On modeling and simulation of game theory-based defense mechanisms against DoS and DDoS attacks

As cyber attacks continue to grow in number, scope, and severity, the cyber security problem has become increasingly important and challenging to both academic researchers and industry practitioners. We explore the applicability of game theoretic approaches to the cyber security problem with focus on active bandwidth depletion attacks. We model the interaction between the attacker and the defender as a two-player non-zero-sum game in two attack scenarios: (i) one single attacking node for Denial of Service (DoS) and (ii) multiple attacking nodes for Distributed DoS (DDoS). The defender's challenge is to determine optimal firewall settings to block rogue traffics while allowing legitimate ones. Our analysis considers the worst-case scenario where the attacker also attempts to find the most effective sending rate or botnet size. In either case, we build both static and dynamic game models to compute the Nash equilibrium that represents the best strategy of the defender. We validate the effectiveness of our game theoretic defense mechanisms via extensive simulation-based experiments using NS-3.

[1]  Stuart Harvey Rubin,et al.  Distributed denial of service attacks , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[2]  David G. Andersen Mayday: Distributed Filtering for Internet Services , 2003, USENIX Symposium on Internet Technologies and Systems.

[3]  Jun Xu,et al.  Sustaining Availability of Web Services under Distributed Denial of Service Attacks , 2003, IEEE Trans. Computers.

[4]  Dawn Xiaodong Song,et al.  SIFF: a stateless Internet flow filter to mitigate DDoS flooding attacks , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[5]  William H. Sanders,et al.  Model-based evaluation: from dependability to security , 2004, IEEE Transactions on Dependable and Secure Computing.

[6]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[7]  David M. Nicol,et al.  RINSE: the real-time immersive network simulation environment for network security exercises , 2005, Workshop on Principles of Advanced and Distributed Simulation (PADS'05).

[8]  Ness B. Shroff,et al.  Emulation versus simulation: a case study of TCP-targeted denial of service attacks , 2006, 2nd International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, 2006. TRIDENTCOM 2006..

[9]  Gustavo Carneiro,et al.  FlowMonitor: a network monitoring framework for the network simulator 3 (NS-3) , 2009, VALUETOOLS.

[10]  Chase Qishi Wu,et al.  Monitoring security events using integrated correlation-based techniques , 2009, CSIIRW '09.

[11]  Chase Qishi Wu,et al.  Design and Validation of PATRICIA for the Mitigation of Network Flooding Attacks , 2009, 2009 International Conference on Computational Science and Engineering.

[12]  Carlos Sarraute,et al.  Simulation of Computer Network Attacks , 2010, ArXiv.

[13]  Chase Qishi Wu,et al.  A Survey of Game Theory as Applied to Network Security , 2010, 2010 43rd Hawaii International Conference on System Sciences.