Tushar Deshpande, Panagiotis Katsaros, Scott A. Smolka, and Scott D. Stoller

The Domain Name System (DNS) is an Internet-wide, hierarchical naming
system used to translate domain names into numeric IP addresses. Any
disruption of DNS service can have serious consequences. We present a
formal game-theoretic analysis of a notable threat to DNS, namely the
*bandwidth amplification attack* (BAA), and the countermeasures
designed to defend against it. We model the DNS BAA as a two-player,
turn-based, zero-sum *stochastic game* between an attacker and a
defender. The attacker attempts to flood a victim DNS server with
malicious traffic by choosing an appropriate number of *zombie*
machines with which to attack. In response, the defender chooses among
five BAA countermeasures, each of which seeks to increase the amount of
legitimate traffic the victim server processes. To simplify the model and
optimize the analysis, our model does not explicitly track the handling of
each packet. Instead, our model is based on calculations of the rates at
which the relevant kinds of events occur in each state. We use our
game-based model of DNS BAA to generate optimal *attack strategies*,
which vary the number of zombies, and optimal *defense strategies*,
which aim to enhance the utility of the BAA countermeasures by combining
them in advantageous ways. The goal of these strategies is to optimize the
attacker's and defender's *payoffs*, which are defined using
probabilistic reward-based properties, and are measured in terms of the
attacker's ability to minimize the volume of legitimate traffic that is
processed, and the defender's ability to maximize the volume of legitimate
traffic that is processed.