Using game theory to model DoS attack and defence

Bhupender Kumar, Bubu Bhuyan
2019 Sadhana (Bangalore)  
Denial of service (DoS) or distributed denial of service (DDoS) attacks based on bandwidth depletion remain a persistent network security threat and have always been an important issue for system administrators and researchers. Defence mechanisms proposed so far to defend against such attacks could not address the problem adequately and efficiently due to lack of quantitative approaches in modelling defence strategies against DoS/DDoS attacks. Game theory is a microeconomic and mathematical
more » ... that provides a quantitative framework to model such attacks. A model based on game theory can act as a decision support system to the defender and augments its capabilities to take best decisions for maintaining an optimum level of network security round the clock against such attacks. Inspired by this, different DoS/DDoS scenarios, where game theory has been used to represent the strategic interaction between the attacker and a defender, are investigated. Based on the strategic interactions, a game theoretical defence mechanism is proposed to mitigate DoS/DDoS attacks. The proposed mechanism is based on two-player zero-sum game. It considers DoS/DDoS attack based on bandwidth depletion where an attacker wants to occupy maximum bandwidth of a link having a limited capacity. The attacker does so by flooding the network with unsolicited or malicious flows. The attacker has to decide an effective attack rate per flow. It has to choose an optimal size of botnet also for a cost-effective attack. It does trade-off analysis prior to attack. If its payoff or benefit obtained is less than the attack cost, it chooses to refrain from launching such a costlier DoS/DDoS attack. On the other hand, to set an upper bound on network traffic, the defender needs to set an optimum threshold per flow so that maximum attack flows are either dropped or redirected to a honeypot deployed in the network. Arbitrary setting of a threshold for flow rates can also cause a loss of legitimate flows. The defender chooses the optimum threshold value with precise estimation to minimize loss of legitimate flows. The defender also does trade-off analysis and sets the threshold in a way that can minimize the attacker's payoff. This optimization problem is presented as a game between the attacker and defender. Action sets and objective functions of both players are defined. The network constrains are modelled and payoffs are calculated. The game converges to Nash equilibrium. The best course of actions is deduced from the Nash strategies. Results obtained by simulation and numerical calculations are in favour of the proposed game theoretical defence mechanism and strongly advocate the worthiness of using game theory to defend against DoS and DDoS attacks to strengthen network security. adhana(0123456789().,-volV)FT3 ](0123456789().,-volV)
doi:10.1007/s12046-019-1228-4 fatcat:y654nv2o35g2losdigywocuyem