Game theory-based defense mechanisms against DDoS attacks on TCP/TCP-friendly flows

Abstract

While there are significant advances in information technology and infrastructure which offer new opportunities, cyberspace is still far from completely secured. In many cases, the employed security solutions are ad hoc and lack a quantitative decision framework. To this end, game theory poses huge potential in building a defense architecture based on a solid analytical setting. In this paper, we explore the applicability of game theoretic approaches to the cyber security problem while keeping the focus on active bandwidth depletion attacks on TCP/TCP-friendly flows. We model the interaction between the attacker and the defender as a game in two attack scenarios: (i) one single attacking node for Denial of Service (DoS) and (ii) multiple attacking nodes for Distributed DoS (DDoS). The defender's challenge is to determine optimal firewall settings to block rogue traffic while allowing legitimate ones. Our analysis considers the worst-case scenario where the attacker also attempts to find the most effective sending rate or botnet size. In either case, we build a static game model to compute the Nash equilibrium that represents the best strategy for the defender. We validate the effectiveness of our game theoretic defense mechanisms via extensive simulation.