A Game Theory Model for Detection and Mitigation of Ddos Attacks on Web Servers
Amadi, E. C.
MetadataShow full item record
Distributed Denial of Service (DDoS) attacks are very common in the world of internet today. Attackers are now quicker in launching such attacks because they have sophisticated and automated DDoS attack tools which require minimal human effort. The attack aims to deny or degrade normal services for legitimate users by sending huge network traffic so as to the victim to exhaust services, connection capacity or the bandwidth. In this work, game theory concept was used to develop a mitigation mechanism against DDoS attacks on web servers. The mitigation approach presented in this work was achived using six steps which include: developing the game solution approach using game theory and linear programming, writing the PHPSIM script, developing a two-way mitigation approach using a python script and IPtable rules. A game matrix generated using network parameters was solved using a simplex solver known as PHPSIM and the output used to set the python script and IPtable rules. The mitigation script was then tested extensively on a live test bed. The mitigation technique developed in this work is known as the Anti-DDoS firewall. A zero sum game model that represents an attacker(s) and a defender (firewall) strategies was developed using linear programming operation research technique. A game matrix was simulated for connection between 10 and 50. The game model was simulated using a Hypertext Pre-processor (PHP) simplex script known as PHPSIM which was developed using the simplex algorithm. The best strategy the firewall can adopt to defend against DDoS attack was then determined from the output of the PHPSIM simulation. A positive game value was gotten which shows that the game favours the firewall. The strategies X1, X2, X3, X4, and X5 corresponding to the firewall settings at 10, 20, 30, 40 and 50 connections respectively for a sending rate of 3/s were obtained. The strategy X5 with the highest value of 0.6 from the game matrix solution is the best strategy for the firewall. This value corresponds to a maximum connection value of 50 while maintaining the sending rate at 3/s. The output of the game solution was used to control a mitigation script/firewall mechanism that is used to reduce the effect of DDoS attack on port 80/443 of a web server system. The Anti-DDoS mitigation technique was developed using Python and IPtabel rules. The mitigation approach was tested extensively on a live test bed comprising of kali Linux machines. It was observed that the mitigation approach was able to drop considerable amount of rouge packets while limiting the number of connections to 50 for all connections thereby allowing legitimate users access to the server. Setting maximum number of connection at other strategies shows a clear drop in the number of packets allowed into the network which implies lower payoff. The result shows that the Anti-DDoS firewall mitigation mechanism, DDoS attacks can be efficiently mitigated. The mitigation mechanism should be implemented on the company’s edge router or directly on the server to be protected.