M Wright, S Venkatesan, M Albanese, and MP Wellman
Third ACM Workshop on Moving Target Defense, Oct 2016.
Distributed denial-of-service attacks are a rampant problem facing web applications, for which many defense techniques have been proposed, including several moving-target strategies. Proposed moving-target strategies to prevent denial-of-service attacks typically work by relocating targeted servers over time, increasing uncertainty for the attacker while trying not to disrupt normal users or incur excessive costs. Prior work has not shown, however, whether and how a rational defender would choose a moving-target method against an adaptive attacker, and under what conditions.
We formulate a denial-of-service scenario as a two-player game, and solve a restricted-strategy version of the game using the methods of empirical game-theoretic analysis. Using agent-based simulation, we evaluate the performance of strategies from prior literature under a variety of attacks and environmental conditions. We find evidence for the strategic stability of various proposed strategies, such as proactive server movement, delayed attack timing, and suspected insider blocking, along with guidelines for when each is likely to be most effective.