Multi-objective game for fighting against Distributed Reflection DoS attacks in software-defined network
Distributed Reflection Denial of Service (DrDoS) attack represents one of the most significant threats to network security. This cyber-attack exploits vulnerabilities in existing protocols by using a botnet to send forged query packets to more than one device which are used as reflectors. As a resul...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Elsevier
2025-07-01
|
| Series: | Array |
| Subjects: | |
| Online Access: | http://www.sciencedirect.com/science/article/pii/S2590005625000372 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850118790742802432 |
|---|---|
| author | Vianney Kengne Tchendji Mthulisi Velempini Priva Chassem Kamdem |
| author_facet | Vianney Kengne Tchendji Mthulisi Velempini Priva Chassem Kamdem |
| author_sort | Vianney Kengne Tchendji |
| collection | DOAJ |
| description | Distributed Reflection Denial of Service (DrDoS) attack represents one of the most significant threats to network security. This cyber-attack exploits vulnerabilities in existing protocols by using a botnet to send forged query packets to more than one device which are used as reflectors. As a result, a stream of replies is sent to a victim node or subnet which overwhelms it. Several security measures have been proposed to counter such attacks, unfortunately, most of them do not consider the attacker’s dynamics. Furthermore, limiting the growth of the botnet could significantly reduce the impact of such an attack. In this paper, we leverage the advantages of software-defined networks (SDN) to propose a game-theoretic approach that predicts the defender’s best moves based on Nash strategies to mitigate this attack while avoiding botnet expansion. This approach is a non-cooperative multi-objective game between the attacker which aims to (1) compromise more nodes to scale the volume of its attack, (2) launch a volumetric-based DrDoS in the network, and the defender which aims to avoid it. This game results in a mixed-strategy Pareto-Nash equilibrium. It includes a player utility-based algorithm to detect malicious flows (or nodes) and drop them (or patch them). The results of the Matlab simulation show that the proposed model is an effective means of mitigating DrDoS attacks. To the best of our knowledge, this study is the first attempt to design a defense system based on multi-objective game to counter the effects of DrDoS in SDN. |
| format | Article |
| id | doaj-art-f1d9704a07b24f58a2ff707b3c563d7d |
| institution | OA Journals |
| issn | 2590-0056 |
| language | English |
| publishDate | 2025-07-01 |
| publisher | Elsevier |
| record_format | Article |
| series | Array |
| spelling | doaj-art-f1d9704a07b24f58a2ff707b3c563d7d2025-08-20T02:35:47ZengElsevierArray2590-00562025-07-012610041010.1016/j.array.2025.100410Multi-objective game for fighting against Distributed Reflection DoS attacks in software-defined networkVianney Kengne Tchendji0Mthulisi Velempini1Priva Chassem Kamdem2Department of Computer Science, University of Limpopo, Mankweng, PO Box 0727, South Africa; Corresponding author.Department of Computer Science, University of Limpopo, Mankweng, PO Box 0727, South AfricaDepartment of Mathematics and Computer Science, University of Dschang, Dschang, PO Box 67, CameroonDistributed Reflection Denial of Service (DrDoS) attack represents one of the most significant threats to network security. This cyber-attack exploits vulnerabilities in existing protocols by using a botnet to send forged query packets to more than one device which are used as reflectors. As a result, a stream of replies is sent to a victim node or subnet which overwhelms it. Several security measures have been proposed to counter such attacks, unfortunately, most of them do not consider the attacker’s dynamics. Furthermore, limiting the growth of the botnet could significantly reduce the impact of such an attack. In this paper, we leverage the advantages of software-defined networks (SDN) to propose a game-theoretic approach that predicts the defender’s best moves based on Nash strategies to mitigate this attack while avoiding botnet expansion. This approach is a non-cooperative multi-objective game between the attacker which aims to (1) compromise more nodes to scale the volume of its attack, (2) launch a volumetric-based DrDoS in the network, and the defender which aims to avoid it. This game results in a mixed-strategy Pareto-Nash equilibrium. It includes a player utility-based algorithm to detect malicious flows (or nodes) and drop them (or patch them). The results of the Matlab simulation show that the proposed model is an effective means of mitigating DrDoS attacks. To the best of our knowledge, this study is the first attempt to design a defense system based on multi-objective game to counter the effects of DrDoS in SDN.http://www.sciencedirect.com/science/article/pii/S2590005625000372Cyber securityDistributed Reflection Denial of ServiceDomain Name SystemGame theorySoftware-defined network |
| spellingShingle | Vianney Kengne Tchendji Mthulisi Velempini Priva Chassem Kamdem Multi-objective game for fighting against Distributed Reflection DoS attacks in software-defined network Array Cyber security Distributed Reflection Denial of Service Domain Name System Game theory Software-defined network |
| title | Multi-objective game for fighting against Distributed Reflection DoS attacks in software-defined network |
| title_full | Multi-objective game for fighting against Distributed Reflection DoS attacks in software-defined network |
| title_fullStr | Multi-objective game for fighting against Distributed Reflection DoS attacks in software-defined network |
| title_full_unstemmed | Multi-objective game for fighting against Distributed Reflection DoS attacks in software-defined network |
| title_short | Multi-objective game for fighting against Distributed Reflection DoS attacks in software-defined network |
| title_sort | multi objective game for fighting against distributed reflection dos attacks in software defined network |
| topic | Cyber security Distributed Reflection Denial of Service Domain Name System Game theory Software-defined network |
| url | http://www.sciencedirect.com/science/article/pii/S2590005625000372 |
| work_keys_str_mv | AT vianneykengnetchendji multiobjectivegameforfightingagainstdistributedreflectiondosattacksinsoftwaredefinednetwork AT mthulisivelempini multiobjectivegameforfightingagainstdistributedreflectiondosattacksinsoftwaredefinednetwork AT privachassemkamdem multiobjectivegameforfightingagainstdistributedreflectiondosattacksinsoftwaredefinednetwork |