A game inspired defense mechanism against distributed denial of service attacks

Game theory offers a promising approach toward modeling cyber attacks and countermeasures as games played among attackers and system defenders. The widely accepted concept of Nash equilibrium can be used to determine the optimal strategy for all players playing the game. In this work, we demonstrate the applicability of game theory in modeling the defense against distributed denial of service attacks. In particular, we focus on attack scenarios that attempt to create congestion in bottleneck network links. We design a game model to determine the best defense strategy for the defender in such attack scenarios. In our model, the attacker uses a botnet consisting of multiple nodes to send rogue traffic in order to flood one or more links in the target network. The defender's challenge is to determine the best firewall settings to block rogue traffic while allowing legitimate traffic. We validate our game model using simulation. Furthermore, we build a comprehensive defense architecture called game inspired defense architecture and test its performance via emulation on one publicly available testbed called DeterLab. Open source software, such as Bro intrusion detection system, Dummynet network emulator, IP firewall, and Iperf network testing tool are used to build game inspired defense architecture. Our proposed defense solution exhibits promising results during both simulation and emulation. Copyright (c) 2014 John Wiley & Sons, Ltd.