Cost-effective moving target defense against DDoS attacks using trilateral game and multi-objective Markov decision processes

Abstract

Moving Target Defense (MTD) has emerged as a game changer to reverse the asymmetric situation between attackers and defenders, and as one of the most effective countermeasures to mitigate DDoS attacks, shuffling-based MTD has gained ever-growing attention in cyber security. Despite the increased security, frequent shuffles would significantly bring heavy burden to the system. Moreover, most existing work has not adequately considered the impact of MTD techniques on the defender, and especially ignored that on legitimate users. Due to the lack of cost-effective shuffling methods, it is difficult to reach the optimal balance between the performance and overhead associated with the MTD deployment. Building on our preliminary work in this field, we propose a novel cost-effective shuffling method, which involves common users as a trilateral game for strategy generation and resists DDoS attacks with several MTD mechanisms. The novel game model extends our previous work to further describe the interaction among the attacker, the defender and users in detail, and we exploit Multi-Objective Markov Decision Processes to find the optimal MTD strategy by solving the trade-off problem between the effectiveness and cost of shuffling. By designing a trilateral game cost-effective shuffling algorithm, we capture the best MTD strategy and reach a balance between them in a given shuffling scenario. Simulation and experiments on an experimental software-defined network (SDN) indicate that our approach can effectively mitigate DDoS attacks with an acceptable overload, and exhibit better performance than other related and state of the art approaches.