , 2015, AAAI.

[10]  Christian Rossow,et al.  Amplification Hell: Revisiting Network Protocols for DDoS Abuse , 2014, NDSS.

[11]  Virgil D. Gligor,et al.  The Crossfire Attack , 2013, 2013 IEEE Symposium on Security and Privacy.

[12]  Tansu Alpcan,et al.  Network Security , 2010 .

[13]  Adrian Perrig,et al.  The Coremelt Attack , 2009, ESORICS.

[14]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[15]  Hong Yan,et al.  A clean slate 4D approach to network control and management , 2005, CCRV.

[16]  Santosh S. Vempala,et al.  Efficient algorithms for online decision problems , 2005, J. Comput. Syst. Sci..

[17]  Paul Barford,et al.  A signal analysis of network traffic anomalies , 2002, IMW '02.