Abstract
Denial of Service (DoS) attacks prevent legitimate users from accessing resources by compromising availability of a system. Despite advanced prevention mechanisms, DoS attacks continue to exist, and there is no widely-accepted solution. We propose a deception-based protection mechanism that involves game theory to model the interaction between the defender and the attacker. The defender’s challenge is to determine the optimal network configuration to prevent attackers from staging a DoS attack while providing service to legitimate users. In this setting, the defender can employ camouflage by either disguising a normal system as a honeypot, or by disguising a honeypot as a normal system. We use signaling game with perfect Bayesian equilibrium (PBE) to explore the strategies and point out the important implications for this type of dynamic games with incomplete information. Our analysis provides insights into the balance between resource and investment, and also shows that defenders can achieve high level of security against DoS attacks with cost-effective solutions through the proposed deception strategy.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Agah, A., Das, S.K.: Preventing DoS attacks in wireless sensor networks: a repeated game theory approach. IJ Netw. Secur. 5(2), 145–153 (2007)
Bagwell, K., Ramey, G.: Advertising and pricing to deter or accommodate entry when demand is unknown. Int. J. Indus. Organ. 8(1), 93–113 (1990)
Balas, E.: Know Your Enemy: Learning About Security Threats. Addison Wesley, Boston (2004)
Basagiannis, S., Katsaros, P., Pombortsis, A., Alexiou, N.: Probabilistic model checking for the quantification of DoS security threats. Comput. Secur. 28(6), 450–465 (2009)
Bell, J.B., Whaley, B.: Cheating and Deception. Transaction Publishers, Brunswick (1991)
Carroll, T.E., Grosu, D.: A game theoretic investigation of deception in network security. Secur. Commun. Netw. 4, 1162–1172 (2011)
Center, C.C.: Results of the distributed-systems intruder tools workshop. Software Engineering Institute (1999)
Cohen, F., Koike, D.: Misleading attackers with deception. In: Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, pp. 30–37. IEEE (2004)
Fong, Y.: Private information of nonpaternalistic altruism: exaggeration and reciprocation of generosity. Adv. Theor. Econ. 9(1), 1 (2009)
Fu, X., Yu, W., Cheng, D., Tan, X., Streff, K., Graham, S.: On recognizing virtual honeypots and countermeasures. In: 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing, pp. 211–218. IEEE (2006)
Fudenberg, D., Tirole, J.: Perfect Bayesian equilibrium and sequential equilibrium. J. Econ. Theor. 53(2), 236–260 (1991)
Gao, X., Zhu, Y.-F.: DDoS defense mechanism analysis based on signaling game model. In: 2013 5th International Conference on Intelligent Human-Machine Systems and Cybernetics, pp. 414–417 (2013)
Hamilton, S.N., Miller, W.L., Ott, A., Saydjari, O.S.: The role of game theory in information warfare. In: 4th Information Survivability Workshop (ISW-2001/2002), Vancouver, Canada (2002)
Heitzenrater, C., Taylor, G., Simpson, A.: When the winning move is not to play: games of deterrence in cyber security. In: Khouzani, M.H.R., Panaousis, E., Theodorakopoulos, G. (eds.) Decision and Game Theory for Security, pp. 250–269. Springer, Heidelberg (2015)
Jiang, Z., Ge, Y., Li, Y.: Max-utility wireless resource management for best-effort traffic. IEEE Trans. Wirel. Commun. 4(1), 100–111 (2005)
La, Q.D., Quek, T., Lee, J., Jin, S., Zhu, H.: Deceptive attack and defense game in honeypot-enabled networks for the internet of things. IEEE Internet Things J. PP(99), 1 (2016)
Lau, F., Rubin, S.H., Smith, M.H., Trajkovic, L.: Distributed denial of service attacks. In: 2000 IEEE International Conference on Systems, Man, and Cybernetics, vol. 3, pp. 2275–2280. IEEE (2000)
Lye, K.W., Wing, J.M.: Game strategies in network security. Int. J. Inf. Secur. 4(1–2), 71–86 (2005)
McCarty, B.: The honeynet arms race. IEEE Secur. Priv. 1(6), 79–82 (2003)
Meadows, C.: A cost-based framework for analysis of denial of service in networks. J. Comput. Secur. 9(1), 143–164 (2001)
Píbil, R., Lisý, V., Kiekintveld, C., Bošanský, B., Pěchouček, M.: Game theoretic model of strategic honeypot selection in computer networks. In: Decision and Game Theory for, Security, pp. 201–220 (2012)
Rasouli, M., Miehling, E., Teneketzis, D.: A supervisory control approach to dynamic cyber-security. In: Poovendran, R., Saad, W. (eds.) Decision and Game Theory for Security, pp. 99–117. Springer, Heidelberg (2014)
Rass, S., Rainer, B.: Numerical computation of multi-goal security strategies. In: Poovendran, R., Saad, W. (eds.) Decision and Game Theory for Security, pp. 118–133. Springer, Heidelberg (2014)
Rowe, N.C., Custy, E.J., Duong, B.T.: Defending cyberspace with fake honeypots. J. Comput. 2(2), 25–36 (2007)
Shen, S., Yue, G., Cao, Q., Yu, F.: A survey of game theory in wireless sensor networks security. J. Netw. 6(3), 521–532 (2011)
Wang, W., Chatterjee, M., Kwiat, K.: Coexistence with malicious nodes: a game theoretic approach. In: International Conference on Game Theory for Networks, GameNets 2009, pp. 277–286. IEEE (2009)
Wu, Q., Shiva, S., Roy, S., Ellis, C., Datla, V.: On modeling and simulation of game theory-based defense mechanisms against DoS and DDoS attacks. In: Proceedings of the 2010 Spring Simulation Multiconference, p. 159. Society for Computer Simulation International (2010)
Yang, L., Mu, D., Cai, X.: Preventing dropping packets attack in sensor networks: a game theory approach. Wuhan Univ. J. Nat. Sci. 13(5), 631–635 (2008)
Zhuang, J., Bier, V.M.: Reasons for secrecy and deception in homeland-security resource allocation. Risk Anal. 30(12), 1737–1743 (2010)
Zhuang, J., Bier, V.M.: Secrecy and deception at equilibrium, with applications to anti-terrorism resource allocation. Defence Peace Econ. 22(1), 43–61 (2011)
Zhuang, J., Bier, V.M., Alagoz, O.: Modeling secrecy and deception in a multiple-period attacker-defender signaling game. Eur. J. Oper. Res. 203(2), 409–418 (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Çeker, H., Zhuang, J., Upadhyaya, S., La, Q.D., Soong, BH. (2016). Deception-Based Game Theoretical Approach to Mitigate DoS Attacks. In: Zhu, Q., Alpcan, T., Panaousis, E., Tambe, M., Casey, W. (eds) Decision and Game Theory for Security. GameSec 2016. Lecture Notes in Computer Science(), vol 9996. Springer, Cham. https://doi.org/10.1007/978-3-319-47413-7_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-47413-7_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-47412-0
Online ISBN: 978-3-319-47413-7
eBook Packages: Computer ScienceComputer Science (R0)