, 44:245 | Cite as

Using game theory to model DoS attack and defence

  • Bhupender KumarEmail author
  • Bubu Bhuyan


Denial of service (DoS) or distributed denial of service (DDoS) attacks based on bandwidth depletion remain a persistent network security threat and have always been an important issue for system administrators and researchers. Defence mechanisms proposed so far to defend against such attacks could not address the problem adequately and efficiently due to lack of quantitative approaches in modelling defence strategies against DoS/DDoS attacks. Game theory is a microeconomic and mathematical tool that provides a quantitative framework to model such attacks. A model based on game theory can act as a decision support system to the defender and augments its capabilities to take best decisions for maintaining an optimum level of network security round the clock against such attacks. Inspired by this, different DoS/DDoS scenarios, where game theory has been used to represent the strategic interaction between the attacker and a defender, are investigated. Based on the strategic interactions, a game theoretical defence mechanism is proposed to mitigate DoS/DDoS attacks. The proposed mechanism is based on two-player zero-sum game. It considers DoS/DDoS attack based on bandwidth depletion where an attacker wants to occupy maximum bandwidth of a link having a limited capacity. The attacker does so by flooding the network with unsolicited or malicious flows. The attacker has to decide an effective attack rate per flow. It has to choose an optimal size of botnet also for a cost-effective attack. It does trade-off analysis prior to attack. If its payoff or benefit obtained is less than the attack cost, it chooses to refrain from launching such a costlier DoS/DDoS attack. On the other hand, to set an upper bound on network traffic, the defender needs to set an optimum threshold per flow so that maximum attack flows are either dropped or redirected to a honeypot deployed in the network. Arbitrary setting of a threshold for flow rates can also cause a loss of legitimate flows. The defender chooses the optimum threshold value with precise estimation to minimize loss of legitimate flows. The defender also does trade-off analysis and sets the threshold in a way that can minimize the attacker’s payoff. This optimization problem is presented as a game between the attacker and defender. Action sets and objective functions of both players are defined. The network constrains are modelled and payoffs are calculated. The game converges to Nash equilibrium. The best course of actions is deduced from the Nash strategies. Results obtained by simulation and numerical calculations are in favour of the proposed game theoretical defence mechanism and strongly advocate the worthiness of using game theory to defend against DoS and DDoS attacks to strengthen network security.


Denial of service attack and defence bandwidth game theory payoff Nash equilibrium optimization 


  1. 1.
    Zargar S T, Joshi J and Tipper D 2013 A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Communications Surveys and Tutorials 15: 2046–2069CrossRefGoogle Scholar
  2. 2.
    Mircovik J and Reither P 2004 A taxonomy of DDoS attack and DDoS defense mechanism. ACM SIGCOMM Computer Communication Review 34: 39–53Google Scholar
  3. 3.
    Liu P, Zang W and Yu M 2005 Incentive-based modelling and inference of attacker intent, objectives, and strategies. ACM Transactions on Information and System Security (TISSEC) 8: 78–118CrossRefGoogle Scholar
  4. 4.
    Manshaei M H, Zhu Q, Alpcan T, Basar T and Hubaux J P 2011 Game theory meets network security and privacy. ACM Computing Surveys 45: 25–25zbMATHGoogle Scholar
  5. 5.
    Bedi H S, Roy S and Shiva S 2011 Game theory based defense mechanism against DDoS attacks on TCP/TCP IP friendly flow. In: Proceedings of the IEEE Symposium on Computational Intelligence in Cyber Security (CICS), pp. 129–136Google Scholar
  6. 6.
    Osborne M J 2004 An introduction to game theory. Oxford University Press, Inc. 198 Madison Avenue, New York, 10016 https:////
  7. 7.
    Yaar A, Perrig A and Song D 2004 SIFF: Stateless Internet Flow Filter to mitigate DDoS flooding attack. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 130–143Google Scholar
  8. 8.
    Xu J and Lee W 2003 Sustaining availability of web services under distributed denial of service attack. IEEE Transactions on Computers 52(2): 195–208CrossRefGoogle Scholar
  9. 9.
    He W, Xia C, Wang H, Zheng C and Ji Y 2008 A game theoretical attack defense model oriented to network security risk assessment. In: Proceedings of the International Conference on Computer Science and Software Engineering, pp. 498–504Google Scholar
  10. 10.
    Alpcan T and Sonja B 2011 Security games for vehicular networks. IEEE Transactions on Mobile Computing 10: 280–290CrossRefGoogle Scholar
  11. 11.
    Zhu Q, Li H, Han Z and Basar T 2010 A stochastic game model for jamming in multi channel cognitive radio systems. In: IEEE Proceedings of the International Conference on Communications (ICC), pp. 1–6Google Scholar
  12. 12.
    Kiekintveld C, Lisý V and Píbil R 2015 Game theoretic foundations for the strategic use of honeypots in network security. In: Cyber Warfare. Cham: Springer, pp. 81–101Google Scholar
  13. 13.
    Durkota K, Kiekintveld C and Bosansky B 2015 Game theoretic algorithms for optimal network security hardening using attack graphs. In: Proceedings of the 14th International Conference on Autonomous Agents and Multiagent Systems (AAMAS), pp. 1773–1774Google Scholar
  14. 14.
    Garnaev A, Baykal-Gursoy M and Poor H V 2016 A game theoretic analysis of secret and reliable communication with active and passive adversarial modes. IEEE Transactions on Wireless Communications 15: 2155–2163 CrossRefGoogle Scholar
  15. 15.
    Yang J, Kim I M and Kim D I 2013 Optimal cooperative jamming for multiuser broadcast channel with multiple eavesdroppers. IEEE Transactions on Wireless Communications 12: 2840–2852CrossRefGoogle Scholar
  16. 16.
    Zhang N, Lu N, Cheng N, Mark J W and Shen X 2013 Cooperative spectrum access towards secure information transfer for CRNS. IEEE Journal on Selected Areas in Communications 31: 2453–2464CrossRefGoogle Scholar
  17. 17.
    Zheng G, Choo L and Wong K 2011 Optimal cooperative jamming to enhance physical layer security using relays. IEEE Transactions on Signal Processing 59: 1317–1322MathSciNetCrossRefGoogle Scholar
  18. 18.
    Paramasivan B, John M, Prakash V and Kaliappan M 2015 Development of a secure routing protocol using game theory in mobile ad hoc networks. Journal of Communication and Networks 17: 75–80CrossRefGoogle Scholar
  19. 19.
    Abegunde J, Xio H and Spring J 2015 Resilient tit for tat (RTFT): a game solution for wireless misbehaviour. In: Proceedings of the International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 904–909Google Scholar
  20. 20.
    Prasad R, Constantinos D, Margaret M and Claffy K C 2003 Bandwidth estimation: metrics, measurement techniques, and tools. IEEE Network 17: 27–35CrossRefGoogle Scholar
  21. 21.
    Antoniades D, Manos A, Papadogiannakis A, Evangelos P M and Constantine D 2006 Available bandwidth measurement as simple as running wget. In: Proceedings of the Passive and Active Measurement Conference (PAM), pp. 61–70Google Scholar
  22. 22.
    Moti G, Herzberg A and Gev Y 2014 Bandwidth distributed denial of service: attacks and defenses. IEEE Security and Privacy 12: 54–61Google Scholar
  23. 23.
    Mirkovic J and Terry B 2012 Teaching cyber security with DeterLab. IEEE Security and Privacy 10: 73–76 CrossRefGoogle Scholar
  24. 24.
    Mirkovic J, Fahmy S, Reiher P and Roshan K T 2009 How to test DoS defenses. In: Proceedings of the Conference on Homeland Security (CATCH’09), Cybersecurity Applications and Technology, pp. 103–111Google Scholar

Copyright information

© Indian Academy of Sciences 2019

Authors and Affiliations

  1. 1.Department of Information TechnologyNorth Eastern Hill UniversityShillongIndia

Personalised recommendations