Visible to the public Moving Target Defense Against DDoS Attacks: An Empirical Game-Theoretic Analysis

TitleMoving Target Defense Against DDoS Attacks: An Empirical Game-Theoretic Analysis
Publication TypeConference Paper
Year of Publication2016
AuthorsWright, Mason, Venkatesan, Sridhar, Albanese, Massimiliano, Wellman, Michael P.
Conference NameProceedings of the 2016 ACM Workshop on Moving Target Defense
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4570-5
KeywordsCollaboration, composability, control theory, DDoS, game theoretic security, game theory, Human Behavior, Metrics, moving target defenses, pubcrawl, Resiliency, Scalability, security
Abstract

Distributed denial-of-service attacks are an increasing problem facing web applications, for which many defense techniques have been proposed, including several moving-target strategies. These strategies typically work by relocating targeted services over time, increasing uncertainty for the attacker, while trying not to disrupt legitimate users or incur excessive costs. Prior work has not shown, however, whether and how a rational defender would choose a moving-target method against an adaptive attacker, and under what conditions. We formulate a denial-of-service scenario as a two-player game, and solve a restricted-strategy version of the game using the methods of empirical game-theoretic analysis. Using agent-based simulation, we evaluate the performance of strategies from prior literature under a variety of attacks and environmental conditions. We find evidence for the strategic stability of various proposed strategies, such as proactive server movement, delayed attack timing, and suspected insider blocking, along with guidelines for when each is likely to be most effective.

URLhttp://doi.acm.org/10.1145/2995272.2995279
DOI10.1145/2995272.2995279
Citation Keywright_moving_2016