Application-layer denial of service attacks: taxonomy and survey

Μαντάς, Γεώργιος; Stakhanova, Natalia; Gonzalez, Hugo; Jazi, Hossein Hadian; Ghorbani, Ali A.

doi:10.1504/ijics.2015.073028

Cited by 27 publications

(11 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The attacker machine was connected to the Internet and was responsible for sending the web server a small number of attack (Attack-1 to 5) requests at regular intervals. Moreover, the attacker terminated a connection 4 from which an attack request was sent as soon as 100 seconds progressed after the connection establishment. This was to ensure that such attack requests did not deplete the server's connection queue space.…”

Section: Detection Phasementioning

confidence: 99%

“…A PPLICATION layer Denial-of-Service (DoS) attacks are a newer class of DoS attacks that exploit vulnerabilities present in the application layer protocols such as HTTP, NTP, DHCP [1], [2], [3]. These attacks target specific services (e.g., web, mail, file transfer) running on a victim computer with a relatively slighter impact on the network resources [4], [5]. One famous example of application layer DoS attacks is the Slow Rate DoS attack.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Delays have Dangerous Ends: Slow HTTP/2 DoS attacks into the Wild and their Real-Time Detection using Event Sequence Analysis

Tripathi¹

2022

Preprint

View full text Add to dashboard Cite

The robustness principle, written by Jon Postel in an early version of TCP implementation, states that the communicating entities should be liberal while accepting the data. Several entities on the Internet do follow this principle. For instance, in this work, we show that many popular web servers on the Internet are generous as they wait for a substantial time period to receive the remaining portion of an incomplete web request. Unfortunately, this behavior also makes them vulnerable to a class of cyber attacks, commonly known as Slow Rate DoS attacks. HTTP/2, the recent version of HTTP, is recently found vulnerable to these attacks. However, the impact of Slow HTTP/2 DoS attacks on real web servers on the Internet has not been studied yet. Also, to the best of our knowledge, there is no defense scheme known to detect Slow Rate DoS attacks against HTTP/2 in real-time. To bridge these gaps, we first test the behavior of HTTP/2 supporting web servers on the Internet against Slow HTTP/2 DoS attacks. Subsequently, we propose a scheme to detect these attacks in real-time. We show that the proposed detection scheme can detect attacks in real-time with high accuracy and marginal computational overhead.

show abstract

Section: Detection Phasementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Delays have Dangerous Ends: Slow HTTP/2 DoS attacks into the Wild and their Real-Time Detection using Event Sequence Analysis

Tripathi¹

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…This kind of attack results in the inability of legitimate users to access services and is thus denoted as DoS (Denial of Service) attacks [3]. Consider the following attack situation: A hacker can send several service inquiries to the enterprise to register with organization or obtain connection to some enterprises legitimate service instances.…”

Section: A Overview Of Ddos Attackmentioning

confidence: 99%

Analysis of Different Attacks on Software Defined Network and Approaches to Mitigate using Intelligent Techniques

Karthika¹,

Karmel²

2021

IJACSA

View full text Add to dashboard Cite

The detection of DDoS (Distributed Denial of Service) attacks is essential topic under network security. DDoS attacks cause network services to become unavailable by repeatedly flooding servers with unwanted traffic. The volume, magnitude, and complexity of these attacks increased dramatically as a result of low-cost Internet connections and easily available attack tools. Both Software Defined Networking (SDN) and Deep Learning (DL) have recently found a number of practical and fascinating applications in industry and academia. SDN enables centralized management, a global view of the overall network, and configurable control planes, allowing network devices to adapt to diverse applications. When applied to diverse categorization problems, DL-based approaches outperformed classic machine learning techniques, while SDN characteristics offer better network monitoring and security of the managed network when compared to traditional networks. By inheriting the non-linearity of neural networks, they increase feature extraction and reduction from a high-dimensional dataset in an unsupervised way. An overview of deep learning algorithms for sensing distributed denial of service attacks in softwaredefined networks with Deep learning is presented within this article. Furthermore, SDN environment is simulated in Mininet using RYU controller. In addition, each paper's mitigation method is examined in the survey.

show abstract

“…The detection of HTTP based application layer DDoS attacks are implemented with flow feature in distributed environments for diversified traffics. The authors [22] mainly focused on the slow rate DDoS attacks with HTTP requests targeting server HTTP. The bots from the botnet establishes a connections or sessions with incomplete GET or POST methods of HTTP requests to launch the slow rate attacks.…”

Section: Review Of Flow Based Intrusion Detectionmentioning

confidence: 99%

Flow based intrusion Detection system with Whale Optimization and Evolutionary Algorithms (EA) for Diversified Traffic Streams

Rajiv¹,

Chandra²,

Prashanthi³

et al. 2021

Preprint

View full text Add to dashboard Cite

The technological growth and advances in the internet led to the generation of huge volume of data that networks must be capable of transmitting. Providing security to this data is a challenging task. The development in the internet attracts several vulnerable attacks. The researchers in the literature proposed several machine learning, Deep learning and ANN based approaches for efficient attack detection. However, these approaches are prone to high false alarm rates and exhibits poor performance for diversified incoming traffic, because these methodologies relay on the packet level or transaction level features. The performance is inversely proposal to the diversity ratio of packet level features. To handle this, we introduced a combination of high-performed evolutionary algorithms and neural networks for attack classification at flow level with low false alarm rates and high detection accuracy. A unique set of flow features are defined to handle the traffic at flow level and optimal feature selection using whale Optimization Algorithm (WOA). The gravitational search (GS), and particle swarm optimization (PSO) combinations are used in attack detection phase to train the ANN and results proposed model as GSPSO-ANN with WOA. The performance of the proposed model is evaluated with NSL-KDD and CSE-CIC-IDS2018 datasets. The results are compared with other ANN based conventional methods. The results inferred that the proposed GSPSO-ANN with WOA attained maximum detection accuracy with low false alarm rates and processing time and also maintained consistency in the performance for diversified traffic.

show abstract

Application-layer denial of service attacks: taxonomy and survey

Cited by 27 publications

References 29 publications

Delays have Dangerous Ends: Slow HTTP/2 DoS attacks into the Wild and their Real-Time Detection using Event Sequence Analysis

Delays have Dangerous Ends: Slow HTTP/2 DoS attacks into the Wild and their Real-Time Detection using Event Sequence Analysis

Analysis of Different Attacks on Software Defined Network and Approaches to Mitigate using Intelligent Techniques

Flow based intrusion Detection system with Whale Optimization and Evolutionary Algorithms (EA) for Diversified Traffic Streams

Contact Info

Product

Resources

About