Deception-based game theoretical approach to mitigate DoS attacks

Abstract

Denial of Service (DoS) attacks prevent legitimate users from accessing resources by compromising availability of a system. Despite advanced prevention mechanisms, DoS attacks continue to exist, and there is no widely-accepted solution. We propose a deception-based protection mechanism that involves game theory to model the interaction between the defender and the attacker. The defender’s challenge is to determine the optimal network configuration to prevent attackers from staging a DoS attack while providing service to legitimate users. In this setting, the defender can employ camouflage by either disguising a normal system as a honeypot, or by disguising a honeypot as a normal system. We use signaling game with perfect Bayesian equilibrium (PBE) to explore the strategies and point out the important implications for this type of dynamic games with incomplete information. Our analysis provides insights into the balance between resource and investment, and also shows that defenders can achieve high level of security against DoS attacks with cost-effective solutions through the proposed deception strategy.