Mitigating DDoS attacks with an intrusion detection and prevention system based on 2-player Bayesian game theory

Abstract

Distributed Denial of Service (DDoS) attacks are very dangerous to the availability and security of networks, so they need improved ways to be stopped. This article suggests a new way to fight DDoS attacks that uses Intrusion Detection and Prevention Systems (IDPS) and 2-Player Bayesian Game Theory. Traditional IDPSs often have trouble responding quickly to changing attack tactics, which makes them less effective as defenses. The suggested structure, on the other hand, imagines the attacker and defense interacting as a Bayesian game. This lets them make proactive choices and come up with flexible ways to respond.The system uses Bayesian reasoning to describe the attacker’s actions and plans’ doubt, which lets it better assess the threat and decide how to respond. By constantly changing probability distributions based on what it sees attackers doing and what it sees defenders doing, the IDPS can quickly and effectively change its defenses to deal with new threats. The strategy contact between the attacker and the defense adds a competition factor that makes attackers less likely to start DDoS attacks by making them more expensive and risky. The proposed method works to stop different kinds of DDoS attacks while reducing the number of fake positives and negatives through a lot of simulations and experiments.