Strategic Defense against Stealthy Link Flooding Attacks: A Signaling Game Approach

Abdullah Aydeger, Mohammad Hossein Manshaei, Mohammad Ashiqur Rahman, Kemal Akkaya

Research output: Contribution to journalArticlepeer-review

27 Scopus citations


With the increasing diversity of Distributed Denial-of-Service (DDoS) attacks, it is becoming extremely challenging to design a fully protected network. For instance, Stealthy Link Flooding Attack (SLFA) is a variant of DDoS attacks that strives to block access to a target area by flooding a small set of links, and it is shown that it can bypass traditional DDoS defense mechanisms. One potential solution to tackle such SLFAs is to apply Moving Target Defense (MTD) techniques in which network settings are dynamically changed to confuse/deceive attackers, thus making it highly expensive to launch a successful attack. However, since MTD comes with some overhead to the network, to find the best strategy (i.e., when and/or to what extent) of applying it has been a major challenge. The strategy is significantly influenced by the attacker's behavior that is often difficult to guess. In this work, we address the challenge of obtaining the optimal MTD strategy that effectively mitigates SLFAs while incurs a minimal overhead. We design the problem as a signaling game considering the network defender and the attacker as players. A belief function is established throughout the engagement of the attacker and the defender during this SLFA campaign, which is utilized to pick the best response/action for each player. We analyze the game model and derive a defense mechanism based on the equilibria of the game. We evaluate the technique on a Mininet-based network environment where an attacker is performing SLFAs and a defender applies MTD based on equilibria of the game. The results show that our signaling game-based dynamic defense mechanism can provide a similar level of protection against SLFAs like the extensive MTD solution, however, causing a significantly reduced overhead.

Original languageEnglish (US)
Article number9328143
Pages (from-to)751-764
Number of pages14
JournalIEEE Transactions on Network Science and Engineering
Issue number1
StatePublished - Jan 1 2021
Externally publishedYes


  • Crossfire attack
  • moving target defense
  • signaling game
  • stealthy link flooding attack

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Computer Science Applications
  • Computer Networks and Communications


Dive into the research topics of 'Strategic Defense against Stealthy Link Flooding Attacks: A Signaling Game Approach'. Together they form a unique fingerprint.

Cite this