Optimal Personalized DDoS Attacks Detection Strategy in Network Systems

  • Mingchu Li
  • Xian YangEmail author
  • Yuanfang Chen
  • Zakirul Alam Bhuiyan
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1123)


The wide application use of network systems extends people’s ability to access information, but its inherent network characteristics make it more vulnerable to DDoS attacks. Existing intrusion detection in network systems is usually only targeted at specific attacks, but will fail when dealing with strategic attacks. Therefore, based on game theory, the attack and defense process in the network system is analyzed, and the personalized DDoS attack detection is proposed. Considering that the attacker will observe the defender’s strategy before launching attacks, we model this problem as a Stackelberg security game and derive the optimal defensive strategy for the network system. After comparing the strategy with other non-strategic strategies, it is proved that our proposed method is more effective for detecting DDoS attack in network systems.


DDoS attack Network systems Stackelberg game Attack detection 



This work is supported by the National Natural Science Foundation of China (Grant No. 61802097), and the Project of Qianjiang Talent (Grant No. QJD1802020).


  1. 1.
    Breton, M., Alj, A., Haurie, A.: Sequential Stackelberg equilibria in two-person games. J. Optim. Theory Appl. 59(1), 71–97 (1988)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Chen, Y., et al.: When traffic flow prediction and wireless big data analytics meet. IEEE Network 33(3), 161–167 (2019)CrossRefGoogle Scholar
  3. 3.
    Chen, Y., Zhang, Y., Maharjan, S., Alam, M., Wu, T.: Deep learning for secure mobile edge computing in cyber-physical transportation systems. IEEE Network (2019)Google Scholar
  4. 4.
    Garcia-Teodoro, P., Diaz-Verdejo, J., Macia-Fernandez, G., Vazquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1), 18–28 (2009)CrossRefGoogle Scholar
  5. 5.
    Han, L., Zhou, M., Jia, W., Dalil, Z., Xu, X.: Intrusion detection model of wireless sensor networks based on game theory and an autoregressive model. Inf. Sci. 476, 491–504 (2019)CrossRefGoogle Scholar
  6. 6.
    Jain, M., et al.: Software assistants for randomized patrol planning for the LAX Airport Police and the Federal Air Marshal Service. Interfaces 40(4), 267–290 (2010)CrossRefGoogle Scholar
  7. 7.
    Khanna, S., Venkatesh, S.S., Fatemieh, O., Khan, F., Gunter, C.A.: Adaptive selective verification: an efficient adaptive countermeasure to thwart DoS attacks. IEEE/ACM Trans. Networking 20(3), 715–728 (2012)CrossRefGoogle Scholar
  8. 8.
    Kiekintveld, C., Islam, T., Kreinovich, V.: Security games with interval uncertainty. In: International Conference on Autonomous Agents and Multi-Agent Systems, pp. 231–238 (2013)Google Scholar
  9. 9.
    Laszka, A., Abbas, W., Sastry, S.S., Vorobeychik, Y., Koutsoukos, X.: Optimal thresholds for intrusion detection systems. In: Symposium and Bootcamp on the Science of Security, pp. 72–81 (2016)Google Scholar
  10. 10.
    Leitmann, G.: On generalized Stackelberg strategies. J. Optim. Theory Appl. 26(4), 637–643 (1978)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Liang, X., Xiao, Y.: Game theory for network security. IEEE Commun. Surv. Tutorials 15(1), 472–486 (2013)CrossRefGoogle Scholar
  12. 12.
    Liao, H.J., Lin, C.H.R., Lin, Y.C., Tung, K.Y.: Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36(1), 16–24 (2013)CrossRefGoogle Scholar
  13. 13.
    Mall, P., Bhuiyan, M.Z.A., Amin, R.: A lightweight secure communication protocol for IoT devices using physically unclonable function. In: Wang, G., Feng, J., Bhuiyan, M.Z.A., Lu, R. (eds.) SpaCCS 2019. LNCS, vol. 11611, pp. 26–35. Springer, Cham (2019). Scholar
  14. 14.
    Manikopoulos, C., Papavassiliou, S.: Network intrusion and fault detection: a statistical anomaly approach. IEEE Press (2002)Google Scholar
  15. 15.
    Manshaei, M.H., Zhu, Q., Alpcan, T., Hubaux, J.P.: Game theory meets network security and privacy. ACM Comput. Surv. 45(3), 1–39 (2013)CrossRefGoogle Scholar
  16. 16.
    Roy, S., Ellis, C., Shiva, S., Dasgupta, D., Shandilya, V., Wu, Q.: A survey of game theory as applied to network security. In: Hawaii International Conference on System Sciences, pp. 1–10 (2010)Google Scholar
  17. 17.
    Sarker, J.H., Nahhas, A.M.: Mobile RFID system in the presence of denial-of-service attacking signals. IEEE Trans. Autom. Sci. Eng. PP(99), 1–13 (2016)Google Scholar
  18. 18.
    Shieh, E., An, B.: Protect: an application of computational game theory for the security of the ports of the united states. In: Proceedings of the 11th International Conference on Autonomous Agents and Multiagent Systems (AAMAS 2012), pp. 13–20 (2012)Google Scholar
  19. 19.
    Wang, D., Wang, Z., Li, G., Wang, W.: Distributed filtering for switched nonlinear positive systems with missing measurements over sensor networks. IEEE Sens. J. 16(12), 4940–4948 (2016)CrossRefGoogle Scholar
  20. 20.
    Wu, H., Dang, X., Wang, L., He, L.: Information fusion-based method for distributed domain name system cache poisoning attack detection and identification. IET Inf. Secur. 10(1), 37–44 (2016)CrossRefGoogle Scholar
  21. 21.
    Wu, H., Wang, W.: A game theory based collaborative security detection method for Internet of Things systems. IEEE Trans. Inf. Forensics Secur. 13(6), 1432–1445 (2018)CrossRefGoogle Scholar
  22. 22.
    Wu, H., Wang, W., Wen, C., Li, Z.: Game theoretical security detection strategy for networked systems. Inf. Sci. 453, 346–363 (2018) MathSciNetCrossRefGoogle Scholar
  23. 23.
    Yu, S., Zhou, W., Doss, R., Jia, W.: Traceback of DDoS attacks using entropy variations. IEEE Trans. Parallel Distrib. Syst. 22(3), 412–425 (2011)CrossRefGoogle Scholar
  24. 24.
    Zonouz, S.A., Khurana, H., Sanders, W.H., Yardley, T.M.: RRE: a game-theoretic intrusion response and recovery engine. In: IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 439–448 (2009)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Mingchu Li
    • 1
  • Xian Yang
    • 1
    Email author
  • Yuanfang Chen
    • 2
  • Zakirul Alam Bhuiyan
    • 3
  1. 1.School of Software TechnologyDalian University of TechnologyDalianChina
  2. 2.School of CyberspaceHangzhou Dianzi UniversityHangzhouChina
  3. 3.Department of Computer and Information SciencesFordham UniversityNew YorkUSA

Personalised recommendations