Content uploaded by Aakif Mairaj
Author content
All content in this area was uploaded by Aakif Mairaj on Sep 29, 2020
Content may be subject to copyright.
Game Theoretic Strategies for an Unmanned Aerial Vehicle Network Host
Under DDoS Attack
Aakif Mairaj, Subhrajit Majumder, and Ahmad Y. Javaid
Abstract— Game theory involves the mathematical model-
ing of the strategic interaction between rational entities. One
such example is the interaction between a hacker and the
defense mechanisms of its target. There have been dierent
kinds of attacks on an Unmanned Aerial Vehicle (UAV
or drone) Network (UAVNet) or a Flying ad hoc network
(FANET) in the recent past. The rational solution to such
problems is identifying the strategies that can be chosen by
the attacker, and selecting a defensive response that is most
apt and intelligent while considering all the choices that a
target’s defensive mechanisms can make. This paper is an
attempt to identify a game like situation, when a single
UAV is under a DDoS attack, while a genuine UAVNet is
trying to communicate with it. Two dierent cases of this
common attack are simulated, namely, UDP ooding, and
ICMP (Ping) ooding. In both cases, the intensity of these
attacks is gauged with dierent choices made by the attacker
and the target alike. Finally, the decisions that are conducive
to the attacker and the victim are identied.
I. Introduction
Game theory is the study of mathematical models
of the interaction between the conict and coopera-
tion among rational decision-making entities [1]. Since
the early 1970s, it has been considered a signicant
breakthrough in the eld of economics. Furthermore,
it has found applications in sociology and psychology,
epistemology, evolutionary biology, articial intelligence,
politics, etc [2]–[4]. The participants involved in the
interaction behave rationally, are allowed to play as an
individual or a team and called players. Each decision of
the players is based on what will provide the maximum
prot to them. The gain or payos are the numbers that
denote the ’motivations’ of players [1]. The rules of the
game dene the moves available to each player: they can
be the result of a choice or made by chance. Usually, the
games are put in a context of two-player interaction, and
once the entire strategic plan is in action during dierent
situations that might arise within the game, this is where
both players arrive at their decisions, and an outcome is
reached. This outcome is termed as the equilibrium or
solution of the game [5]. To understand the interaction
between the players in a game, let’s consider an example
of a zero-sum game that involves the participation of
two players, where one player’s gain is another player’s
loss [6], [7]. For instance, Table I shows a payo matrix
*This work was not supported by any organization
All authors are with the Department of Electrical Engineering
and Computer Science, The University of Toledo, OH, USA,
43606, USA. Email: {aakif.mairaj, subhrajit.majumder, ah-
mad.javaid}@utoledo.edu
TABLE I: A two-player zero-sum game
Bob
X Y Z Maximin
Alice A4 20 6 4
B18 12 10 10
Minimax 18 20 10
Solution
for a zero-sum game played between Alice and Bob. Alice
can play the strategies A and B, while Bob has strategies
X, Y, and Z in its prole. The numerical values represent
the payos. To solve the game, Minimax and Maximin
principles are used. The interaction is competitive, and
it involves the following steps [7]:
1) In Minimax strategy, the player minimizes its
maximum loss (Calculate the Minimum values from
each row).
2) In Maximin strategy, the player maximize its
minimum gain (Calculate the Maximum value from
each column).
3) Find the maximum of minimum values (maxmin)
and a minimum of the maximum (minmax) values,
if that matches, it is the solution of the game (see
Table I). It is a payo that is simultaneously a row
minimum and a column maximum.
This above example had only one solution, and hence
it is a case of pure strategy game. In contrast, some
games can have more than one solution; they are called
mixed strategy games, where each strategy is played with
a certain probability [8]. The other common names for
the solution of the game are Saddle Point [9] and Nash
Equilibrium [10]. Usually, the solution of the game is a
state where neither of the players has an incentive to
change their strategy, and it is a point in the interaction
where no player can benet by changing their move while
the other players keep their strategies unchanged [11].
Similarly, the solution in the above example is a state in
a game where no single agent can obtain a better payo
by deviating unilaterally from this junction.
A similar state is possible if a remotely operated UAV
or a UAV-Network is attacked through a Distributed
Denial of Service (DDOS), Jamming, or another access
control attack [12]–[15]. In such a situation, the attacker
intends to cause maximum damage such as gaining
access, causing a crash, or stealing useful information.
2019 International Conference on Unmanned Aircraft Systems (ICUAS)
Atlanta, GA, USA, June 11-14, 2019
978-1-7281-0332-7/19/$31.00 ©2019 IEEE 120
Meanwhile, the defense mechanisms try to prevent the
severity of the attack through varying specic commu-
nication parameter of the victim-drone or the genuine
network that is trying to communicate with the hacker’s
target. In this work, two most common DDoS attacks,
UDP and ICMP (Ping) Flooding, are simulated and
studied to identify the possible game like interactions
between the malicious network (Botnet) and the victim.
The eects of dierent parameters are studied to de-
duce a conguration suitable to the hacker, and what
parameters are conducive for the defense mechanism of
the target UAV. The simulations were carried out in
the UAVSim simulator [16], [17] keeping in view the
similarities between the traditional ad hoc networks and
FANETs. The drones considered for these simulations
were particularly the consumer drones, where the ports
used for the communication could be utilized by the
hackers to compromise the information and launch a
Denial of Service (DoS) attack. These attacks can halt
the video streaming, or cause physical damage to the
drones or the environment [12].
A. DDoS Attack
The purpose of any DoS attack is to prevent access to
a legal service [18], while as the DDoS is performed at a
much larger scale by utilizing several machines [19]. Some
of the common methods of launching a DDoS attack
include ooding using common network protocol packets
such as User Datagram Protocol (UDP), Internet Control
Message Protocol (ICMP), Ping, Network Time Protocol
(NTP), and Hypertext Transfer Protocol (HTTP) [20].
In this work, the discussion is conned to the UDP and
ICMP (or ping) ooding.
1) UDP ooding: UDP ooding is a DoS attack where
the Botnet overwhelms the ports on the victim’s machine
with UDP packets. On receiving the packets, the victim’s
machine searches for the applications associated with
these UDP datagrams and responds with a ”Destination
Unreachable” message. This back and forth exchange
of messages happens continuously with attacker ma-
chines, and the victim node becomes unresponsive to
the legitimate requests [21]. User Datagram Protocol
(UDP) is a connectionless and sessionless networking
protocol. Unlike TCP protocol, UDP trac doesn’t
require a three-way handshake. It is an ideal protocol for
applications such as online gaming, voice or VoIP [22].
The data loss in such applications would not aect the
perceived quality severely. This property, on the other
hand, makes the protocol vulnerable because of the lack
of initial Handshake, which is essential for establishing
a genuine communication. With such vulnerability, an
attacker can send volumes of ”best eort ”data trac
across the UDP channels. The frequency with which this
attack is conducted can be attributed to the absence of
the built-in mechanism to control the UDP ood, and
the requirement of fewer resources [20]–[22].
2) ICMP (Ping) ooding: Ping (or ICMP) ooding
is a DoS attack where the attacker sends incessant
ICMP echo-request packets to overwhelm the victim’s
machine. This causes the target to become unavailable to
legitimate trac. When this attack comes from multiple
sources, the attack becomes a DDoS attack [23]. Ping
message sends ICMP packets to test the availability of
a node in a network. While executing Ping ooding,
these ICMP packets are exploited by sending a ood of
ping ’echo requests’ from a large number of ’zombies’
or ’bots’ spread throughout the network. The target
responds with ICMP Echo Reply packets, this saturates
the outgoing bandwidth and incoming bandwidth. This
cripples the network, and the victim is deemed unable to
respond to other genuine requests because of its inability
to handle the huge number of ’echo requests’ [24], [25].
II. Related Work
Several studies have been performed to identify a
better defense mechanism against a DDoS attack using
game theory. For example, a recent work proposes a
deception-based security mechanism using game theory
model for interactions between the defender and the
attacker [26]. The goal of the defender is to nd the
best possible conguration to prevent attackers from
launching a DoS attack while providing service to a
recognized network economically. In such an environ-
ment, honeypots were used. Furthermore, another group
of researchers have demonstrated the DDoS attack as a
Bayesian game played among the attacker, the system,
and the legitimate users [27]. In this work, for every
pair of strategies of the attacker and the target, the
payos are dependent on the bandwidth occupied by
the Botnet, the bandwidth used by the recognized users,
and the costs of attacking and defending. In the examples
presented by the authors, every participant attempts to
maximize its prot against all possible moves chosen
by the opponent. Similarly, another work demonstrates
the use of game theory against the prevention of DDoS
attacks where the attackers attempt to create congestion
in bottleneck network links [28]. A design model was
proposed to determine the best defense strategy for the
defender in such attack scenarios. The methods were
presented with the help of numerical computation and
simulations using DeterLab.
In another work, the authors have modeled the DDoS
attack as a non-cooperative, zero-sum game [29]. They
demonstrate that there exists a single optimal strategy
available to the defender. By adopting it, the defender
sets an upper boundary to the attacker’s payo, which is
achievable only if the attacker is a rational participant.
For all other attack strategies undertaken by irrational
entities, the attacker’s payo will be lower than this
boundary. These simulations were validated in NS-2
network simulator, and the results replicated the ana-
lytical model parameters, thus conrming the accuracy
of the proposed models. These models can be helpful
121
for the network managers and security administrators
to improve rewall performance if the system is under
the DDoS attacks.
Likewise, another work utilizes game theory model to
explain the attack on the Cloud of things (CoT), the at-
tacker tries to use minimum set and energy consumption
of IoT attack devices to occupy the maximum number
of bandwidth resources in a given period, while as the
defender attempts to minimize false alarms [30]. This
game theory model is a non-cooperative and repeated
incomplete information game, where Nash equilibrium
is existent. In such a situation the strategy for each
stage of the attack is to adjust the attack link number
dynamically based on the compared results of value and
turning point for each period. Meanwhile, the targeted
host changes the threshold value dynamically, based on
the analyzed results of the Load harm of a DDoS attack.
NS-3 simulated network was utilized to validate the
eciency of this model.
In [31], the authors propose a non-cooperative game-
based model against a DoS attack on vehicular networks.
The set of strategies are limited - attacker has the
freedom to either continue or stop the attack. While
the target vehicle can either continue its motion in a
particular direction or change its course to run away
from the attacker.
In another recent work, authors model the interaction
between the attacker and the defender as a two-player
non-zero-sum game for two DoS attack scenarios: (1)
one single attacking node and (2) multiple attacking
nodes [32]. The defender node aims to nd the best
possible rewall settings to hinder the malicious trac
while communicating with the genuine nodes. Here the
worst case scenario is considered, in which the attacker
aims to identify the most eective sending rate or
Botnet size (No of nodes). Authors have proposed static
and dynamic game interactions to compute the Nash
equilibrium - The models were validated using NS-3. In
addition to the above work, another recent work has done
DDoS attack simulation and analysis for a connected
automated vehicle using OMNeT++, however, this work
didn’t use game theoretic strategy and only focused on
the analysis of eects on the vehicular network [33].
III. The Proposed Method
For the simulation of an attack on a network, a testbed
or a simulator is needed. Since there are existing simula-
tors for Wireless Sensor Networks (WSNs) and dierent
types of ad-hoc networks, it is essential to choose a
simulator that’s suitable for FANETs. Therefore, such
simulator should have the following properties [13], [16]:
1) Adjustable speed for all the UAVs.
2) Allow simulations with dierent mobility models.
3) Possess a good GUI.
4) Accurate networking models.
5) Module for graphical result analysis.
UAVSim is an OMNeT++ based networking simulator
that meets these requirements [16], [34], and all the
simulations in this work were performed after making
certain modications in several .ini les. Creating a
game-like scenario requires the identication of the steps
that can be taken by the participants to maximize their
payo. Since it is competitive (Non-Cooperative), the
prot of one is the loss of the opponent. Therefore, to
form a game, specic procedures are followed in a step-
wise manner. First, we identify the competing agents
(Botnet and Target UAV). Second, we choose suitable
strategies for both the participants. For example, in
our work, simulations related to UAVNets were carried
by changing dierent parameters. The eect of each
parameter on the payo was plotted to identify how
friendly they are for the attacker or the victim.
A. UDP based DDoS attack
Out of all possible choices, we selected the message
length, send interval, and the number of nodes as change-
able parameters for the attacker. On the other hand, only
ports were selected as choices for the target. The purpose
was to identify the relationship between these parameters
and the packet delivery of the legitimate data. These
results were obtained for a UDP-based DDoS attack,
and the parameters were changed for a certain range
of values. The network chosen for these simulations is
shown in gure 1. The number of nodes in the Botnet
may vary, e.g., gure 1 shows three nodes (Q, R and
S). To get a better understanding of the relationship
between each parameter and payo, only one parameter
was varied, while others were kept constant. To begin
with, message length was selected as a variable, and
send interval was kept constant, and only one node
was included in the Botnet. After varying the message
length between 300-800 Bytes, it was found that the
increase in the message length improves the payo of
the attacker, as shown in gure 2a. Similarly, in another
set of simulations, the values of the message length and
number of nodes were kept xed at 1000 Bytes and
a single node while send interval was varied between
.00001 −1sexponentially. It was found that the packet
delivery increased with an increase in the value of send
interval, as seen in gure 2b.
Likewise, in the third set of simulations, the number of
nodes was increased, and their eect on the missed ratio
was noted while keeping the message length and the send
interval to be constant, i.e., 1000B and .01s respectively.
gure 2c shows the plots, with an increase in the number
of nodes the packet delivery decreases. Therefore, if each
node is with a higher value of the message length, and
smaller send interval, its eect on the Impact of DDoS
attack will be more. Table VIII shows the changeable
parameters in Botnet and their ranges.
On the other hand, for the victim’s side, it is essential
to look for the parameters that are conducive to the
packet reception. Changing the message length and send
122
Fig. 1: Example of UAV-Network under DDoS attack
TABLE II: Possibilities of the open ports in a UAV
Strategies 5554 5555 5556
S1 0 0 0
S2 0 0 1
S3 0 1 0
S4 0 1 1
S5 1 0 0
S6 1 0 1
S7 1 1 0
S8 1 1 1
interval, has no impact on the packets received from
the genuine network. To inhibit malicious trac ports
can play an important role. In drones three ports i.e.
5554, 5555 and 5556 are involved during the UDP data
exchange (Table III) [35]. There are eight possibilities (S1
- S8) as shown in Table II. Each possibility is represented
with a combination of 0s and 1s, where 0 means an
OFF state, and 1 means an ON state. This set of eight
strategies can further be reduced to four strategies. The
classication of these four strategies is done based on the
number of ON ports. For example, all the three ports
will be o only once, and hence it is represented with
S1. Similarly, one port will be open three times, and it
is represented with S2, and so on, as shown in Table VI.
While simulating the UDP ooding, we assume the
destination ports for all UDP apps in the Botnet are
5554, 5555 and 5556 respectively. In consumer drones,
these open ports can lead to several vulnerabilities. For
example, a study [12] has shown that a DoS attack on
TABLE III: Ports for UDP communication in UAVs
Port Type Port Number
Navigation Data Port 5554
On-Board Video Port 5555
AT Command Port 5556
TABLE IV: Probabilities of losing data from the UAVNet
Destination Ports Possibilities Probability
5554 S5,S6,S7 and S8 0.5714
5555 S3,S4,S7 and S8 0.5714
5556 S2,S4,S6 and S8 0.5714
5554,5555 S3,S4,S5,S6,S7 and S8 0.8571
5554,5556 S2,S4,S5,S6,S7 and S8 0.8571
5555,5556 S2,S3,S4,S6,S7 and S8 0.8571
5554,5555,5556 S2,S3,S4,S5,S6,S7 and S8 1
several ports can disrupt the video streaming that is
essential for applications such as disaster management,
locating a criminal, and lming; or bringing the drone
down by targeting several other ports. The victim UAV
can choose any of the 8 possibilities. The safest of all is
strategy S1, but the purpose of the defense mechanism
is to hinder the malicious trac to the best of its
ability while allowing maximum ow of legitimate trac.
Therefore the apt situations to be considered in a game
like scenarios are where the data is received from both
the attacker-network and the normal-network. Thus to
establish the continuous communication between the
normal-network and the target node, we exclude the S1
possibility. Since in this situation no genuine data will
be received. Out of all possible choices, the probability
of losing the genuine data gets minimized when there is
only one destination port in all UDP apps belonging to
the genuine UAVNet. It is least if the data is destined
to one port and highest if the data is sent to all three
ports, see Table IV. From the entire set, only in four
possibilities Table II, the data will be received. Since we
don’t consider the possibility S1, therefore there are 7
possibilities in total, and hence the probability becomes
0.5714. If there are two destination ports, the chances
of losing the data become 0.8571, and similarly, for
three ports the probability becomes 1. Table V show
the fraction of the total packets send from the attacker-
network and the normal-network that was dropped once
the destination ports in the normal-network were set
to 5554, 5555, and 5556 respectively. So these are the
choices that can work in favor of the victim in terms of
minimizing the lethality of the DDoS attack.
The limitation of this approach becomes evident in
OMNeT++ when we need to dierentiate between ma-
licious trac and good trac. Technically the defense
mechanism should consider only the data that is coming
from the normal UAV-Network, but in OMNeT++ we
are not able to calculate the exact fraction of the lost
packets from the genuine trac, it is only able to
calculate the fraction of lost data from the entire data,
which includes Botnet and the normal UAV-Network.
This limitation is because the UDP protocol is a connec-
tionless protocol, and hence it has no acknowledgment.
To address this limitation, we proposed two alternate
methods, and we will be utilizing the accurate one when
required. Both of these methods are discussed in the
123
300 350 400 450 500 550 600 650 700 750 800
Message Length (B)
88
89
90
91
92
93
94
95
96
97
98
Packet delivery (%)
(a) Message length vs. packet delivery
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
Send interval(s)
0
10
20
30
40
50
60
70
80
90
100
Packet delivery (%)
(b) Send interval vs. packet delivery
1234567
Number of nodes in botnet
30
40
50
60
70
80
90
100
Packet delivery (%)
(c) Additional nodes vs. packet delivery
Fig. 2: Missed packet ratio variation analysis with respect to message length, send interval, and number of additional
node
TABLE V: Packet loss for the three destination ports
Destination
Port Strategies Dropped Packets
(Botnet)
Dropped Packets
(UAVNet)
5554
S5 0.74 0.21
S6 0.51 0.21
S7 0.51 0.21
S8 0.27 0.18
5555
S3 0.78 0.34
S4 0.56 0.33
S7 0.46 0.32
S8 0.21 0.30
5556
S2 0.73 0.20
S4 0.48 0.20
S6 0.51 0.20
S8 0.27 0.18
TABLE VI: Strategies based on the number of open ports
Strategies No of open ports Occurrences
S1 0 1
S2 1 3
S3 2 3
S4 3 1
next subsections. To understand the signicance of the
proposed methods, we need to have a general network as
a reference. These two networks are slight modications
of the general network, gure 3 is a simplied example
of such a network.
1) Method one: In this method (gure 4), an addi-
tional node B1 was created. This node is a replica of
node B. Instead of sending the Total (B) (packets from
the Botnet) to the victim B, it was sent to B1. The
number of packets received by B1 (Received (B)) was
noted down. Similarly the fraction (Received (N)) of the
total packets send from genuine network (Total (N)) was
noted down. The value of Received (B) is important
for calculating the number of the packets received from
the genuine UAVNet in the original settings (gure 3)
during a DDoS attack. Since in the original network,
the Received(T) is the total number of packets received
TABLE VII: Variables in a UDP based Network
No. Variable Representation
1 Packets sent from Botnet node N (i)
2 Packets sent from UAVNet node n(i)
3 Total Packets from the Botnet T otal(B) =
n
∑
i=1
N(i)
4 Total Requests from the
UAVNet T otal (N) =
n
∑
i=1
n(i)
5 Total Replies from the UAVNet T otal(R) =
n
∑
i=1
r(i)
6 Fraction of [(3) + (4)] received
at B
Received (T)
7 Fraction of (3) received at B Received (B)
8 Fraction of (4) received at B Received (N)
from both, the Botnet and the genuine UAVNet. The
only value we obtain, but only the fraction of the total
packets send from the genuine UAVNet is of signicance.
To get that fraction we substitute the value Received (B)
in the following equation:
F raction(T) = Received(T)
T otal(B) + T otal(N)(1)
That fraction (Fraction (N)) is obtained by subtracting
Received (B) from the numerator and subtracting the To-
tal (B) from the denominator of Equation 1 respectively,
the values obtained are shown in Equation 2
F raction(N) = Received(T)−Received(B)
T otal(B) + T otal(N)−T otal(B)(2)
2) Method Two: In this method, no additional node
is created; instead, the entire malicious data gets for-
warded to one of the nodes in the normal UAVNet.
Unlike Method One, this method reduces the additional
calculations. The only packets received at B are from the
nonmalicious network. However, this value diers from
the packets received in the original network.
124
Fig. 3: An example simulation setup
Fig. 4: Method One
And once the values from both these methods were
compared, it turned out that Method One is more
accurate.
Fig. 5: Method Two
B. Ping App based DDoS attack
ICMP (Ping) ooding is another common Denial of
Service (DoS) attack. It is very similar to UDP ooding,
as both are intended to overwhelm the victim’s resources.
Fig. 6: An example UAVNet under ping ooding
However, in the Ping ooding, the Zombie network or
Botnet sends the ICMP Echo Request (ping) packets at
a rapid rate, without waiting for replies, which leads to
the saturation of the two-way bandwidth, as the victim’s
server will often try to respond with ICMP Echo Reply
packet [36]. The reason for simulating this attack was to
identify a game like situation, in case if such attacks were
launched on FANETs. Hence, a solution to a game can
minimize the risk or damage done through this attack.
To begin with the simulations, a network similar to
gure 3 was created. Unlike the UDP ooding, we were
able to measure the packet loss by counting the total
number of the ICMP Echo replies. Therefore, there was
no need for an addition replica node in the network,
as in Method One of UDP attack (gure 4), or some
extra calculations , for example in Method two of UDP
attack (gure 5). In gure 6 the Total(N) represents
the ∑n
i=1 n(i), where n(i) is the number of ICMP Echo
requests from nodei in the normal UAV-Network, and
Total(R) denotes ∑n
i=1 r(i). where r(i) is the number of
ICMP Echo replies received by the node i in the genuine
UAVNet. The ratio Total(R)/Total(N) provides an idea
about of the packets received and packets lost within the
normal network. Out of all the parameters that could
be selected by the attacker, victim, and the Normal
UAVNet, we selected send interval and number of nodes
for the attacker, while as the mobility and number of
pingapps for the victim and normal UAVNet.
The simulations were carried out for a network as
shown in gure 6 while keeping all other parameters
constant, the number of nodes was increased from 1 to
100 in the Botnet. It was found that the packet delivery
decreased with an increase in the number of nodes
(Fig.7a). Addition of more nodes in the Botnet enhances
the intensity of the packet ood. With each node,
the magnitude gets multiplied. Therefore, if this ow
is beyond the capacity of the victim’s communication
resources, many packets from the genuine network will
be dropped.
125
Similarly, in another set of simulations, only the send
interval in the Botnet pingapps was varied from 10s
to 0.0005s, and it was found that the decrease in the
send interval leads to an increase in the intensity of
the attack (gure 7b). Send-interval is the duration
during which a sender node forwards data to another
receiving node and waits for an acknowledgment to
forward the next chunk of the data in the sequence. If
the acknowledgment is not received, the process repeats.
And hence, in the cases where the send-interval is set
to smaller values, the probability of losing the data
become higher because of repetitive requests and a
fewer number of acknowledgments. Overall, the channel
gets ooded and it aects the delivery of the genuine
communication packets. On the other hand, in a dierent
set of simulations for the same network, it was found
that there was no predictable relationship between the
increased pingapps in the normal UAVNet and the packet
reception (gure 7c). The number of pingapps in the
UAVNet was increased from 1 to 10 in each node,
including the target node.
Furthermore, the UAVNet along with the target UAV
were set to dierent modes of mobilities. They are as
follows [37]:
1) Random Waypoint: UAV moves to random loca-
tions with random speed.
2) Linear: UAV moves with a constant speed or
constant acceleration.
3) Circle: UAV ies around a circle parallel to the XY
plane with a constant speed.
4) Rectangle: UAV ies around a rectangular area
parallel to the XY plane with constant speed.
5) Tractor: UAV’s motion is similar to a tractor on a
eld with some rows.
These simulations were carried out 10 times for each
mobility, and the mean values of the packets received
were calculated. All other parameters including the
starting positional values of x y and z; the radius of
the circle etc. were kept constant. It was found that out
of these selected mobility models, in case of the Random
Waypoint, the packet reception was highest, while as
in the Tractor mobility it was lowest (gure 7d). After
these rounds of simulations, one can deduce that, in a
game like situation during a ping ood attack, if the
attacker and the target had to choose from these four
parameters, then smaller values of send interval and more
number of nodes in Botnet will work in favor of the
attacker. Meanwhile, the Random Waypoint mobility in
UAVNet nodes and target nodes will be conducive for
legitimate communication. It is well-known that mobility
aects the packet loss, quality of the communication
and the performance of protocols [38], [39]. This could
be attributed to the dependence of the packet delivery
or other metrics on the stability of the links between
dierent nodes the network [40]. Moreover, the PingApp
is an application of hosts that disable send and specify
TABLE VIII: Botnet and UAVNet parameters with their
range
Attack Network Variable Range
UDP
Flooding
Botnet
Message
Length
300-800
Bytes
Send Interval .00001-1s
Nodes 1-7
Target Node UDP Ports 5554-5556
Ping
Flooding
Botnet Send Interval 0.0005-10s
Nodes 1-100
UAVNet/Target Ping Apps 1-10
Mobility 5 types
an empty destination address. From our simulations,
the relation between the number of PingApps in the
UAVNet and the packet loss was unpredictable, and
hence it will be excluded from the list of choices for
the target’s defensive strategies. Table VIII shows the
range of variables changed in Botnet, UAVNet and the
target node.
IV. Conclusions
In this work, two dierent types of DDoS attacks were
simulated, and the eects of dierent parameters were
analyzed. The goal was to identify the congurations and
variables that work in favor of the hacker and the victim’s
defense mechanism. The parameters involved in the game
like interaction were identied. For example, in the UDP
ooding, smaller values of send interval, larger values
of message length, and increased number of nodes in
Botnet were conducive for a severe attack, while shutting
dierent ports might work in favor of the target drone’s
defense. Similarly, in ICMP (Ping) ooding, the small
values of send interval and increased number of nodes
in the zombie network amplify the eect of the DDoS
attack, while the Random Waypoint mobility was found
to be congenial to the target’s defensive mechanism.
In our future work, more emphasis will be laid on a
comprehensive strategic prole of the attacker and the
target drone and obtaining a meaningful solution for such
games.
References
[1] N. De Nitti, “An introduction to game theory and its appli-
cations,” Retrieved on, vol. 17, p. 2017, 2014.
[2] T. L. Turocy, “Texas a&m university,” Bernhard von Stengel,
London School of Economics “Game Theory” CDAM Research
Report (October 2001), 2001.
[3] B. A. Bhuiyan, “An overview of game theory and some
applications,” Philosophy and Progress, pp. 111–128, 2016.
[4] A. M. Colman, Game theory and its applications: In the social
and biological sciences. Psychology Press, 2013.
[5] M. O. Jackson, “A brief introduction to the basics of game
theory,” Available at SSRN 1968579, 2011.
[6] S. Shiva, S. Roy, and D. Dasgupta, “Game theory for cyber
security,” in Proceedings of the Sixth Annual Workshop on
Cyber Security and Information Intelligence Research. ACM,
2010, p. 34.
[7] R. J. Aumann and M. Maschler, “Some thoughts on the
minimax principle,” Management Science, vol. 18, no. 5-part-
2, pp. 54–63, 1972.
126
0 10 20 30 40 50 60 70 80 90 100
Number of nodes in botnet
0
10
20
30
40
50
60
70
80
90
100
Packet delivery (%)
(a)
012345678910
Send interval(s)
0
10
20
30
40
50
60
70
80
90
100
Packet delivery (%)
(b)
1 2 3 4 5 6 7 8 9 10
Number of pingapps in the normal UAVNet
0
10
20
30
40
50
60
70
80
90
100
Packet delivery (%)
(c)
Tractor Rectangle Linear Circle Random Waypoint
Mobilities in UAVNet plus Target UAV
0
10
20
30
40
50
60
70
80
90
100
Packet delivery (%)
(d)
Fig. 7: Eect of changing {(a) Number of nodes (b) Send interval (c) Number of pingapps, and (d) Mobility} on the packet
delivery in the UAVNet and Botnet
[8] D. M. Kreps, “Nash equilibrium,” in Game Theory. Springer,
1989, pp. 167–177.
[9] M. H. Manshaei, Q. Zhu, T. Alpcan, T. Bacşar, and J.-P.
Hubaux, “Game theory meets network security and privacy,”
ACM Computing Surveys (CSUR), vol. 45, no. 3, p. 25, 2013.
[10] K.-w. Lye and J. M. Wing, “Game strategies in network se-
curity,” International Journal of Information Security, vol. 4,
no. 1-2, pp. 71–86, 2005.
[11] A. Rubinstein and M. J. Osborne, A course in game theory.
Cambridge, Mass.: MIT Press, 1994.
[12] G. Vasconcelos, G. Carrijo, R. Miani, J. Souza, and
V. Guizilini, “The impact of dos attacks on the ar. drone
2.0,” in 2016 XIII Latin American Robotics Symposium and
IV Brazilian Robotics Symposium (LARS/SBR). IEEE, 2016,
pp. 127–132.
[13] A. Mairaj, A. I. Baba, and A. Y. Javaid, “Application
specic drone simulators: Recent advances and challenges,”
Simulation Modelling Practice and Theory, 2019.
[14] “How to Skyjack a Drone In an Hour
for Less Than 400,” https://threatpost.com/
how-to- skyjack-drones- in-an- hour-for-less-than-400/
103086/, accessed: 2019-22-02.
[15] “Hak5 1518 – Drones Hacking Drones,” hhttps://www.hak5.
org/tag/denial-of- drone, accessed: 2019-22-02.
[16] A. Y. Javaid, W. Sun, and M. Alam, “UAVSim: A simulation
testbed for unmanned aerial vehicle network cyber security
analysis,” in 2013 IEEE Globecom Workshops (GC Wkshps).
IEEE, 2013, pp. 1432–1436.
[17] A. Javaid, W. Sun, and M. Alam, “UAVNet simulation in
UAVSim: A performance evaluation and enhancement,” in
International Conference on Testbeds and Research Infras-
tructures. Springer, 2014, pp. 107–115.
[18] S. T. Zargar, J. Joshi, and D. Tipper, “A survey of de-
fense mechanisms against distributed denial of service (ddos)
ooding attacks,” IEEE communications surveys & tutorials,
vol. 15, no. 4, pp. 2046–2069, 2013.
[19] I. S. Amiri and M. R. K. Soltanian, Theoretical and Ex-
perimental Methods for Defending Against DDoS Attacks.
Syngress, 2015.
[20] T. Mahjabin, Y. Xiao, G. Sun, and W. Jiang, “A survey of
distributed denial-of-service attack, prevention, and mitiga-
tion techniques,” International Journal of Distributed Sensor
Networks, vol. 13, no. 12, p. 1550147717741463, 2017.
127
[21] F. Lau, S. H. Rubin, M. H. Smith, and L. Trajkovic, “Dis-
tributed denial of service attacks,” in Smc 2000 conference
proceedings. 2000 ieee international conference on systems,
man and cybernetics.’cybernetics evolving to systems, hu-
mans, organizations, and their complex interactions’(cat. no.
0, vol. 3. IEEE, 2000, pp. 2275–2280.
[22] J. Postel, “User datagram protocol,” Tech. Rep., 1980.
[23] S. Kumar, “Ping attack–how bad is it?” Computers & Secu-
rity, vol. 25, no. 5, pp. 332–337, 2006.
[24] K. Sonar and H. Upadhyay, “A survey: Ddos attack on internet
of things,” International Journal of Engineering Research and
Development, vol. 10, no. 11, pp. 58–63, 2014.
[25] J. Nazario, “Ddos attack evolution,” Network Security, vol.
2008, no. 7, pp. 7–10, 2008.
[26] H. Çeker, J. Zhuang, S. Upadhyaya, Q. D. La, and B.-
H. Soong, “Deception-based game theoretical approach to
mitigate dos attacks,” in International Conference on Decision
and Game Theory for Security. Springer, 2016, pp. 18–38.
[27] T. S. Khirwadkar, “Defense against network attacks using
game theory,” Ph.D. dissertation, University of Illinois at
Urbana-Champaign, 2011.
[28] H. Bedi, S. Shiva, and S. Roy, “A game inspired defense
mechanism against distributed denial of service attacks,”
Security and Communication Networks, vol. 7, no. 12, pp.
2389–2404, 2014.
[29] T. Spyridopoulos, G. Karanikas, T. Tryfonas, and
G. Oikonomou, “A game theoretic defence framework
against dos/ddos cyber attacks,” Computers & Security,
vol. 38, pp. 39–50, 2013.
[30] Y. Wang, Y. Zhang, X. Hei, W. Ji, and W. Ma, “Game
strategies for distributed denial of service defense in the
cloud of things,” Journal of communications and information
networks, vol. 1, no. 4, pp. 143–155, 2016.
[31] M. N. Mejri, N. Achir, and M. Hamdi, “A new security
games based reaction algorithm against dos attacks in vanets,”
in 2016 13th IEEE Annual Consumer Communications &
Networking Conference (CCNC). IEEE, 2016, pp. 837–840.
[32] Q. Wu, S. Shiva, S. Roy, C. Ellis, and V. Datla, “On modeling
and simulation of game theory-based defense mechanisms
against dos and ddos attacks,” in Proceedings of the 2010
spring simulation multiconference. Society for Computer
Simulation International, 2010, p. 159.
[33] T. Khan Mohd, S. Majumdar, A. Mathur, and A. Y. Javaid,
“Simulation and Analysis of DDoS Attack on Connected
Autonomous Vehicular Network using OMNET++,” in 9th
IEEE Annual Ubiquitous Computing, Electronics Mobile
Communication Conference. IEEE, 2019.
[34] A. Varga and R. Hornig, “An overview of the omnet++
simulation environment,” in Proceedings of the 1st inter-
national conference on Simulation tools and techniques for
communications, networks and systems & workshops. ICST
(Institute for Computer Sciences, Social-Informatics and …,
2008, p. 60.
[35] “Communicating with the Quadcopter,”
https://www.objc.io/issues/8-quadcopter/
communicating-with- the-quadcopter/, accessed: 2019-22-
02.
[36] “UDP vs ICMP ood,” https://security.stackexchange.com/
questions/180252/udp-vs- icmp-flood, accessed: 2019-21-02.
[37] “Node Mobility,” https:https://inet.omnetpp.org/docs/
users-guide/ch- mobility.html, accessed: 2019-21-02.
[38] J. Kim, Q. Niyaz, and A. Y. Javaid, “Performance evaluation
of voip broadcasting over lte for varying speeds and distances
of mobile nodes,” in 2014 IEEE International Symposium on
Broadband Multimedia Systems and Broadcasting. IEEE,
2014, pp. 1–5.
[39] R. Asokan and A. Natarajan, “An approach for reducing the
end-to-end delay and increasing network lifetime in mobile ad
hoc networks,” Int J Inf Technol, vol. 4, no. 2, pp. 121–127,
2008.
[40] A. El Gueraa, R. Saadane, and D. Aboutajdine, “Impact of
mobility model on packet transmission in vehicular ad hoc
network based on ir-uwb,” in 2015 International Conference on
Wireless Networks and Mobile Communications (WINCOM).
IEEE, 2015, pp. 1–5.
128
