Moving Target Defense Against DDoS Attacks: An Empirical Game-Theoretic Analysis
Title | Moving Target Defense Against DDoS Attacks: An Empirical Game-Theoretic Analysis |
Publication Type | Conference Paper |
Year of Publication | 2016 |
Authors | Wright, Mason, Venkatesan, Sridhar, Albanese, Massimiliano, Wellman, Michael P. |
Conference Name | Proceedings of the 2016 ACM Workshop on Moving Target Defense |
Publisher | ACM |
Conference Location | New York, NY, USA |
ISBN Number | 978-1-4503-4570-5 |
Keywords | Collaboration, composability, control theory, DDoS, game theoretic security, game theory, Human Behavior, Metrics, moving target defenses, pubcrawl, Resiliency, Scalability, security |
Abstract | Distributed denial-of-service attacks are an increasing problem facing web applications, for which many defense techniques have been proposed, including several moving-target strategies. These strategies typically work by relocating targeted services over time, increasing uncertainty for the attacker, while trying not to disrupt legitimate users or incur excessive costs. Prior work has not shown, however, whether and how a rational defender would choose a moving-target method against an adaptive attacker, and under what conditions. We formulate a denial-of-service scenario as a two-player game, and solve a restricted-strategy version of the game using the methods of empirical game-theoretic analysis. Using agent-based simulation, we evaluate the performance of strategies from prior literature under a variety of attacks and environmental conditions. We find evidence for the strategic stability of various proposed strategies, such as proactive server movement, delayed attack timing, and suspected insider blocking, along with guidelines for when each is likely to be most effective. |
URL | http://doi.acm.org/10.1145/2995272.2995279 |
DOI | 10.1145/2995272.2995279 |
Citation Key | wright_moving_2016 |