Keywords

1 Introduction

Cyber technology, in contrast to making communication in the wireless network less obtrusive, has made privacy the most “often-cited criticism” [1]. Even though security systems are designed against the attacks of the highly skilled adversaries, they are still vulnerable to cyber threats [2]. Accordingly, advancements in technology have paved way for the growing risk of security concerns that are well exemplified by recent incidents. This list of security incidents is certainly inexhaustive; [3] gives a perception of this growing risk of cybercrimes. Recent studies reveal that defending against sophisticated antagonists is a challenging task which requires not only high technical skills, but also a keen understanding of incentives behind their attacks and different strategies used by them. Thus, being able to defend against and survive cyber attacks is still a great concern. Very aware of that, security researchers have analyzed a wide range of mechanisms for successful deterrence [4].

Of late, security decisions have been scrutinized analytically in a more meticulous way. Decisions made analytically are well grounded and persistent since it can be numerically implemented and checked experimentally with further improvements. Many mathematical models like Decision Theory, Machine Learning, Control Theory, Fuzzy Logic, and Pattern Recognition have been used to model, analyze, and solve the security decision problems. But among all the available approaches, game theory seems very effective whose models pave way for capturing the nature of adversaries related to security problem. Since game-theoretic methods stand out for their obstinacy, they have a striking virtue to anticipate and design defense against a sophisticated attacker, rather than responding randomly to a specific attack [5]. Furthermore, game theory can model issues of risk, trust, and other externalities (such as, beliefs) that arise in security systems.

2 Game Model

Our work focuses on mitigating cyber attacks using game-theoretic approach and validating the game models using network simulator for monitoring the network traffic and mitigating malicious flow. For illustration purpose, DoS/DDoS attacks are considered where the attacking nodes attempt to disrupt the network services by flooding with malicious traffic. The attack scenario is considered with an assumption on the network setting that the defender is uncertain about the normal flow and attack flow. The work presents a game model for the DoS attacks, in the form of interaction between the attacker and defender. In an attack scenario, the network traffic flow rate is given by

$$ T = n\, \times \,r_{n} + a\, \times \,r_{a} $$
(1)

where \( r_{n} \) signifies normal traffic rate for the chosen n legitimate nodes and \( r_{a} \) signifies attack flow rate for the chosen number of a attack nodes. In case there is no defense mechanism in place, it is assumed that \( \theta \) fraction of traffic pass the firewall to reach the destination and \( (1 - \theta ) \) fraction of flow will be dropped without passing through the firewall. For the rate of each packet, \( \theta r \), the average number of normal packets, which are able to reach the server, is given by

$$ n_{avg} = \frac{{n\, \times \,r_{n} }}{{n\, \times \,r_{n} + a\, \times \,r_{a} }} $$
(2)

and the average of legitimate nodes deprived of the network services is estimated as

$$ n_{l} = \frac{{n - n_{avg} }}{n} $$
(3)

The attacker’s objective is to increase \( n_{l} \), which will incur him some cost proportional to a. Accordingly, the attacker’s net expected payoff is given by:

$$ E_{a}\,=\,n_{l} - a $$
(4)

while the defender’s expected payoff is defined as:

$$ E_{d} = - n_{l} + a $$
(5)

Now assume a case where the network is configured with an appropriate defense mechanism such as firewall, which filters the incoming packets depending upon the flow rate X. The rate of filtering is given by fast sigmoid function as:

$$ F(x) = 0.5\, \times \,\left( {(x - X)\, \times \,\left[ {\frac{\delta }{1 + abs(x + \delta )}} \right]} \right)\,+\,0.5 $$
(6)

Thus for the expected rate of normal traffic, the average rate of legitimate packets reaching the server through the firewall is given by

$$ r_{n}^{{\prime }} = r_{n} \, \times \,\left( {1 - F\left( {r_{n} } \right)} \right) $$
(7)

while the average rate of attack flow reaching the server through the firewall is given by

$$ r_{a}^{{\prime }} = r_{a} \, \times \,\left( {1 - F\left( {r_{a} } \right)} \right) $$
(8)

We then compute the attacker’s and defender’s payoff by replacing \( r_{n} \) by \( r_{n}^{{\prime }} \) and \( r_{a} \) by \( r_{a}^{{\prime }} \) in Eqs. (2) and (3). The attacker has to set optimal values for a and \( r_{a} \), and the defender has to set optimal value for X in the fast sigmoid function used by the firewall, in order to maximize their payoffs. The notion of Nash equilibrium is used to determine the equilibrium state of the game which defines the best response strategies of the two players. For the given strategy profile of the two players, \( \left( {r_{a}^{*} , a^{*} , X^{*} } \right) \), the Nash equilibrium is defined to satisfy the following two relations simultaneously.

$$ \begin{array}{*{20}l} {E_{{\left( {r_{a}^{*} , a^{*} , X^{*} } \right)}}^{a} \, \ge \,E_{{\left( {r_{a} ,a,X^{*} } \right)}}^{A} } \hfill & {\forall \;r_{a} ,a } \hfill \\ {E_{{\left( {r_{a}^{*} , a^{*} , X^{*} } \right)}}^{d} \, \ge \,E_{{\left( {r_{a}^{*} , a^{*} , X} \right)}}^{D} } \hfill & {\forall \;X} \hfill \\ \end{array} $$
(9)

The discussed model is made dynamic, which allows the players to change their strategies based on his/her anticipation of the opponent’s behavior. Assuming the game duration as the sequence of k time steps, attacker’s and defender’s total expected payoff, over the entire game, is given by, \( E_{a} = \sum\nolimits_{t = 1}^{k} {E_{a}^{t} } \) and \( E_{d} = \sum\nolimits_{t = 1}^{k} {E_{d}^{t} } \) and denoted by the strategy profile \( \left( {r_{a}^{t} , a^{t} , X^{t} } \right) \) at the tth step \( {\forall }{\text{t}} = 1, \ldots ,\,{\text{k}} \). For the given strategy profile, \( \left( {r_{{a_{t} }}^{*} , a_{t}^{*} , X_{t}^{*} } \right) \), the Nash equilibrium is defined to satisfy the following two relations simultaneously.

$$ \begin{array}{*{20}l} {E_{{\left( {r_{{a_{t} }}^{*} ,a_{t}^{*} ,X_{t}^{*} ,\quad t = 1, \ldots ,k } \right)}}^{a} \, \ge \,E_{{\left( {r_{{a_{t} }} ,a_{t} ,X_{t}^{*} ,\quad t = 1, \ldots ,k} \right)}}^{a} } \hfill & {} \hfill \\ {} \hfill & {\forall \;r_{a} ,a} \hfill \\ {E_{{\left( {r_{{a_{t} }}^{*} ,a_{t}^{*} ,X_{t}^{*} ,\quad t = 1, \ldots ,k} \right)}}^{d} \, \ge \,E_{{\left( {r_{{a_{t} }}^{*} ,\,a_{t}^{*} ,\,X_{t} ,\quad t = 1, \ldots , k} \right)}}^{d} } \hfill & {} \hfill \\ {} \hfill & {\forall \;X} \hfill \\ \end{array} $$
(10)

3 Discussions

Game theory is not about the prescription for the clever strategy but the search for effective decision. What game theory can elucidate is how an interaction proceeds, representation of these interactions as mathematical models that allow a meticulous analysis of the problem, and to help analysts to predict each other’s behavior for real-world attacks and defenses. Attackers have their own selection criteria over their targets and are sound enough to alter their attack strategies based on the available defensive schemes. But traditional security approaches which uses heuristic solutions fail to capture this fact in their decision model and prefer the strategy of the attacker alone as an input to the model. Whereas in game-theoretic model, both the defense strategies and the hacker’s actions are endogenously realized. This signifies that there is the potential for game theory to play a significant role in cyber warfare.