首页    期刊浏览 2024年11月24日 星期日
登录注册

文章基本信息

  • 标题:How Resilient is the Internet against DDoS attacks? --- A Game Theoretic Analysis of Signature-based Rate Limiting
  • 本地全文:下载
  • 作者:Wanyu ZANG ; Peng LIU ; Meng YU
  • 期刊名称:International Journal of Intelligent Control and Systems
  • 印刷版ISSN:0218-7965
  • 出版年度:2007
  • 卷号:12
  • 期号:4
  • 页码:307-316
  • 出版社:Westing Publishing Co., Fremont
  • 摘要:

    DDoS attack is a serious threat to the Internet. Although some DDoS attacks with clear signatures can be effectively countered by existing DDoS defense measures, most DDoS attacks without clear signatures (e.g., brute-force DDoS attacks) are very difficult to counter cost-effectively, since the defense system is not clear which packets are DDoS packets and which are not. Although several rate-limiting methods are proposed to counter the unclear signature DDoS attacks, each may drop good packets and their cost-effectiveness are not clearly understood. People would have a more urgent need to understand clearly the impact of the unclear signatures DDoS attacks on their network services. This paper presents a game theoretic analysis of the Internet's resilience against unclear signatures DDoS attacks when signature-based rate limiting is deployed, where (a) countering DDoS attacks is modeled as a Bayesian game, (b) a high volume of simulations is done to compute the Nash equilibria of the game, (c) a family of Nash equilibrium based resilience analyses are done, and (d) the {\em upper} bound of the defense system's resilience under unclear signatures DDoS attacks and which kinds of attacking strategies are more dangerous or more likely to be enforced by the attacker are given in the simulations. Our analysis may substantially improve people's understanding about the nature of (a) the DDoS threat and (b) the defense system's resilience against this threat.

国家哲学社会科学文献中心版权所有