On a Game Theoretic Approach to Detect the Low-Rate Denial of Service Attacks

Abstract

The Low-Rate DoS attacks such as “Shrew” and “New Shrew” attacks, unlike the high rate attacks, are hard for the router to detect. Attackers choose a malicious low-rate bandwidth to exploit the TCP's congestion control window algorithm and the transition time-out mechanism. By using a game theoretic approach, we focus on the best strategy and solution for a computer network to detect the Low-Rate Denial of Service attacks. In our experiments we simulated the network congestion attacks and we proposed a practical solution by using a sigmoid filter. The proposed solution is to create a threshold bandwidth filter at the router that allows a specific bandwidth, so when traffic exceeds the threshold it will be dropped, or if the traffic is below the threshold, it will be redirected to a honeypot server. In our game theory approach, we considered the game players in a static simultaneous game. The defender's strategy is to determine an optimal firewall option to detect the attacker traffic, and the attacker's strategy is to find the low rate to exploit the retransmission time-out mechanism and elude the detector. We calculated the payoff for the each player and for each strategy. We solved the game by finding the Nash Equilibrium where players do not have any profit in using any other strategy. Our experiments and calculations lead to the conclusion that a mixed strategy will the best response for an organization which will be using the proposed approach.