CN111988286A

CN111988286A - DDoS attack analysis and decision method for bitcoin mine pool based on evolutionary game

Info

Publication number: CN111988286A
Application number: CN202010767227.4A
Authority: CN
Inventors: 魏贵义; 应翠雯
Original assignee: Zhejiang Gongshang University
Current assignee: Zhejiang Gongshang University
Priority date: 2020-08-03
Filing date: 2020-08-03
Publication date: 2020-11-24

Abstract

The invention discloses a DDoS attack analysis and decision method for a bitcoin mine pool based on an evolutionary game. The method firstly determines the participants, determines a strategy set according to the characteristics of the participants, selects parameters influencing DDoS attack and income, defines the meaning of the parameters and calculates the income of the participants. And then, constructing a DDoS attack evolution game model of the ore pool based on the above steps, and analyzing the change of the proportion of the ore pool initiating the DDoS attack strategy in all the ore pools. And finally, solving the equilibrium of the evolutionary game, and selecting a counterattack strategy of the next round from the mine pool under attack in the current round. The invention takes the repeated operation characteristic of the ore digging game into consideration, so that the analysis of the ore digging game of multiple rounds is more practical. Meanwhile, the invention introduces the probability of DDoS attack failure and uses the parameter when calculating the income of participants, thereby being capable of more perfectly analyzing the situation of strategy change in the pool game process.

Description

DDoS attack analysis and decision method for bitcoin mine pool based on evolutionary game

Technical Field

The invention belongs to the field of DDoS (distributed denial of service) attacks between a bit currency mine pool game and a mine pool, and relates to an analysis and decision method based on an evolutionary game.

Background

The incentive mechanism of the bitcoin prompts miners to dig mines and spread new blocks constructed by the miners to obtain benefits. At present, miners mostly add to an ore pond to dig ores. The mine pond becomes the main body of digging. From a rational point of view, if a deviation from the normal mining strategy can bring greater profit to the mine, the mine is motivated not to act according to the rules of the bitcoin system. Such deviating policies may be illegal activities, such as proactively launching DDoS attacks on other mine pools. As early as 2011, bitcoin mines have been reported to be attacked by DDoS. Thereafter, DDoS attacks on the mine are frequent. Even AntPool has issued a notification that it is being attacked by large DDoS. Up to now, DDoS attackers still attack mine pools.

The game theory is a tool for researching interdependence and competition of decision subjects. The game theory method is widely applied in the aspects of motivation and decision. Clark and Konrad^[1]A theoretical model is provided, in the model, defenders need to protect a plurality of nodes, and attackers only need to break through one node to succeed. Fultz and Grossklas^[2]The strategy selection problem of an attacker under different decision scenes is solved. Grossklags et al^[3]The impact of different security decisions under limited rational conditions was investigated. Cremonini and Nizovtsev^[4]The decisions of the attackers are compared when the attackers have different degrees of knowledge about the security defense measures of the targets. Cavusglu et al^[5]The enterprise's decisions given the attack probabilities are analyzed. The above studies are all concerned with attacks and use the game theory approach. However, none of these content and analysis relate to attacks and decisions in the bitcoin environment.

In the bitcoin environment, gaming theory is often used to analyze content related to a mine attack. The research of mine pool attack modeling analysis is developed based on the classical game theory, and the method can be divided into four types of complete information static game, complete information dynamic game, incomplete information static game and incomplete information dynamic game according to a game information set and action time sequence. For example, game theory is used to analyze block withholding attacks between mine pools^[6]. Other attack-related studies have focused on the bitcoin system itself. Barber et al^[7]The characteristics of a last-day attack were studied, which can invalidate the entire transaction history with great effort. Kroll et al^[8]The stability of the bitcoin digging when an outsider destroys the bitcoin is studied. Tang et al^[9]A reward mode that considers "either win or no harvest" may result in misbehavior by miners. The above research is closely related to the BimingNote system, but none of them has taken into considerationAnd (4) considering DDoS attack behaviors aiming at the mine pool.

About the game among the mines and the DDoS attack behavior of the mines, Vasek et al^[10]Empirical evidence of frequent DDoS attacks in bitcoin environments is presented. Their view is that the probability of a mine being attacked is related to the amount of effort that the mine is doing. Based on these findings, Johnson et al^[11]A round of game model between two mine pools is established. In their model, an alternative strategy for both mines is to launch a DDoS attack or invest in effort. One limitation of their model is that only one round of gaming is considered, and there is a lack of analysis of long-term effects. Laszka et al^[12]A model of mutual attack of two ore pools is established, migration of miners is considered, and long-term influence of DDoS attack is analyzed, but the model does not consider coping strategies of the attacked ore pools in multiple rounds of games.

In practical situations, the mining pools are dug all the time, and the game among the mining pools is multi-turn. In the repeated game, the attacked ore pool can take corresponding countermeasures in the next round of game according to the condition of the current round of game, so that the situation is influenced, and the expected income of the user is maximized. In addition, classical game theory assumes that the participants are fully rational, have unlimited information processing and computing power, and are not subject to errors and other influences during the decision-making process. However, in reality this assumption is difficult to satisfy, and the rationality of the mine is limited rather than complete. Therefore, an analysis and decision method for DDoS attack of the bitcoin ore pool is required to be provided based on an evolutionary game aiming at the characteristics that the bitcoin ore pool is continuously excavated and the game is repeatedly performed among the ore pools.

Reference to the literature

[1]Clark，D.，Konrad，K.Asymmetric conflict：Weakest link against best shot[J].Journal of Conflict Resolution.2007：457-469.

[2]Fultz N，Grossklags J.Blue versus Red：Towards a Model of Distributed Security Attacks[J].2009.

[3]Grossklags J，Johnson B，Christin N.When Information Improves Information Security[C].Financial Cryptography&Data Security，International Conference，Fc，Tenerife，Canary Islands，January，Revised Selected Papers.DBLP，2010.

[4]Cremonini M，Nizovtsev D.Understanding and Influencing Attackers’Decisions：Implications for Security Investment Strategies[J].2006.

[5]Cavusoglu H，Yue R W T.Decision-Theoretic and Game-Theoretic Approaches to IT Security Investment[J].Journal of Management Information Systems，2008，25(2)：281-304.

[6]Eyal I.The Miner’s Dilemma[J].Computer Science，2014：89-103.

[7]Barber S，Boyen X，Shi E，et al.Bitter to Better-How to Make Bitcoin a Better Currency[C].International Conference on Financial Cryptography and Data Security.Springer Berlin Heidelberg，2012.

[8]Kroll，J A，Davey，IC，Felten，E W.The economics of bitcoin mining，or bitcoin in the presence of adversaries[J].Proceedings of WEIS，2013：11.

[9]Tang C，Wu L，Wen G，et al.Incentivizing Honest Mining in Blockchain Networks：A Reputation Approach[J].Circuits and Systems II：Express Briefs，IEEE Transactions on，2019：1-1.

[10]Vasek M，Thornton M，Moore T.Empirical Analysis of Denial-of-Service Attacks in the Bitcoin Ecosystem[C].International Conference on Financial Cryptography and Data Security.Springer Berlin Heidelberg，2014.

[11]Johnson B，Laszka A，Grossklags J，et al.Game-Theoretic Analysis of DDoS Attacks Against Bitcoin Mining Pools[J].2014.

[12]Laszka A，Johnson B，Grossklags J.When Bitcoin Mining Pools Run Dry：A Game-Theoretic Analysis of the Long-Term Impact of Attacks Between Mining Pools[C].2nd Workshop on Bitcoin Research，in association with Financial Crypto 2015.2015.

Disclosure of Invention

The mine has become the main output of the bitcoin and has become the focus of attention. The mine pool is continuously attacked by DDoS, and computing resources are wasted. There is a statement that mine pools can overwhelm competitor mine pools by launching DDoS attacks on other mine pools. DDoS attacks cause the calculation resources of the attacked mine pools to be wasted, and meanwhile, the market of the bit coins digging is disturbed. Aiming at the problem, the invention provides a method for analyzing DDoS (distributed denial of service) attack behaviors of a bitcoin ore pool based on an evolutionary game theory, and helps the attacked ore pool to make an optimal decision in multiple rounds of ore digging games.

The invention comprises the following steps:

A. determining participants, determining a strategy set according to the characteristics of the participants, selecting parameters influencing DDoS attack and income, defining the meaning of the parameters, and calculating the income of the participants;

the determining participants specifically are:

the mine pools jointly form a mine pool group, and two mine pools are extracted from the mine pool group to serve as participants.

The determining the policy set according to the characteristics of the participants specifically comprises:

the characteristics of the participants mean that the mine pool has computing resources, different strategies can be selected by the mine pool, and the mine pool can carry out strategy transfer within the capacity range.

Determining the strategy set means that the strategy that the mine pool can select is to initiate DDoS attack or conservative mine excavation. When the strategy adopted by one ore pool is to initiate DDoS attack, the ore pool is called as an initiating DDoS attack side ore pool, and when the strategy adopted by one ore pool is to conservatively dig ore, the ore pool is called as a conservative digging side ore pool.

The parameters influencing DDoS attack and income are selected, the meaning of the parameters is determined, and the income of the participants is calculated specifically as follows:

m: the mine pools in the mine pool group are regarded as possessing the same computational power, and m represents the proportion of the computational power of a single mine pool to the total computational power of the bitcoin network.

σ: the probability of DDoS attack failure is assumed to be σ.

λ: let the cost factor for launching a DDoS attack be λ.

The income of the calculation participants is specifically as follows:

when two ore ponds adopt a conservative ore digging strategy, the respective benefits are U_MM＝B_mM(ii) a When one ore pool adopts a conservative excavation strategy and the other ore pool adopts a DDoS attack launching strategy, the profit U of the ore pool of the conservative excavation side is obtained_MD＝B_mDAnd the income U of the DDoS attack side mine pool is launched_DM＝B_mM+B_e-C_D(ii) a When two ore ponds are both the ore ponds of the attack side initiating the DDoS, the earnings of the two ore ponds are both U_DD＝B_mD-C_D；

Wherein, B_mMRepresenting the basic gain of the mine pit through excavation, B_eRepresenting the additional benefit of initiating a DDoS attack, C_DRepresenting the cost of initiating a DDoS attack, B_mDRepresenting the revenue from pool excavation when subjected to DDoS attacks, B_mD＝σB_mM。

B. On the basis, an ore pool DDoS attack evolution game model is constructed, and the change of the proportion of the ore pool initiating the DDoS attack strategy in all ore pools is analyzed;

the establishment of the mine pool DDoS attack evolution game model specifically comprises the following steps:

the game model consists of four elements, namely a participant, a strategy set, the income of the participant and the strategy frequency for launching a DDoS attack strategy.

The participants are two mine ponds;

the strategy set is used for initiating a DDoS attack strategy and a conservative mining strategy by using s_DRepresenting the launching of DDoS attack strategy by s_MRepresenting a conservative mining strategy, the strategy set may be represented as s_D，s_M}；

The participant's profit is U_MM，U_MD，U_DMAnd U_DD；

Two strategy frequencies are provided for launching the DDoS attack strategy, one is s in the current round mine pool group_DAnother is s in the next round of mine pool population_DFrequency of strategy (2)p′。

Wherein n is_DFor selecting the number of ore pools for launching the DDoS attack strategy, if N is the total number of the ore pools, s_MThe strategy frequency is 1-p;

the analysis adopts the change of the proportion of the ore pool initiating the DDoS attack strategy to all the ore pools, which is specifically as follows:

the proportion of the ore pool initiating the DDoS attack strategy to all the ore pools is s_DThe strategy frequency of (1), the pool population evolution state is used as the next round of s_DThe strategy frequency p' is expressed. And (3) moving the strategy of the participant mine pool to the dominant strategy after the participant mine pool compares the income along with the advance of time, wherein the value of p' changes in the process to obtain a mine pool group strategy evolution dynamic equation:

wherein, U_dRepresenting the profit of a mine pool from which a DDoS attacker originates,

representing the overall expected revenue for a participant mine. And p ' represents the general trend and direction of the evolution of the mine pool group strategy, when the p ' → 0 shows that the mine pools are mutually consistent, the mine pools tend to dug conservatively instead of initiating DDoS attacks on other mine pools, and when the p ' → 1 shows that the mine pools tend to initiate DDoS attacks on other mine pools.

Further, the solving process of p' is as follows:

calculating profit U of participant mine pool of DDoS attack initiating party_d；

Calculating the profit U of conservative excavation square participant mine pool_m；

Calculating expected profit of participant mine pools according to DDoS attack initiating strategy frequency and conservative mine digging strategy frequency

And calculating the strategy frequency p' for launching the DDoS attack strategy and summarizing the convergence result.

Further, the profit U of the participant mine pool of the attack party initiating DDoS_d＝(1-p)U_DM+xU_DD(ii) a Profit U of conservative excavation square root participant mine pool_m＝(1-p)U_MM+pU_MD(ii) a Expected revenue for participant mine

Mine pool group strategy evolution dynamic equation:

when in the pool group s_DWhen the strategy frequency is 0, the mine evolution game process reaches an evolution stable state, and at the moment, the equation satisfies the following conditions:

p′→0

simulation experiment to obtain s_DThe dynamic variation of the strategy frequency p' as time advances.

C. And (5) solving the equilibrium of the evolutionary game, and selecting a counterattack strategy of the next round from the mine pool under attack in the current round.

The solving of the evolutionary game equilibrium specifically comprises the following steps:

a strategy is designed, when the attacked ore pool adopts the strategy, both ore pools tend to dug conservatively, and the evolutionary game reaches equilibrium.

The counterattack strategy of the next round selected by the current round attacked ore pool is specifically as follows:

according to an evolution game classic Axelrod experiment, a coping strategy of an attacked ore pool is designed, named as an 'excavation-repetition, DDoS attack-change' strategy, and described as follows:

if the strategy selected by the previous wheel is conservative excavation, the wheel repeats the strategy selected by the previous wheel; if the strategy of the opposite party in the previous round is to initiate DDoS attack, the round selects the opposite strategy to the strategy in the previous round.

The attacked ore pool adopts the designed 'digging-repeating, DDoS attacking-changing' strategy, and the situation that the two ore pools cooperate in the subsequent rounds of games is discussed in a classification mode.

The invention has the following effects: the invention provides an analysis method of a DDoS attack motivation between two ore ponds based on an evolutionary game, which is different from a round of game used in most of the current methods. Meanwhile, a coping strategy of the mine pool attacked by DDoS is designed by using a classical Axelrod experiment in an evolution game. Thus, the two mine pools adopt a conservative mining strategy in repeated games, and cooperation is achieved. On the basis, the attacked ore pool can be counterattacked to influence the situation of the next round of game, so that the computational resources of the attacked ore pool can be normally operated, and the waste is avoided. The invention introduces the probability of DDoS attack failure and uses the parameter when calculating the income of the participants, which is different from the problem that the traditional attack and defense game does not consider the attack success probability. The invention does not need to modify the bit currency network protocol and does not need to be based on intelligent contracts or modify the existing consensus mechanism. Assuming that the participants are benefit-driven, the security of the original bitcoin mine pool is not reduced by the invention under the condition of introducing a new analysis and decision mechanism.

Drawings

FIG. 1 is a flow chart of the present invention.

FIG. 2 is s_DAnd (3) dynamic change graph of strategy frequency when time advances.

Fig. 3 is a schematic diagram of a strategy variation for achieving cooperation between two mine pools.

Detailed Description

The invention is described in further detail below with reference to the figures and specific examples.

As shown in fig. 1, the method for analyzing and deciding DDoS attack of a bitcoin mine pool based on an evolutionary game includes the following steps:

step 1, determining a decision-making body, determining a strategy set according to the characteristics of participants, selecting parameters influencing DDoS attack and income, defining the meanings of the parameters, and calculating the income of the participants according to the probability characteristics of the bit currency mining.

The mine pools jointly form a mine pool group, and the mine pools in the mine pool group can carry out strategy transfer according to specific probability within the capacity range. Two ore pools are abstracted from the ore pool group as participants and are respectively represented by an ore pool A and an ore pool B, the ore pools in the ore pool group are regarded as having the same calculation power, and m represents the proportion of the calculation power of a single ore pool to the total calculation power of the bitcoin network.

The probability of failure of a DDoS attacker attack is assumed to be sigma (sigma < 1), and the cost coefficient of the DDoS attack is assumed to be lambda (lambda < 1).

And 2, constructing a DDoS attack evolution game model of the ore pool based on the DDoS attack evolution game model, and analyzing the change of the proportion of the ore pool initiating the DDoS attack strategy in all the ore pools. And carrying out normalization processing on the basic income of the ore digging of the ore pool. Solving an ore pool group strategy evolution equation of a DDoS attack initiating party and a conservative ore excavation party to obtain strategy frequency change of the DDoS attack initiating strategy in the ore pool game evolution process, and summarizing convergence results;

the two ore ponds have the benefits of U when the two ore ponds are conservative excavation square ore ponds_MM＝B_mM＝m；

When the other side is a conservative excavation side mine pool, the yield of the DDoS attack side mine pool is initiated

When the other side is the side which initiates DDoS attack, the yield U of the side mine pool of conservative excavation is obtained_MD＝B_mD＝σm；

When two ore ponds are both the ore ponds of the attack side initiating DDoS, the earnings of the two ore ponds are both U_DD＝B_mD-C_Dσ m- λ m; wherein, B_mMRepresenting the basic gain of the mine pit through excavation, B_eIndicating the additional revenue brought by initiating the DDoS attack, if the DDoS attack is successful,

C_Drepresenting the cost of initiating a DDoS attack, B_mDRepresenting the revenue from pool excavation when subjected to DDoS attacks, B_mD＝σB_mM＝σm。

By s_DRepresenting the launching of DDoS attack strategy by s_MRepresenting a conservative ore excavation strategy; let s_DThe frequency of the strategy is x,

wherein n is_DFor selecting the number of mine pools for launching the DDoS attack strategy, if N is the participant space, i.e. the total number of mine pools, s_MThe strategy frequency is 1-x.

For a pool with conservative excavation, the expected yield is U_m＝(1-x)U_MM+xU_MD(1-x) m + x σ m; for a mine pool of a DDoS attacker, the expected yield is

Expected profit for mine:

the learning behaviors of the participants cause the frequency of the group strategy to dynamically change along with time, and the group evolution state is used as s in the next round_DExpressing strategy frequency to obtain ore pool group strategyEvolution dynamic equation:

the meaning of x' is the next round s_DAnd the strategy frequency represents the general trend and direction of the mine pool group evolution of the DDoS attacking party and the conservative mining party.

The comparison of the gains of different strategies by the participants can lead to the adjustment of strategy selection, thereby leading to the evolution of the state of the mine pool population. Due to the incomplete rational characteristics of the participants, the system evolves gradually, through multiple rounds of state changes, until the evolution stabilization strategy is converged.

x′→0

simulation experiment to obtain s_DDynamic changes in the strategy frequency as time advances.

FIG. 2 is s_DAnd (3) dynamic change graph of strategy frequency when time advances. Where m is 0.02, λ is 0.02, σ is 0.3, and s is initially_DStrategic frequency x₀＝0.1。

The horizontal axis represents game rounds and represents the advance of time, and the vertical axis represents s corresponding to each round_DThe policy frequency value. It can be seen that as time progresses, s_DThe policy frequency value tends to 0, which means that the proportion of the mine pool initiating the DDoS attack to the total mine pool tends to 0. Mining ponds tend to select conservative excavation strategies.

And 3, solving the equilibrium of the evolutionary game, and selecting a counterattack strategy of the next round from the mine pool under attack in the current round.

According to an evolution game classic Axelrod experiment, a coping strategy of an attacked ore pool is designed, defined as an 'excavation-repetition, DDoS attack-change' strategy, and described as follows:

Fig. 3 is a schematic diagram of policy change of cooperation between two mine pools, and the classification discusses the change process of the policy selected by the mine pools under different initial conditions. With (A)_s，B_s) A policy pair representing pool A and pool B, wherein A_sStrategy for representing the selection of a mine pool, B_sRepresenting the strategy of pool B selection. For example, (D, M) represents a case where mine a chooses to launch a DDoS attack strategy and mine B chooses a conservative excavation strategy.

As shown in fig. 3, the dashed box labeled "round 1 game" is the initial state, and there are four kinds of strategy combination cases; the arrows connect the corresponding states of the four cases in the "game of round 1" in the "game of round 2"; the four cases in the "round 2 game" are then linked by arrows to the corresponding states in the subsequent round.

Taking the case 2 as an example, in the 1 st round of game, the mining pool a selects a conservative mining strategy, and the mining pool B selects a DDoS attack initiating strategy, and in the round of game, the mining pool a is attacked by DDoS; subsequently, in the 2 nd round of game, the ore pool A adopts a 'digging-repeating and DDoS attack-changing' strategy, and the decision is made according to the strategy of the opposite ore pool in the 1 st round of game, because the ore pool B selects to initiate DDoS attack in the 1 st round, the ore pool A in the round is changed into the own strategy, and the different strategy from the previous round is selected, namely the DDoS attack is initiated. And the subsequent rounds of games are analogized.

Under the guidance of the 'digging-repeating, DDoS attack-change' strategy, from the 3 rd round, the ore pool selects a conservative digging strategy, which is the optimal choice for both parties.

Claims

1. A DDoS attack analysis and decision method for a bitcoin mine pool based on an evolutionary game is characterized by comprising the following steps:

B. constructing a DDoS attack evolution game model of the ore pool, and analyzing the change of the proportion of the ore pool initiating a DDoS attack strategy to all the ore pools;

the game model consists of four elements, namely a participant, a strategy set, the income of the participant and the strategy frequency for launching a DDoS attack strategy;

the proportion of the mine pools which adopt the DDoS attack initiating strategy to all the mine pools is the DDoS attack initiating strategy s_DThe strategy frequency of (1), the pool population evolution state is used as the next round of s_DStrategy frequency p' is expressed;

and (3) moving the strategy of the participant mine pool to the dominant strategy after the participant mine pool compares the income along with the advance of time, wherein the value of p' changes in the process to obtain a mine pool group strategy evolution dynamic equation:

wherein p represents s in the current round mine pool population_DStrategy frequency of (U)_dRepresenting the profit of a mine pool from which a DDoS attacker originates,

representing an overall expected return for a participant mine; p ' represents the general trend and direction of the evolution of the mine pool group strategy, when p ' → 0 indicates that the mine pools are mutually consistent, the mine pools tend to dug conservatively instead of initiating DDoS attacks on other mine pools, and when p ' → 1 indicates that the mine pools tend to initiate DDoS attacks on other mine pools;

2. The DDoS attack analysis and decision method for the Bingxin mine based on the evolutionary game as claimed in claim 1, characterized in that: the characteristics of the participants in the step A mean that the ore pool has computing resources, different strategies can be selected for the ore pool, and the ore pool can carry out strategy transfer within the capacity range;

determining a strategy set refers to that a strategy which can be selected by a mine pool is to initiate DDoS attack or conservative mine excavation; when the strategy adopted by one ore pool is to initiate DDoS attack, the ore pool is called as an initiating DDoS attack side ore pool, and when the strategy adopted by one ore pool is to conservatively dig ore, the ore pool is called as a conservative digging side ore pool.

3. The DDoS attack analysis and decision method for the Bingxin mine based on the evolutionary game as claimed in claim 1, characterized in that: the parameters determined in the step A comprise a ratio m of the computing power of a single ore pool to the total computing power of the bitcoin network, a probability sigma of DDoS attack failure and a cost coefficient lambda for launching the DDoS attack.

4. The DDoS attack analysis and decision method for the Bingxin mine based on the evolutionary game as claimed in claim 3, characterized in that: when two ore ponds adopt a conservative ore digging strategy, the respective benefits are B_mM(ii) a When one ore pool adopts a conservative excavation strategy and the other ore pool adopts a DDoS attack launching strategy, the yield of the conservative excavation square ore pool is B_mDAnd the income U of the DDoS attack side mine pool is launched_DM＝B_mM+B_e-C_D(ii) a When two ore ponds are both the ore ponds of the attack side initiating the DDoS, the earnings of the two ore ponds are both U_DD＝B_mD-C_D；

5. The DDoS attack analysis and decision method for the Bingxin mine based on the evolutionary game as claimed in claim 1, characterized in that: the solving of the evolutionary game balance in the step C specifically comprises the following steps:

designing a strategy, wherein when the attacked ore pool adopts the strategy, both the two ore pools tend to conservatively dig the ore, and the evolutionary game reaches balance;

the counterattack strategy of the next round selected by the mine pool attacked in the current round in the step C is specifically as follows:

if the strategy selected by the previous wheel is conservative excavation, the wheel repeats the strategy selected by the previous wheel; if the strategy of the opposite party in the previous round is to initiate DDoS attack, the round selects the strategy opposite to the strategy in the previous round;