TY - GEN
T1 - Dynamic game based security framework in SDN-enabled cloud networking environments
AU - Chowdhary, Ankur
AU - Alshamrani, Adel
AU - Pisharody, Sandeep
AU - Huang, Dijiang
N1 - Publisher Copyright:
© 2017 ACM.
PY - 2017/3/24
Y1 - 2017/3/24
N2 - SDN provides a way to manage complex networks by introducing programmability and abstraction of the control plane. All networks suffer from attacks to critical infrastructure and services such as DDoS attacks. We make use of the programmability provided by the SDN environment to provide a game theoretic attack analysis and countermeasure selection model in this research work. The model is based on reward and punishment in a dynamic game with multiple players. The network bandwidth of attackers is downgraded for a certain period of time, and restored to normal when the player resumes cooperation. The presented solution is based on Nash Folk Theorem, which is used to implement a punishment mechanism for attackers who are part of DDoS traffic, and reward for players who cooperate, in effect enforcing desired outcome for the network administrator.
AB - SDN provides a way to manage complex networks by introducing programmability and abstraction of the control plane. All networks suffer from attacks to critical infrastructure and services such as DDoS attacks. We make use of the programmability provided by the SDN environment to provide a game theoretic attack analysis and countermeasure selection model in this research work. The model is based on reward and punishment in a dynamic game with multiple players. The network bandwidth of attackers is downgraded for a certain period of time, and restored to normal when the player resumes cooperation. The presented solution is based on Nash Folk Theorem, which is used to implement a punishment mechanism for attackers who are part of DDoS traffic, and reward for players who cooperate, in effect enforcing desired outcome for the network administrator.
KW - Cloud systems
KW - Distributed Denial of Service (DDoS)
KW - Game theory
KW - Moving Target Defense (MTD)
KW - Software Defined Networking (SDN)
UR - http://www.scopus.com/inward/record.url?scp=85018284080&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85018284080&partnerID=8YFLogxK
U2 - 10.1145/3040992.3040998
DO - 10.1145/3040992.3040998
M3 - Conference contribution
AN - SCOPUS:85018284080
T3 - SDN-NFVSec 2017 - Proceedings of the ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2017
SP - 53
EP - 58
BT - SDN-NFVSec 2017 - Proceedings of the ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2017
PB - Association for Computing Machinery, Inc
T2 - 2017 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, SDN-NFVSec 2017
Y2 - 24 March 2017
ER -