Dynamic game model of botnet DDoS attack and defense

Botnet has become a popular technique for deploying Internet crimes. The command of botnet has evolved into a major way for attackers to launch Distributed Denial of Service attacks on network servers. Modelized analysis methods need to be studied for botnet attacks implements, defense, and prediction. In this paper, we propose a novel game theory-based model to describe the scenario, in which the botmaster launching Distributed Denial of Service attacks using a botnet while the defender equipped a firewall defending. In our model, we consider the following: firstly, the botmaster and the defender can be rational or irrational; secondly, the interaction between the botmaster and the defender is modeled as a dynamic game; thirdly, their supporting or not self-learning databases. We detail the analysis of eight sub-scenarios for the assumptions and give an easy-to-use algorithm for adjustment of offensive and defensive strategy. We use the OPNET to validate our model and its effectiveness. The experiment result shows that our strategy can improve the firewall abilities to lower false alarm rate FR and improve the botmaster lower exposure rate of botnet to avoid detection. Furthermore, the model is helpful to evaluate defense ability of the defender towards current botmaster attacks by analyzing attack log in sandbox. Copyright © 2016 John Wiley & Sons, Ltd.