A Super-Nash Equilibrium Defense Solution for Client-Side Cache Poisoning Attacks

A new class of DNS poisoning attacks targeting client-side DNS caches has recently emerged. This attack works with external attackers to poison users’ DNS cache through a spy program installed on the client side to induce users to visit the wrong web pages. However, the client-side defenses that can be applied have problems such as difficulty in deployment, the low correct rate of defense detection, and the inability to deal with intelligent attackers effectively. Therefore, we propose a novel double oracle algorithm Neural Online Double Oracle, for defending the client-side against intelligent attackers. The algorithm uses a new way of combining neural networks with reinforcement learning to build a mapping from the environment to the equilibrium solution. The algorithm can be deployed on a lightweight system framework to force the adversary’s strategy to an equilibrium point when it does not know the adversary and to find the best strategy when familiar with it. First, we describe the offensive and defensive adversarial scenarios in the language of imperfect information games. Then we design the Neural Online Double Oracle algorithm and prove its convergence for the scenario’s limited but rapidly changing state space. Finally, we experimentally verify that the algorithm can converge effectively and has the desired defense success rate.