This week I continued my literary research regarding DDoS attack and defense. One of the papers I reviewed was "Methodologies for evaluating game theoretic defense against DDoS attacks" by T. Khirwadkar et. al. In their paper, they discuss how Distributed Denial of Service (DDoS) attacks on the Internet are used by attackers to be a nuisance, make a political statement (e.g. the 2009 attack against Estonia), or as a weapon of an Internet extortionist. Effective defense against these is a crucial study area, where advanced simulation techniques play a critical role, because of the enormous number of events involved. The paper considers a methodology for evaluating a game-theoretic defense against DDoS. First, they describe a basic form of the defense. Then, they noted the performance limitations that could be caused by inattentive implementation. Lastly, they considered methodologies in which a parallelized approach may accelerate performance.

I also reviewed "Game-Theoretical Effectiveness Evaluation of DDoS Defense" by P. Shi and Y. Lian. This paper is organized as follows: section 2 introduced DDoS defense strategies, along with current research on evaluation of DDoS defense mechanisms; section 3 proposed an evaluation model based on strategic game; then some experiments and simulation results are showed in section 4, with the concrete awareness results which can explain the method explicitly. My main takeaway from this publication was that their are credential-based and filtering-based methods of defense. The representative methods based on credential are i3, SOS and Capabilities. What's in common is that identification protocols are constructed between senders and receivers, which guarantees validity of the senders. In DDoS attack, however, attackers sometimes forge source IP address of the attack packets to evade attack detection. So this kind of defense mechanisms is more suitable for the IP-forge attacks.

On the other side, the mechanisms based on packet filtering discard attack packets according to the network congestion degree to mitigate the damage to the victim caused by DDoS attacks. This kind of method uses existing network infrastructures and adds new functions to the routers. During the development of our game, I believe it is important to make a simplified distinction between each method and show which method we choose to focus on through our gameplay.