Abstract
Some people are attempting to expand the service industry through networking, while others are working to undermine it. These individuals are evil actors whose sole purpose is to disturb the routine services by disrupting networking equipment through different types of attacks. Among them, Distributed Denial of Service Attacks (DDoS) are the most suitable choice of weapon. These attacks can quickly render a service capacity and unavailability of services resulting in massive financial losses. DDoS attacks have continued to expand in frequency, quantity, and intensity despite the availability of wide variety of traditional prevention, detection and mitigation solutions. Traditional solutions are static in nature and lacks a quantitative decision framework. In order to deal with shifting attacker dynamics, we need highly programmable adaptive technologies and a new networking paradigm in the form of software defined networks. In this paper we present a brief review Software-defined networking based solutions along with Game theory based approaches for defending against DDoS attacks.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Avoid common mistakes on your manuscript.
Introduction
As we are heading towards a digitized and interconnected world the, network has become a very crucial part of our day-to-day life. We are completely surrounded by a networking environment. Security of the network is a prominent concern of all time. There has been a lot of advancement in networking equipment, administrative policies and security devices for better functionalities as well as protection of the network. But along with that types of threats and attacking behavior also evolved also with better attacking techniques and attacking weapons. Attacks are carried out to damage network infrastructure, and make service inaccessible to a normal user. Main motive behind the attack is to affect the confidentiality, integrity and availability of services or data which result in loss of money, privacy of data, the reputation of any organization. Among those attack types distributed denial of service attack (DDoS) is one of the most popular attack and continue emerging from past few years. There is tremendous growth in DDoS attack as well as size of attack keep on increasing and it is a matter of concern for the corporate sector as it causes system disruption, service unavailability with huge financial losses. A lot of defensive solution has been provided to deal with DDoS attack but due to changing dynamics of attacking behavior, we require more advancement in defensive mechanism to cope with DDoS attack. In Software-defined networking we have a separate control plane and data plane so it is quite straightforward to control the network. There has been a lot of solution provided for DDoS mitigation based on SDN paradigm. But to study the possibility of different defensive scenarios we came with a game theory concept where we can analyze the strategies of attack and defense and reach a particular solution.
In this paper we have different section discussing various DDoS attack and their solution. In Coming section we are about to discuss Software defined networking (SDN) architecture and then we have a brief discussion about distributed denial of service attack, attack types and most famous DDoS attack. Then we came up with a study regarding SDN-based solution for DDoS mitigation. In later sections we have brief study about Game Theory, classifications of game theory and game theory based solutions in network security for defending DDoS attacks. Some research questions also framed prior to the literature review.
Research questions
This study aims to answer following research question formulated:
-
(1)
How an SDN environment can be used to mitigate distributed denial of service attacks?
-
(2)
What role does game theory play in a distributed denial of service attack prevention, detection, and mitigation?
-
(3)
How frequently has game theory been applied to DDoS attack detection, mitigation, and prevention?
-
(4)
Are strategies based on our assumptions and Nash equilibrium concept is practically implementable?
From many journals and conferences, appropriate data is gathered for our evaluation process. Data must be relevant to our field of study, such as DDoS, Game Theory and SDN. We did our best to present all the pertinent information and justification in the upcoming sections as answers to these research issues.
Theoretical background
In this section we will discuss about software-defined networking and its architecture. How flexible it is to use as a base network and its uses as defensive solutions. We are then going to give an overview of distributed denial of service attack and then conclude the section with SDN-based solution for DDoS defense.
Software-defined networking
The network is a complex web of large number of devices. As a result of their dynamic and complicated nature, building and managing computer networks continue to be difficult. These networks are often made up of a huge number of switches, routers, firewalls, and various types of middleboxes with a variety of events taking place at the same time. Network operators are in charge of designing the network to implement various high-level regulations and responding to a variety of network events (such as traffic changes and intrusions). Because executing these high-level principles involves expressing them in terms of dispersed low-level configuration, network configuration remains extremely challenging. Today’s networks have few or no mechanisms in place to respond automatically to the large range of events that can occur. It is highly difficult to establish and implement new protocols due to proprietary software and closed development in network devices by a few suppliers (Kim and Feamster 2013). SDN is simplified form of networking paradigm that separates network control logic from forwarding logic. SDN centralizes whole networking control in control plane. It is an open technology and flexible as compared to legacy system (Aggarwal and Kumari 2019; Jammal et al. 2014; Mishra and AlShehri 2017). Data plane contains resources that deal with customer traffic, along with required resources, availability and quality. It comprises of various networking equipment which form forwarding engine to transmit traffic. Action performed mainly by data plane are forwarding of data, modification of data packets and dropping data packets. Control plane holds the intelligence system used to take various routing decisions and contain control logic for switching, firewall security etc. (Fig. 1).
Architecture of SDN
Controller is the brain of SDN (Wang et al. 2014). Application layer is an open area for developing various innovative application like load balancing, firewall application, network configuration and security related application. These planes can communicate with each other through various interfaces like southbound interface for data plane and controller, northbound interface for controller and application layer. OpenFlow protocol is used for communication as southbound interface (Hu et al. 2014). The research community has attempted to use SDN's unique qualities to improve security against typical cyber threats, such as DDoS attacks (Kim et al. 2015). Because sophisticated network attacks are becoming more common, legacy security systems are finding it harder to cope with them on their own. SDN applications are able to customize and automate operations in a programmable manner. The biggest impact of SDN is shift from hardware based networking to software dependent networking. But with this there is evolution in cyber threats and complex security issues. Among those cyber threats Distributed Denial of Service attack is one of the devastating attack of history and our area of research for this review paper. In SDN network settings are dynamically programmed and restructured to minimize the likelihood of DDoS assaults. Understanding how to utilize SDN architecture to create a more agile and adaptable network security foundation is the greatest method to harden that line of defense. In the coming section we will discuss about what is DDoS attack and how it is carried? Then we will have a discussion on solution proposed to mitigate DDoS attack.
Distributed denial of service attack (DDoS)
DDoS attacks constitute a significant threat to the Internet, and a number of protection measures have been developed to fight the problem. Attackers are continually altering their tools to get around security systems, while researchers are adjusting their tactics to deal with new threats. The DDoS field is rapidly becoming more complex, to the point that seeing the forest for the trees is becoming increasingly impossible. On the one hand, this makes it difficult to comprehend the DDoS phenomenon (Mirkovic and Reiher 2004). DDoS attack is a malicious attempt to disturb the normal traffic of any server by overflooding the path with illegitimate traffic. Main aim of attack is to make service unavailable for normal users. A DDoS assault is similar to an unannounced traffic congestion obstructing the route, preventing ordinary traffic from reaching its destination (https://www.imperva.com/learn/ddos/denial-of-service). Attackers exploit the weakness of vulnerable machines present in public network by inserting some malicious code and keeping them under their control for carrying illegitimate motives. These machines can be from hundreds to thousands. These machines behaves as agents for attacker and can be called as “zombies” or “botnets” (Aamir and Zaidi 2013).
DDoS attack carrying scenario
Botnets are the core of any DDoS attack. Botnets can be any device from ordinary household system to smart equipment like wearable etc. The consequences of attack could range from simple annoyances caused by disrupted services to entire websites, programs, or even businesses being pulled unavailable (Fruhlinger 2022). Botnets can comprise from a few thousand to millions of machines under the control of hackers. Botnets are used by cybercriminals for a variety of purposes, including spam distribution and ransomware distribution. The millions of gadgets that make up the ever-expanding Internet of Things (IoT) are increasingly being hacked and utilized as part of DDoS botnets. The security of IoT devices is often weaker to that of PCs and laptops. As a result, criminals may be able to take advantage of the devices to build larger botnets (Weisman 2022) (Fig. 2).
DDoS attack carrying scenario
Classification of DDoS attacks
DDoS attack can be classified into various types based of impact of attack, target part of network for attack. Mainly it is classified into three types-volumetric attack, protocol attack, application layer attack (Vishwakarma and Jain 2020). Volumetric attacks volumetric attacks are performed to saturate the internal network capacity (https://www.netscout.com/what-is-ddos/volumetric-attacks). These attacks are launched against a specific target like critical service providers and enterprise customers. It is measured as received bits per second (bps). Protocol attacks This type of attack targets web/DNS/FTP servers, core routers and switches, firewall devices, and LB (load balancers) to interrupt well-established connections while also exhausting the device’s restricted number of concurrent sessions. The number of received packets per second is used to calculate it (PPS). Application layer attack Layer 7 of the OSI Model is where application assaults happen. The majority of applications are susceptible because they have several flaws. Because these sophisticated threats are generated from a small number of attack machines, and because they only generate a low traffic rate that looks to be legitimate to the victim, this form of attack is difficult to detect. The number of received requests per second is used to calculate it (RPS).
Major DDoS attack incidents
Over the years, there have been a significant number of distributed denial of service cyber-attacks. The amount of DDoS attacks isn’t the only thing that's increasing. Botnets—armies of infected devices used to produce DDoS traffic and are growing in size as malicious user get more skilled. The size of DDoS attacks grows in perfect sync with the size of botnets. Most enterprises can be knocked off the internet with a one gigabit per second distributed denial of service assault, but we’re already seeing peak attack sizes of over one terabit per second created by hundreds of thousands or even millions of compromised devices (Nicholson 2022). Ukrainian power distribution service breakout is one of the well-known cyber-attacks. Dyn Attack 2016 By flooding Dyn with malicious traffic it prevents customer of various website getting their services including well known service website like Amazon, GitHub, Twitter and New York Times (Tim 2022; Luo et al. 2019). A “Mirai botnet” was utilised in the Dyn attack, which utilised internet of things (IoT) devices rather than PCs. This method provided the hackers access to a far larger number of devices (between 50,000 and 100,000), including home routers (Scott and Spaniel 2017). GitHub Attack 2018 On February 2018 GitHub was identified with volumetric DDoS attack originated from over a thousands of autonomous systems. A high-performance distributed memory system to greatly multiply the traffic quantities fired at GitHub (Kottler 2022). AWS (Amazon web services) attack 2020 SYN flood attack was observed in AWS servers. The Attackers sent SYN packets to every port and in response to these requests server keep itself busy and not able to respond to a legitimate client’s request (Riley 2022).
Major DDoS attack with size (peak volume)
Attackers nowadays have surpassed traditional defense shields. The research community has attempted to use SDN's unique qualities to improve security against typical cyber threats, such as DDoS attacks. The SDN paradigm on the other hand provides the ability to create efficient methods to DDoS attacks (Bawany et al. 2017) (Table 1).
SDN-based solution for defending DDoS attack
The goal of SDN is to increase a network’s flexibility and adaptability. It uses a centralized controller to enable networks to respond fast to changing network requirements. The SDN controller gives you a clear perspective of your network. Furthermore, the concept of a centralized controller ensures that network configuration is predictable. Lot of methods have been proposed by previous researcher to deal with DDoS attack. In coming section we are about to give a short literature review on SDN-based solutions for defending DDoS attack.
In this work (Giotis et al. 2014) author discussed about scalability issues in controller due to OpenFlow statistics collections. So to deal with DDoS attack their proposed methodology where sFlow-based and OpenFlow both are used collectively. Data packets monitoring is done through sFlow-based whereas once anomaly is detected in system it is mitigated through OpenFlow switches by updating flow rules. Using of both reduce load on controller and also reduce scalability issues as author proved in their work by using this techniques under high volume real data traffic of university campus network. For anomaly detection they can use any statistical anomaly detection, machine learning based anomaly detection and data mining based anomaly detection due to flexible modular architecture. For mitigation purpose, they provide some high priority to entries than any other flow tables and along with that some host related rules to deal with malicious traffic. NOX controller is used here to implement methodology.
In paper (Dillon and Berkelaar 2014) author proposed two detection techniques for malicious packets and temporarily blocking measure. Same as in above work, this author too used OpenFlow statistics for anomaly detection. As controller creates a plot of network utilization for individual flows, author used here history of plots to determine spikes in the data because of unnecessary traffic. Regard to this work traffic mirroring and packet-in communication is used for detection. Mirroring means to sample all the traffic that matches a particular flow that seems to be from attacker. Packet-in channels of communication are used between controller and switch where some flow entry does not find a corresponding match and needs to be forward to controller for further investigation. The Method proposed in this work based on this discussions are analyzing packet symmetry and by temporarily blocking outgoing traffic to detect which source continue to send data without any acknowledgement. RYU-python SDN framework is used here for validation of techniques.
In this work (Chung et al. 2013) researchers provide DDoS mitigation solutions for cloud environment because it is easy to compromise virtual machines for carrying attack. These machines act as zombies for further carrying illegitimate purposes of their masters. In this work they proposed very beneficial architecture Network Intrusion Detection and Countermeasure (NICE) specifically for cloud environment. They deployed lightweight intrusion detection agent for mirroring and analyzing cloud traffic for Scenario Attack Graph (SAG). SAG are designed to depict the ways in which an adversary can exploit vulnerabilities to break into a system. After that SAG will identify vulnerability and based on them administrators will decide whether to put virtual machine in deep inspection state or not. Author also discussed how we can apply programmability of software switches to improve detection accuracy of NICE.
In this work (Lim et al. 2014) author proposed a DDoS blocking application implemented over the controller and for validation purposes they used POX controller. The Author stated that doing anomaly detection just on the bases of traffic statistics is difficult. This scheme requires communication between the controller over which application is running and server under protection. Whenever new request from the client came it is matches with flow entries of table and if no match found it is reported to controller for create a new table of flow entry. Using DBA new flow entries at each flow switches is monitored for investigating whether there are chances of attack or not. So in this technique communication happen between switch and controller along with DBA application and server for running the mitigation technique. When client is distinguished as bot ‘drop’ action is applied in flow table for that particular entries from client. Here author suggested that for protecting server there should be less communication between controller and server so that SDN can protect server transparently inside it.
Most of the times attackers try to generate traffic that looks exactly similar to legitimate traffic so it is not easy to differentiate attack traffic and non-attack traffic. Therefore lot of methods proposed to deal with DDoS attack based on traffic exploration. Another method proposed by author are based on bandwidth limiting like in paper (Piedrahita et al. 2015) researcher implemented congestion avoidance scheme with help of bandwidth limiting. Here FlowFence architecture is proposed that make use of controller and network routers to keep track of usage level of their interfaces. Whenever congestion state is detected router send information to controller and then controller command router to limit the bandwidth usage on congested path. Flows with higher bandwidth utilization than an acceptable usage are fined with a reduction proportional to the difference between the current and fair usages. To validate the technique POX controller is used in this work. In (Xu et al. 2017) author proposed base program scheme where he force controller (OpenDaylight) to assign static flow entries to switch to test its capacity. Here they observed communication breakdown after 15,000–20,000 flow entries due to small size of memory in switches. Again in an experimentation they inject a new flow attack to check amount of communication happen between controller and switches. By calculating Asynchronous messages and Controller-to Switch messages they estimate the consumption of control links. Smart security mechanism (SSM) is presented that reuse the asynchronous messages to mitigate attack through dynamic access control.
In the subject of DDoS defense, there are many more options. SDN gives networking equipment programmability and abstraction, making it simple to apply solution approaches beside it. It introduces the idea of interoperability with existing systems. Some of the other DDoS mitigation method proposed by the research community till now are given below (Table 2).
Because of their uniqueness, these technologies have proven to be extremely effective. Honeypots are a type of decoy device used to attract attackers and to observe the activity of unauthorized users. There are many more alternatives available when it comes to DDoS protection. Honeypots come in a variety of sophistication based on your organization’s demands, and they can be a valuable line of defense for detecting attacks early. Lot of work has been conducted in integrating honeypot with existing system for mitigation of attack. Similarly rate limiting is applied to limit network traffic for controlling malicious bot’s activities. As technology advances, new paradigms such as MTD are offered (moving target defense). MTD introduces the concept of IP address randomization and continual attack surface shifting, reducing the window of opportunity for attackers and increasing the cost of attacking efforts. Another method is IP traceback produce positive outcomes like observing attack path and monitoring related packets with same illegitimate motives. After an attack has been recognized, this traceback can be carried out. While each tagged packet only indicates a portion of the route it has travelled, a victim can recreate the complete assault path by combining a small number of such packets. Along with them machine learning techniques like Naïve Bayes, Support Vector Machines (SVM) and Decision Trees can also be applied to detect DDoS attack. But it is difficult to choose proper data from dataset and feature selection is also a challengeable work. Now to move towards the dynamic concepts for defending system the research community makes extensive use of game theory. In coming section we are about to discuss fundamental concepts of game theory and how it is applied in networking field to fight with an attack specifically DDoS attack that is incredibly detrimental. We will discuss solution proposed by authors based on Game theory and how effective they are with present attack scenarios.
Defending strategic decision for DDoS attack: introduction to game theory
In this section we will discuss about game theory and solutions for defending DDoS attack based on game theory. Because of the mathematical and micro-economical aspects involved in a real-world attack scenario, game theory has sparked the interest of researchers and network security engineers. Studying models based on game theory (or other models that apply to human interaction) may also offer suggestions on how to alter our behavior to enhance our own strategies. A network attack always and often involves interactions between two or more network agents (players) with contrasting and competitive interests. These network agents can act as both an attacker and a defender. The probability of a successful attack is determined by the strategic interactions of the players. As a result, whenever there is a strategic interaction between two or more players, a game is established. In an attack scenario, both players must decide on their best response in order to optimize their rewards (Kumar and Bhuyan 2019).
Fundamental concepts of game theory
Game theory is a science that uses a variety of models, just like other sciences. An abstraction that helps us make sense of our experiences and observations is known as model. Multi-person decision scenarios are described by game theory as games in which each player chooses actions that result in the best possible bonuses for self while anticipating the rational actions of other players. Main entity of game theory is the player who make decision and then perform actions (Mohammad and States 2020). The Game is a scenario that depicts strategic interaction between players and rewards or payoffs functions for every action taken. Different game theory techniques can be used to do tactical analysis of threat choices provided by a single attacker or an organized group. The ability to assess the vast number of possible threat scenarios in the cyber system is an essential idea in game theory (Roy et al. 2010). It is a theory of rational choices. The course of action selected by a decision-maker is at least as excellent as each alternative course of action in terms of her preferences. We give terms used in game theory for a basic knowledge of the subject as follows:
-
Game: Interactions between participating entities (players) whose payoff is affected by decisions of others.
-
Players: These are participating entities of game and can be hacker, cyber attacker, defender, network policy manager or any organization.
-
Action: Strictly defined behaviors players has to choose between games.
-
Payoffs: Amount gained or lost by any player for successful or unsuccessful attempt in game.
-
Strategy: Specific move or set of actions opted by any players.
-
Optimal Strategy: Strategy that most benefit a player.
-
Dominant Strategy: Most beneficial strategy.
-
Nash Equilibrium: This is a decision making theorem in game theory where player don’t receive any incremental outcome after changing strategies because they have to stick to the original strategy.
Taxonomy of game models
There are different types of games based on information provided to players (Mesquita 2017). Cooperative games are those where players are associated with each other through contracts or laws. Non cooperative games are those where players do not form any alliances with each other. Under cooperative games Zero sum and Non-Zero sum games are highly applied in networking. In Zero Sum games no wealth is created nor destroyed and whatever is the gain of one player is the loss of another player. In Non-Zero sum game one’s gain is not other’s loss and they have individual losses and gains. Other types of games are symmetric and asymmetric games where symmetric games are in which player’s identity are changed without changing their payoffs. Asymmetric games are those where non identical strategies are present for players. Static games are game in which a player opt for any decision without any knowledge of decision made by another player before making their own decision. Dynamic games are games in which player moves sequentially and every player is maximizing their payoffs. Other categories of game theory perfect & imperfect information game (Alpcan and Bas 2004a, b; Lye and Wing 2002; Xiaolin et al. 2008; Bloem et al. 2004). In various proposed papers different authors applied suitable game scenarios on networking issues. When we talk about the complete information game here players are fully aware about other player’s payoffs and actions. Whereas in incomplete information game players are not aware about the opponent’s action and payoffs rather they assume and form expectations about other’s behavior (Xiaolin et al. 2008; Nguyen 2009; Zhengyou and Siyong 2003). For detailed studies of game theory go through (de Mesquita 2017). Hacker’s activities in cyberspace have expanded dramatically, and they've been causing damage by exploiting loopholes in information infrastructure. For the past few decades, the research community has made significant efforts to secure networks and connected equipment. Researchers have recently begun investigating the applicability of game theoretic techniques to cyber security issues and have presented a number of competing solutions. Game theory offers significant perspectives, concepts, and approaches for dealing with cyberspace's ever-changing security concerns (Fig. 3).
Classification of games
In coming section we will discuss game theory solutions proposed by different authors for distributed denial of service attack mitigation. Game theory is a defensive strategy for modelling DDoS attack. Here we consider attacker and defender as different player and whatever attacking and defending actions they carry against each other is considered as strategies. For every successful action both are getting reward depend on the action, whether it is from attacker side or defender side. And for unsuccessful attempt they have to pay payoffs. Probability values are attached with every action and strategy. On bases of final calculation of values Nash Equilibrium is established for validation of various models. The Nash equilibrium is a game theory decision-making theorem that argues that if a player sticks to their starting strategy, they will attain the desired result. When considering the decisions of other players, each player’s strategy is optimal in the Nash equilibrium. Every player wins because they all achieve the result they want. A game may have multiple Nash equilibrium or none at all (Chen 2022).
Solutions proposed for defending DDoS attack based on game theory
Previously a lot of work has been conducted in this field. Lot of research paper has been published in this field, but their main criteria is DDoS mitigation through any mean whereas focus of our review study is to include review of paper that are game theory based specifically. It is true that identification and mitigation of DDoS attacks remains a difficult task since traffic is so concentrated on network hops that it is hard to differentiate attack packets from regular traffic. So we are about to discuss work of various author in field of DDoS attack defensing solution with the help of game theory (Fig. 4).
Game theory scenario to defend DDoS attack
Network attacks generally required involvement of two or more entities like attackers, defenders and legitimate users. When there is a fair interaction among them or they have opposite and competing interests with each other we can formulate a game scenario there to study the whole interaction and best responses from each other during attacks. By applying the concept of game theory, we can define the action space of these competing parties and calculate their utility functions, attack cost and defending cost to maximize the benefits obviously for defending parties as they are working for the welfare of society in some way compared to cyber fraudsters. Inspired by the applications of game theory in 2019, Kumar and Bhuyan (2019) proposed two-player zero-sum game. They did pre-assumptions before applying mathematical modelling to the scenario that attacker should choose proper size of botnet and favorable attack rate per flow so that if the reward values they are getting for attack are higher than the cost of carrying attack they will choose to attack otherwise they refrain themselves from launching such costlier attack. On the other side for defenders they must have optimum threshold value set for carrying traffic such that legitimate users should not be devoid of their best services. There is a trade-off analysis between both competing parties. Network topology considered by author is composed of edge router, bandwidth estimator, honeypot and server. Poisson distribution is used for modelling attack traffic. Average available bandwidth computation is done by techniques available in Kumar and Bhuyan (2019). MATLAB is used for numerical calculations and result verification. Results were in the favors of the proposed strategy. The Author concluded that bandwidth can never be saturated or congested if we have more than 6% of average available bandwidth and attack can be avoidable. Decisions related to pass, drop or redirecting any flows is taken based on threshold value. Drawback of applying gaming scenarios and mathematical modelling is that network devices are not dynamically adaptive so these kind of things are not considered while developing game model but these features somehow disturb the effectiveness of technique.
Guo et al. (2008) in their work proposed a Non-Zero sum differential game model to determine how defender deal with attacker’s strategy. Author tried to form balance between the speed of propagation of worm that cause botnet formation and configuration of resources by defenders. The Defender configures resources based on the speed of worm propagation during DDoS attacks in order to maximize profit while also taking into account the number of Bots controlled by the Attacker. This is result improve the survival of server.
Bedi et al. (2011) in their work proposed static game model to find proper optimal firewall setting for allowing useful traffic and banning undesirable traffic in system. GIDA (Game inspired defense architecture) module is deployed in topology section at gateway module for dealing with TCP flows whether they are friendly flows or not. Network setting is divided into different phases as (TS) represent target server and (HP) represent honeypot. Now traffic can be allowed to go through different interfaces towards target server or towards honeypot or dropped entirely. Honeypot is primarily used here for flow redirection and learning attacker’s behavior. The GIDA Module consists largely of two primary components: a Game Decision Agent and a Firewall. The Game Decision Agent analyses incoming flows using game theory and computes relevant defensive decisions, which are then implemented via the firewall. The steps that the defender can take to prevent attacks are covered by the GIDA Module's decisions Agent on incoming flow for preventing attack on (TS) target server. Validation of results drawn from mathematical modelling are performed by MATLAB.
Liu et al. model (2019) proposed low rate DDoS attack mitigation model using game theory. Game model applied is zero-sum. Due to the large numbers of IoT nodes it is easy to carry low rate attacks because sending rate is so small and not easily detectable. Similarly in 2020, Duo and Wang (2020) proposed game model for industrial IoT device security from DDoS attacks. SDN enabled programmable system is adopted to manage IIoT devices. Because SDN allows the network to be automated and centrally managed, IIoT devices can be swiftly configured all over the world. SDN's intrinsic scalability enables the rapid addition of new IIoT devices, and the dynamic response mechanism significantly decreases IIoT risk. But this is also problematic as hackers nowadays uses IoT devices to launch DDoS attack. Millions of IoT devices can now be converted into bots to launch attack. Moreover this keep SDN controller at the risk of failure. After getting attacked now SDN controller can work as a puppet for attacker for further attacking more IIoT devices. Intrusion detection system (IDS), firewalls and filtering kind of procedure has been implemented to prevent DDoS attack but with increased attack size or large network activities of trillion of bytes, it is not easy to manage as they deplete the cache of IDS. So the author proposed game model integrated with traditional honeypot for dealing with high rate DDoS attack. The Author proposed multistep strategy for dealing with attacker. Firstly when attacker is attacking the system he is not sure about whether he is attacking the real server or honeypot. After recognizing server as honeypot, on attacker side author proposed Anti-honeypot strategy. Anti-honeypot strategy states that attacker will first recognize whether there is honeypot in the system, secondly the type of honeypot either it is low-interaction honeypot or high-interaction honeypot. Now in this gaming scenario when defender’s turn came author proposed pseudo-honeypot game strategy that indicates that honeypot can now be used as source of service for legitimate users as well as attackers opt for attacking this server so that honeypot is now able to decoy the attackers successfully and reduce the payoffs (δ) of attackers. After calculating Bayesian Nash Equilibrium for proposed strategies it is concluded that pseudo-honeypot strategy is the dominant strategy for such kind of scenarios.
In 2021, Zhang (2021) gave a defending strategic decision framework for defending DDoS attack. In literature author suggested that defenders are thought to choose fixed probability in past research, however this is impossible because the impact of an attack varies with size, as do the costs and benefits of defending decisions. Therefore in his work he came up with dynamic game model along with cost–benefit function attached. Author uses the theory of differential stability to find the condition of local stability of equilibrium condition for defenders. After examining the theorems and outcomes of mathematical analysis in the end author concluded that if we have defensive measures like firewalls on user side, or keeping defensive software update time to time we can reduce probability of infection (β) and time for carrying attack (τ) as proved in proposed theorem. This theoretical framework can further be applied in advance persistent threat modelling (Panahnejad and Mirabi 2022), honeypot defense on dynamic DDoS attack and for smart grid also.
In 2021, Wan and Coffman (2021) gave a non-cooperative non-zero sum game model for protecting cloud services from DDoS attacks. In this model cloud service provider and attacker are two players whereas user is passive entity. Follow dynamic approach by considering customers as they shouldn’t be devoid of services provided by the cloud whenever encountering attack. The Attackers try to maximize the loss of legitimate request to induce great economic losses. Cloud service providers can opt for high priority traffic through service level agreements and keep benefiting the customers after having attack. Similarly He et al. (2021) (Sun et al. 2020) proposed game theory solution in edge computing where problem is formulated as constraint optimization issue so that edge server must not exceeds its processing limit. Main aim is to balance attack volume among different edges of cloud.
Chen et al. (2022) proposed Bayesian game model for link flooding attacks (LFA). Attack can directly be blocked and provide defenders specific countermeasures to expand their utilities. Priyadarsini et al. (2022) provide security frame work specially for SDN controller. Signaling game model is develop for controller protection from DDoS attack. Trust based attack detection module (TCAD) placed in controller calculate trust value of every coming packets and based on trust value vulnerability measurement scale is developed. This scale determine risk factor associated with packet. For mitigation purpose if packet vulnerability measurement exceeds risk factor value then controller generates flow rules for discarding the packet.
Chowdhary et al. (2017) in their work form a dynamic game based on reward and punishment mechanism. Used greedy algorithm approach to solve optimization issue. Algorithm is able to deal with attack based on alerts generated at SDN controllers. Li et al. (2019) presented a distributed honeypot approach with mutable services. Formed a Bayesian Nash equilibrium by using honeypot as service provider and services keep on shuffling after some time can be proved as effective measure in handling attacks.
In this work, Zhou et al. (2019) proposed a cost effective shuffling method to tackle DDoS attack through moving target defense. He discovers in the literature that when utilizing MTD, we continue to shuffle attack surfaces, which results in overheads. Since there hasn’t been any previous research on this topic, he offers an economical game model that effectively uses MTD while frequently rearranging attack surfaces. The proposed technique in this work is concentrated on lowering overhead during port rerouting, dynamically changing IP addresses, and service migration to another VM, so that the cost acquired via this work should be less than the cost an attacker must spend to carry out an attack. The effectiveness of the strategy used to counteract the hostile activities of the attacker is demonstrated by the quantitative evaluation of the game's payoff for the defence. The SDN testbed is utilized for validation purpose. Additionally, the author provided a comparison of the suggested method with earlier random shuffling algorithms and shown that CES is the best at minimizing overhead by lowering defending costs relative to the attacker’s costs.
In another work (Wu and Wang 2018) for IoT systems, a collaborative security detection mechanism is provided using game theory tactics. The adversary between the defenders and attacker can be treated as an interactive game because the attacker is a rational human. Every IoT node has a centralized detection mechanism in place, and in order to make the best detection decisions, they all need to share local profiles. Establishment of Nash equilibrium through game theoretic examination suggest that every IoT node will implement same detection rule as per central detector algorithm. System of 50 IoT nodes and 297 edges is used for simulation. Game theory interaction proved to be effective in this scenario and as part of the attacker and defender's strategy sets, common detection threshold are chosen. Another game theory based intrusion detection and prevention system developed for defending DDoS attack (Govindaraj et al. 2021). Here system scenario under attack is implemented as signaling zero-sum game. The suggested system was simulated using NS-3, and it obtained detection rates of 80% and prevention percentages of 90%.
Kakkad and his co-researchers in their paper (2019) conducted a review study of game theory applied in cyber security. They concluded that due to an increase in cyberattacks like SQL injection and denial of service, game theory is heavily researched and in demand in the research community. Game theory contributes in the formulation of the tactics that the administrators’ team will use to defend against these attacks. According to this study, game theory research is still in its infancy. Its scope can be expanded by incorporating various game theory models along with mathematical ideas.
One of the most significant and effective methods for solving security problems in computer science is game theory. We can only analyse a game model for any type of cyber issue using mathematical equations and symbols. But in order to put these formulated game theory results into practice, various technological elements are required to validate these outcomes. In order to validate the results, correct network configurations may be used in small-scale simulation. To ensure proper implementation and use of the chosen measures, many conventional measures have been combined with game theory. Game theory is a kind of analytical setting applied to attack scenarios, individually game theory is just a decision framework for defending policies. But to implement analytical decisions and mathematical modelling setups game theory is integrated with various traditional mitigation measures.
Analysis of game theoretic approaches for DDoS attack mitigation
See Table 3.
Integration of game theory with conventional approaches for implementation of developed strategies
One of the most significant and effective methods for solving security problems in computer science is game theory. We can only analyse a game model for any type of cyber issue using mathematical equations and symbols. But in order to put these formulated game theory results into practice, various technological elements are required to validate these outcomes. In order to validate the results, correct network configurations may be used in small-scale simulation. To ensure proper implementation and use of the chosen measures, many conventional measures have been combined with game theory. Game theory is a kind of analytical setting applied to attack scenarios, individually game theory is just a decision framework for defending policies. But to implement analytical decisions and mathematical modelling setups game theory is integrated with various traditional mitigation measures. We concluded that game theory alone cannot be applied to networking problems based on the literature review we conducted and the articles we reviewed. Validation calls for traditional security measures that allow us to interact with values and obtain favourable outcomes. The ways for guarding against attacks and coping with cyber terrorism are highlighted in the graphic below that combines traditional tactics with game theory (Fig. 5).
Game theory integrated with conventional approaches
Discussions & findings in literature review
By using game theory concepts we can analytically analyze game scenarios and frame cost–benefit analysis for all the participating entities. Dynamic protection and optimal strategies can be designed, moreover we can manage the burdens of underlying architecture for better outcomes. After performing analysis whatever experimental suggestion we have obtained from it we can apply them along with traditional ways of defense. Most of the time game formulation leads to conclusion that equilibrium state can decide for best benefits and how frequently the authorities take actions like restricting an alleged insider and migrate the clients to other server. Along with that to manage the forwarding functionality of routers and to slower down the burden of switching devices we implement controller based networking that is to be integrated with game theory aspects and increase the utility of defenders. These techniques can be integrated with traditional mitigation solutions. Conclusion drawn after applying particular model can be implemented on various commercial solutions like firewalls, antiviruses software and intrusion detection/prevention system.
We read various research and review publications for our literature review. Our work demonstrates how game theory is applied in numerous ways to counteract DDoS attacks. Figure 6 shows a distribution where game theory-based solution was primarily used for prevention followed by detection and mitigation.
Pie chart distribution to show out of reviewed articles how many articles provide solution to DDoS among three ways: prevention, mitigation and detection
By using game theory concepts we can analytically analyze game scenarios and frame cost–benefit analysis for all the participating entities. Dynamic protection and optimal strategies can be designed, moreover we can manage the burdens of underlying architecture for better outcomes. After performing analysis whatever experimental suggestion we have obtained from it we can apply them along with traditional ways of defense. Most of the time game formulation leads to conclusion that equilibrium state can decide for best benefits and how frequently the authorities take actions like restricting an alleged insider and migrate the clients to other server. Along with that to manage the forwarding functionality of routers and to slower down the burden of switching devices we implement controller based networking that is to be integrated with game theory aspects and increase the utility of defenders. These techniques can be integrated with traditional mitigation solutions. Conclusion drawn after applying particular model can be implemented on various commercial solutions like firewalls, antiviruses software and intrusion detection/prevention system.
It’s difficult to be a cyber-security defender since they have to deal with constantly shifting attack scenarios. In order to prevent access into their system, they must develop dynamic solutions. An attacker, on the other hand, simply needs to find a single defect, a tiny gap in the firewall, to break through complete intricate defenses. Because of the unequal engagement between attackers and system defenders, this is the most difficult problem to solve. Traditional solutions are inherently static and take a direct approach to dealing with attacks. The science of game theory is built on the foundation of dominating strategy. Malicious actors with a dominating strategy can have an impact on the system because being dominant means that they will win in the end or reach their objectives regardless of genuine users and defenders. Defenders are constantly at disadvantage since a single failure might result in disaster. Administrators are unaware of when an attack will occur and are unable to respond due to attacker’s dynamic activity and a lack of a powerful security system. We may use game theory to bring deception to the next level by using decoys and lures, because if our opponents are acting unfairly, why shouldn’t we? Using game theory, we can create models to study how attackers and defenders engage in complicated cyber security crises (Nguyen 2009). As a result, whenever attackers interrupt the system's operation and the normal flow of processes, defenders can respond in any language, be it unfair or fair. If game theory is used to predict attacker strategies, it can also be used to create clever cyber deception systems. Deception will assist the organization while decreasing the attackers’ utility. Important game theoretic concepts and their implementations to protect against distributed denial of service attacks are highlighted in the above mentioned work. These are some of the game theory based work conducted in network security for mitigation of DDoS attack. In actuality, determining the offensive plans of both attackers and defenders is impossible, but in some instances, such as cloud services, there may be a third player, the customer, who is not directly involved in the game but does influence its modelling.
In traditional security methods we cannot dynamically switch our defending decisions but in case of game theory we are free to adopt any strategy that is cost effective because in game model scenarios before applying the decision we can test them whether they are beneficial, adoptable or not at all. We can perform mathematical calculations by claiming certain probabilistic function with every action attached with players can be defenders and attackers. Game theory provide us platform to learn the behavior of attacker and check all the possibilities of attack and their defending measures theoretically before simulating in actual environment (Li et al. 2019). Several security methods, such as traffic screening, congestion control, trace-backing, validation, or hybrid detection mechanisms, are recommended to defend networks against DDoS attacks, but they impose a computational or memory cost on networked devices and are not proactively flexible. In the modelling of defense mechanisms, these methods omit the design of such incentives. The main problem is that the attack scenario must be modelled in the form of games. Prior to launching a DoS/DDoS attack, attackers are more rational, economically oriented, technically sophisticated, and do a cost–benefit analysis. So to take all those things into consideration and all impacting factor we have to model our problem as in the form of game. It is also difficult to decide which particular game model should be opt for regarding issue. Many times information regarding attacks are not complete or relevant. Therefore game theory based solution are current interest of research community of any field. The idea that decision-makers are rarely totally rational is one of the objections levelled at game theory when used to simulate decision-making. Additionally, players don’t fully understand each other’s payoffs and strategic decisions. Therefore, it is challenging to represent the decision-making process using a few equations and parameters. We must specifically take into account decision-makers’ informational constraints and learning characteristics while tackling network security issues. This necessitates that the degree and accuracy of the information that each player may get be evaluated with particular attention. The majority of recent network security studies concentrate on system models and their equilibrium analysis. Moreover our study determines that the concept of equilibrium in the game is determined by the optimality of any strategies that is practical for both participating players.
Formulation of networking issue as a gaming scenario is difficult process because sometimes the authors are not able to process the thought world of the attacker. During game formulation some system parameters are neglected that might cause inaccurate equilibrium or unstable strategy. Implementation of the game theory based defensive strategies on underlying hardware and software might cause burden on system. Some of the traditional approaches are incompatible with game theory and integration of traditional approaches with game theory is a matter of research.
Conclusion
In this paper we did a discussion on defending solutions of Distributed denial of service attack. Attack trends keep on changing with time, size of attacks vary too and techniques for carrying attacks are also altering. So it is the need of time to come up with advanced solutions for defending attack with dynamic approaches as static ones are not sufficient to tackle new generation DDoS attack. In above section we discussed about how SDN is helpful in defending DDoS attack. As SDN brought concept of centralization of the whole network so it is quite easy to defend attacks by updating flow rules. Again by using the concept of game theory, we can formulate varieties of strategies of different legitimate and illegitimate users by considering them as players before actually applying these strategies on simulated environment. Game theory is vastly recommended for formulation of defending strategic decisions for Distributed denial of service attack. Game theory can also be used to create clever cyber deception systems. Deception will assist the organization while decreasing the attacker’s utility. Important game theoretic concepts and their implementations to protect against distributed denial of service attacks are highlighted in the above mentioned work. We discussed existing solution approaches based on SDN and find that these solutions are somewhere lagging with time and needs to cope up with the defending criteria of advanced DDoS threats, whereas game theory based solutions proved to be a dynamic approach as we can examine all possible strategies before applying them in simulated environment just by theoretical observations.
References
Aamir, M., Zaidi, M.A.: A survey on DDoS attack and defense strategies: from traditional schemes to current techniques. Interdiscip. Inf. Sci. 19(2), 173–200 (2013). https://doi.org/10.4036/iis.2013.173
Aggarwal, Y., Kumari, U.: Software defined networking : basic architecture & its use in enterprise. In: International Conference on Computing: Communication, Network and security (2019). https://doi.org/10.13140/RG.2.2.29261.69605
Alpcan, T., Bas, T.: A game theoretic analysis of intrusion detection in access control systems. pp. 1568–1573 (2004a)
Alpcan, T., Bas, T.: An intrusion detection game with limited observations (2004b)
Amadi, E.C., et al.: Anti-DDoS firewall; A zero sum mitigation game model for distributed denial of service attack using linear programming. In: IEEE 4th International Conference on Knowledge-Based Engineering and Innovation, pp. 27–36 (2017)
Bawany, N.Z., Shamsi, J.A., Salah, K.: DDoS attack detection and mitigation using SDN: methods, practices, and solutions. Arab. J. Sci. Eng. 42(2), 425–441 (2017). https://doi.org/10.1007/s13369-017-2414-5
Bedi, H.S., Roy, S., Shiva, S.: Game theory-based defense mechanisms against DDoS attacks on TCP/TCP-friendly flows. In: IEEE SSCI 2011: Symposium Series on Computational Intelligence—CICS 2011: 2011 IEEE Symposium on Computational Intelligence in Cyber Security, pp. 129–136 (2011). https://doi.org/10.1109/CICYBS.2011.5949407
Bloem, M., Alpcan, T., Başar, T.: Intrusion response as a resource allocation problem. In Proceedings of the IEEE Conference on Decision and Control. Institute of Electrical and Electronics Engineers Inc. pp. 6283–6288 (2006). https://doi.org/10.1109/cdc.2006.376981
Chen, J.: Nash equilibrium. https://www.investopedia.com/terms/n/nash-equilibrium.asp The Nash equilibrium is a decision-making theorem within game, the decisions of other players. Accessed 16 Mar 2022
Chen, X., Feng, W., Luo, Y., Shen, M., Ge, N., Wang, X.: Defending against link flooding attacks in Internet of Things: a Bayesian game approach. IEEE Internet Things J. 9(1), 117–128 (2022). https://doi.org/10.1109/JIOT.2021.3093538
Chowdhary, A., Alshamrani, A., Pisharody, S., Huang, D.: Dynamic game based security framework in SDN-enabled cloud networking environments. In: SDN-NFVSec 2017—Proceedings of the ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2017, pp. 53–58 (2017). https://doi.org/10.1145/3040992.3040998
Chung, C., Member, S., Khatkar, P., Xing, T.: NICE: network intrusion detection and countermeasure. IEEE Trans. Depend. Secur. Comput. 10(4), 1–14 (2013)
de Mesquita, B.B.: An introduction to game theory. Princ. Int. Politics (2017). https://doi.org/10.4135/9781506374550.n4
Dillon, C., Berkelaar, M.: OpenFlow (D) DoS Mitigation. no. D, pp. 1–17 (2014) [Online]. Available www.delaat.net/rp/2013-2014/p42/report.pdf
Distributed denial of service attack (2021). https://www.imperva.com/learn/ddos/denial-of-service. Accessed 7 Mar 2022
Dong, S., Sarem, M.: DDoS attack detection method based on improved KNN with the degree of DDoS attack in software-defined networks. IEEE Access 8, 5039–5048 (2020). https://doi.org/10.1109/ACCESS.2019.2963077
Du, M., Wang, K.: An SDN-enabled pseudo-honeypot strategy for distributed denial of service attacks in industrial internet of things. IEEE Trans. Ind. Inform. 16(1), 648–657 (2020). https://doi.org/10.1109/TII.2019.2917912
Feinstein, L., Schnackenberg, D., Balupari, R., Kindred, D.: Statistical approaches to DDoS attack detection and response. In: Proceedings—DARPA Information Survivability Conference and Exposition, DISCEX 2003, vol. 1, pp. 303–314 (2003). https://doi.org/10.1109/DISCEX.2003.1194894
Fruhlinger, J.: DDoS attacks: definitions, examples and techniques (2022). https://www.csoonline.com/article/3648530/ddos-attacks-definition-examples-and-techniques.html. Accessed 8 Mar 2022
Gadze, J.D., Bamfo-Asante, A.A., Agyemang, J.O., Nunoo-Mensah, H., Opare, K.A.-B.: An investigation into the application of deep learning in the detection and mitigation of DDOS attack on SDN controllers. Technologies 9(1), 14 (2021). https://doi.org/10.3390/technologies9010014
Giotis, K., Argyropoulos, C., Androulidakis, G., Kalogeras, D., Maglaris, V.: Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput. Netw. 62(February 2016), 122–136 (2014). https://doi.org/10.1016/j.bjp.2013.10.014
Government, T., Kong, H., Administrative, S., & The, R.: Honeypot security, (February) (2008)
Govindaraj, L., Sundan, B., Thangasamy, A.: DDoS attacks using a 2-player Bayesian game theoretic approach. In: 4th International Conference on Computing and Communication Technology, pp. 319–324 (2021)
Guo, R., et al.: DG-based active defense strategy to defend against DDoS. In: Proceedings—2008 International Conference on Multimedia and Ubiquitous Engineering, MUE 2008, vol. 1, pp. 191–196 (2008). https://doi.org/10.1109/MUE.2008.53
He, Q. et al.: A game-theoretical approach for mitigating edge DDoS attack. IEEE Transactions on Dependable Security Computing, pp. 1–16 (2021). https://doi.org/10.1109/TDSC.2021.3055559
Hu, F., Hao, Q., Bao, K.: A survey on software-defined network and OpenFlow: from concept to implementation. IEEE Commun. Surv. Tutor. 16(4), 2181–2206 (2014). https://doi.org/10.1109/COMST.2014.2326417
Jammal, M., Singh, T., Shami, A., Asal, R., Li, Y.: Software-defined networking: state of the art and research challenges (2014). https://doi.org/10.48550/arXiv.1406.0124
Jing, Y., Wang, X., Xiao, C., Zhang, G.: Defending against meek DDoS attacks by IP traceback-based rate limiting. In: GLOBECOM—IEEE Global Telecommunications Conference, no. 60373021 (2006). https://doi.org/10.1109/GLOCOM.2006.283
Kakkad, V., Shah, H., Patel, R., Doshi, N.: A comparative study of applications of game theory in cyber security and cloud computing. Procedia Comput. Sci. 155(2018), 680–685 (2019). https://doi.org/10.1016/j.procs.2019.08.097
Khattab, S.M., Sangpachatanaruk, C., Mossé, D., Melhem, R., Znati, T.: Roaming honeypots for mitigating service-level denial-of-service attacks. In: Proceedings—International Conference on Distributed Computing Systems, vol. 24, pp. 328–337 (2004). https://doi.org/10.1109/icdcs.2004.1281598
Kim, H., Feamster, N.: Improving network management with software defined networking. IEEE Commun. Mag. 51(2), 114–119 (2013). https://doi.org/10.1109/MCOM.2013.6461195
Kim, J., Daghmehchi Firoozjaei, M., Jeong, J.P., Kim, H., Park, J.S.: SDN-based security services using interface to network security functions. In: International Conference on ICT Convergence 2015: Innovations Toward the IoT, 5G, and Smart Media Era, ICTC 2015, pp. 526–529 (2015). https://doi.org/10.1109/ICTC.2015.7354602
Kottler, S.: Feb 28 DDoS incident report. https://techcrunch.com/2018/03/02/the-worlds-largest-ddos-attack-took-github-offline-for-less-than-tens-minutes/. Accessed 7 Mar 2022
Kumar, B., Bhuyan, B.: Using game theory to model DoS attack and defence. In: Sadhana—Academy Proceedings in Engineering Sciences, vol. 44, no. 12, pp. 1–12 (2019). https://doi.org/10.1007/s12046-019-1228-4
Li, Y., Shi, L., Feng, H.: A game-theoretic analysis for distributed honeypots. Future Internet (2019). https://doi.org/10.3390/fi11030065
Lim, S., Ha, J., Kim, H., Kim, Y., Yang, S.: A SDN-oriented DDoS blocking scheme for botnet-based attacks. In: International Conference on Ubiquitous and Future Networks, ICUFN, pp. 63–68 (2014). https://doi.org/10.1109/ICUFN.2014.6876752
Liu, G., Quan, W., Cheng, N., Zhang, H., Yu, S.: Efficient DDoS attacks mitigation for stateful forwarding in Internet of Things. J. Netw. Comput. Appl. 130(November 2018), 1–13 (2019). https://doi.org/10.1016/j.jnca.2019.01.006
Luo, X., Yan, Q., Wang, M., Huang, W.: Using MTD and SDN-based honeypots to defend DDoS attacks in IoT. In: 2019 Computing, Communications and IoT Applications, 2019, pp. 392–395 (2019). https://doi.org/10.1109/ComComAp46287.2019.9018775
Lye, K., Wing, J.: Game strategies in network security (2002)
Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 34(2), 39–54 (2004)
Mishra, S., AlShehri, M.A.R.: Software defined networking: research issues, challenges and opportunities. Indian J. Sci. Technol. 10(29), 1–9 (2017). https://doi.org/10.17485/ijst/2017/v10i29/112447
Mohammad, S.M., States, U.: Performance evaluation of different SDN controllers. J. Emerg. Technol. Innov. Res. 11(4), 204–217 (2020). https://doi.org/10.5281/zenodo.4742771
Nguyen, K.C.: Security games with incomplete information. In: IEEE ICC 2009 Proceedings (2009)
Nicholson, P.: Five famous DDoS attack and then some. A10 (2022). https://www.a10networks.com/blog/5-most-famous-ddos-attacks/. Accessed 8 Mar 2022
Panahnejad, M., Mirabi, M.: APT-Dt-KC: advanced persistent threat detection based on kill-chain model. J. Supercomput. 78(6), 8644–8677 (2022). https://doi.org/10.1007/s11227-021-04201-9
Patil, R.Y., Ragha, L.: A dynamic rate limiting mechanism for flooding based distributed denial of service attack. IET Conf. Publ. 2012(CP652), 135–138 (2012). https://doi.org/10.1049/cp.2012.2512
Piedrahita, A.F.M., Rueda, S., Mattos, D.M.F., Duarte, O.C.M.B.: FlowFence: a denial of service defense system for software defined networking. In: 2015 Global Information Infrastructure and Networking Symposium, GIIS 2015, pp. 1–6 (2015). https://doi.org/10.1109/GIIS.2015.7347185
Priyadarsini, M., Bera, P., Das, S.K., Rahman, M.A.: A security enforcement framework for SDN controller using game theoretic approach. IEEE Trans. Depend. Secur. Comput. 5971(c), 1–16 (2022). https://doi.org/10.1109/TDSC.2022.3158690
Riley, D.: AWS attack mitigation. https://siliconangle.com/2020/06/17/aws-mitigated-record-breaking-2-3-tbps-ddos-attack-february/. Accessed 8 Mar 2022
Roy, S., Ellis, C., Shiva, S., Dasgupta, D., Shandilya, V., Wu, Q.: A survey of game theory as applied to network security. In: Proceedings of the Annual Hawaii International Conference on System Sciences, pp. 1–10 (2010). https://doi.org/10.1109/HICSS.2010.35
Scott, Sr., I.J., Spaniel, D.: Rise of the machines: the Dyn attack was just a practice run. In: 2017 ICIT Winter Summit, vol. 1, no. 1, p. 62 (2016). Available http://icitech.org/wp-content/uploads/2016/12/ICIT-Brief-Rise-of-the-Machines.pdf
Sengupta, S., Chowdhary, A., Sabur, A., Alshamrani, A., Huang, D., Kambhampati, S.: A survey of moving target defenses for network security. IEEE Commun. Surv. Tutor. 22(3), 1909–1941 (2020). https://doi.org/10.1109/COMST.2020.2982955
Sochor, T., Zuzcak, M.: Study of internet threats and attack methods using honeypots and honeynets. Commun. Comput. Inform. Sci. 431, 118–127 (2014). https://doi.org/10.1007/978-3-319-07941-7_12
Steinberger, J., et al.: DDoS defense using MTD and SDN. In: IEEE/IFIP Network Operations and Management Symposium: Cognitive Management in a Cyber World, NOMS 2018, pp. 1–9 (2018). https://doi.org/10.1109/NOMS.2018.8406221
Sun, Y., Ji, W., Weng, J., Zhao, B.: Overview on MTD technology based on game theory. MATEC Web Conf. 309, 02012 (2020). https://doi.org/10.1051/matecconf/202030902012
Tim, G.: How Dyn attack unfold? (2022). https://www.networkworld.com/article/3134057/how-the-dyn-ddos-attack-unfolded.html. Accessed 8 Mar 2022
Vishwakarma, R., Jain, A.K.: A survey of DDoS attacking techniques and defence mechanisms in the IoT network. Telecommun. Syst. 73(1), 3–25 (2020). https://doi.org/10.1007/s11235-019-00599-z
Volumetric DDoS attack. https://www.netscout.com/what-is-ddos/volumetric-attacks. Accessed 8 Mar 2022
Wan, K., Coffman, J.: Game-theoretic modeling of DDoS attacks in cloud computing. ACM Int. Conf. Proc. Ser. (2021). https://doi.org/10.1145/3468737.3494093
Wang, F., Wang, H., Lei, B., Ma, W.: A research on high-performance SDN controller. In: 2014 International Conference on Cloud Computing on Big Data, CCBD 2014, pp. 168–174 (2014). https://doi.org/10.1109/CCBD.2014.41
Weiler, N.: Honeypots for distributed denial-of-service attacks. In: Proceedings of the Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, WETICE, vol. 2002-January, pp. 109–114 (2002). https://doi.org/10.1109/ENABL.2002.1029997
Weisman, S.: What is DDos? (2022). https://us.norton.com/internetsecurity-emerging-threats-what-is-a-ddos-attack-30sectech-by-norton.html. Accessed 8 Mar 2022
Wright, M., Venkatesan, S., Albanese, M., Wellman, M.P.: Moving target defense against DDoS attacks. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 93–104 (2016). https://doi.org/10.1145/2995272.2995279
Wu, H., Wang, W.: A game theory based collaborative security detection method for internet of things systems. IEEE Trans. Inf. Forensics Secur. 13(6), 1432–1445 (2018). https://doi.org/10.1109/TIFS.2018.2790382
Xiaolin, C., Xiaobin, T., Yong, Z., Hongsheng, X.: A Markov game theory-based risk assessment model for network information system. Princ. Int. Politics (2008). https://doi.org/10.1109/CSSE.2008.949
Xu, T., Gao, D., Dong, P., Zhang, H., Foh, C.H., Chao, H.C.: Defending against new-flow attack in SDN-based Internet of Things. IEEE Access 5(c), 3431–3443 (2017). https://doi.org/10.1109/ACCESS.2017.2666270
Yan, G., Lee, R., Kent, A., Wolpert, D.: Towards a Bayesian network game framework for evaluating DDoS attacks and defense. In: Proceeding of the ACM Conference on Computer and Communication Security, pp. 553–566 (2012). https://doi.org/10.1145/2382196.2382255
Yang, L., Zhao, H.: DDoS attack identification and defense using SDN based on machine learning method. In: Proceedings—2018 15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018, no. 1, pp. 174–178 (2019). https://doi.org/10.1109/I-SPAN.2018.00036
Zhang, C.: Impact of defending strategy decision on DDoS attack. Complexity (2021). https://doi.org/10.1155/2021/6694383
Zhengyou, X., Siyong, Z.: A Kind of network security behavior model based on game theory. IEEE Access (2003). https://doi.org/10.1109/PDCAT.2003.1236458
Zhou, Y., Cheng, G., Jiang, S., Hu, Y., Zhao, Y., Chen, Z.: A cost-effective shuffling method against DDoS attacks using moving target defense. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 57–66 (2019). https://doi.org/10.1145/3338468.3356824
Zhou, Y., Cheng, G., Jiang, S., Zhao, Y., Chen, Z.: Cost-effective moving target defense against DDoS attacks using trilateral game and multi-objective Markov decision processes. Comput. Secur. (2020). https://doi.org/10.1016/j.cose.2020.101976
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Rathore, S., Bhandari, A. Review of game theory approaches for DDoS mitigation by SDN. Proc.Indian Natl. Sci. Acad. 88, 634–650 (2022). https://doi.org/10.1007/s43538-022-00126-w
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s43538-022-00126-w