Abstract
Botnets are networks of computers infected with malicious programs that allow cybercriminals/botnet herders to control the infected machines remotely without the user’s knowledge. In many cases, botnet herders are motivated by economic incentives and try to significantly profit from illegal botnet activity while causing significant economic damage to society. To analyze the economic aspects of botnet activity and suggest feasible defensive strategies, we provide a comprehensive game theoretical framework that models the interaction between the botnet herder and the defender group (network/computer users). In our framework, a botnet herder’s goal is to intensify his intrusion in a network of computers for pursuing economic profits whereas the defender group’s goal is to defend botnet herder’s intrusion. The percentage of infected computers in the network evolves according to a modified SIS (susceptible-infectious-susceptible) epidemic model. For a given level of network defense, we define the strategy of the botnet herder as the solution of a control problem and obtain the optimal strategy as a feedback on the rate of infection. In addition, using a differential game model, we obtain two possible closed-loop Nash equilibrium solutions. They depend on the effectiveness of available defense strategies and control/strategy switching thresholds, specified as rates of infection. The two equilibria are either (1) the defender group defends at maximum level while the botnet herder exerts an intermediate constant intensity attack effort or (2) the defender group applies an intermediate constant intensity defense effort while the botnet herder attacks at full power.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bensoussan, A., Kantarcioglu, M., Hoe, C.: Botnet Defense Under Uncertainty: A Stochastic Differential Game Approach, Working Paper, UT Dallas (2010)
Bensoussan, A., Kantarcioglu, M., Hoe, C.: A Game-Theoretical Approach for Finding Optimal Strategies in a Botnet Defense Model, Technical Report, UTDCS-14-10, http://www.utdallas.edu/~mxk055100/publications/botnet-defense-game.pdf
Dagon, D., Zou, C., Lee, W.: Modeling Botnet Propagation Using Time Zones. In: Proc. of the 13th Network and Distributed System Security Symposium NDSS
Cohen, F.: Computer Viruses Theory and Practice. Computer and Security 6, 22–35 (1987)
Theodorakopoulos, G., Baras, J.S., Le Boudec, J.-Y.: Dynamic Network Security Deployment under Partial Information. In: Proc. of the 46th Annual Allerton Conference on Communication, Control, and Computing, pp. 261–267 (2008)
Grossklags, J., Christin, N., Chuang, J.: Security investment (failures) in five economic environments: A comparison of homogeneous and heterogeneous user agents. In: Proc. of the 7th Workshop on the Economics of Information Security (WEIS 2008) (2008)
Liu, J., Tang, Y., Yang, Z.R.: The Spread of Disease with Birth and Death on Networks. Journal of Statistical Mechanics: Theory and Experiment (2004)
Kephart, J.O., White, S.R.: Directed-Graph Epidemiological Models of Computer Viruses. In: Proc. of IEEE Symposium on Security and Provacy, pp. 343–361 (1991)
Lye, K.W., Wang, J.: Game Strategies in Network Securities. International Journal of Information Security 1(1-2), 71–86 (2005)
Bloem, M., Aplcan, T., Basar, T.: Optimal and Robust Epidemic Response for Multiple Networks. IFAC Control Engineering Practice 17(5), 525–533 (2009)
Lelarge, M.: Economics of Malware: Epidemic Risks Model, Network Externalities and Incentives. In: The 8th Workshop on the Economics of Information Security
Lelarge, M., Bolot, J.: A Local Mean Field Analysis of Security Investments in Networks. In: Proc. of the 3rd International Workshop on Economics of Networked Systems, pp. 25–30 (2008)
Fultz, N., Grossklags, J.: Blue versus Red: Towards a model of distributed security attacks. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 167–183. Springer, Heidelberg (2009)
Toutonji, O., Yoo, S.-M.: An Approach against a Computer Worm Attack. International Journal of Communication Networks and Information Security 1(2), 47–53 (2009)
Baucher, P., Holz, T., Kotter, M., Wicherski, G.: Konw your Enemy: Tracking Botnets, http://www.honeynet.org/papers/bots
Alpcan, T., Basar, T.: A Game Theoretic Appropach to Decision and Analysis in Network Intrusion Detection. In: Proceeding of the 42nd IEEE Conference on Decision and Control, pp. 2595–2600
Alpcan, T., Basar, T.: An Inrtusion Detection Game with Limited Observations. In: The 12th Int. Symp. on Dynamic Games and Applications (2006)
Namestnikov, Y.: The Economics of Botnets, http://www.viruslist.com/en/downloads/pdf/ynam_botnets_0907_en.pdf
Li, Z., Liao, Q., Striegel, A.: Botnet Economics: Uncertainty Matters. In: The 7th Workshop on the Economics of Information Security (WEIS 2008) (2008)
Conficker Botnet ’Dead In the Water’, Researcher Says, http://darkreading.com/vulnerability_management/security/attacks/showArticle.jhtml?articleID=224201115
Symantec Global Internet Security Threat Report, http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_x_04-2010.en-us.pdf
Kaspersky Security Bulletin: Malware evolution (2008), http://www.securelist.com/en/analysis?pubid=204792051
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bensoussan, A., Kantarcioglu, M., Hoe, S. (2010). A Game-Theoretical Approach for Finding Optimal Strategies in a Botnet Defense Model. In: Alpcan, T., Buttyán, L., Baras, J.S. (eds) Decision and Game Theory for Security. GameSec 2010. Lecture Notes in Computer Science, vol 6442. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17197-0_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-17197-0_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17196-3
Online ISBN: 978-3-642-17197-0
eBook Packages: Computer ScienceComputer Science (R0)