Slow rate denial of service attacks against HTTP/2 and detection

Tripathi, Nikhil; Hubballi, Neminath

doi:10.1016/j.cose.2017.09.009

Cited by 64 publications

(50 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Ideally, the cost of the defense system should be less than the losses occurred due to the EDoS attack. The total cost is calculated using Equation (14) in three situations: (a) non-attack, (b) when defense system is inactive (attack), and (c) when defense system is active (attack). The total associated cost is based on the utilization of computing, memory, storage, and network resources.…”

Section: Cost Estimationmentioning

confidence: 99%

See 1 more Smart Citation

A proactive defense method for the stealthy EDoS attacks in a cloud environment

Agrawal

Tapaswi

2020

Int J Network Mgmt

View full text Add to dashboard Cite

Summary Cloud computing technology provides flexibility to Cloud Service Provider (CSP) for providing the cloud resources based on the users' requirements. In on‐demand pricing model, the attackers exploit this feature and cause unwanted scaling‐up of the cloud resources without any intent to pay for them. The associated cost for the unpaid malicious usage burdens the CSP, and over a long period, economic losses occur at the CSP end. Thus, the resources and services offered by the CSP become unsustainable, and the attack is termed as Economic Denial‐of‐Sustainability (EDoS) attack. The existing defense approaches for EDoS attacks are reactive. Thus, the associated attack detection/mitigation cost is high; consequently, the approaches are not suitable for the Small and Medium Enterprises (SMEs). The aim of this paper is to detect and mitigate, internal and external, stealthy EDoS attacks proactively. The attack is detected using average CPU utilization threshold and utility function (in terms of cost for the utilized cloud computing resources) and mitigated using virtual firewalls. Amazon Elastic Compute Cloud (Amazon EC2) is used to evaluate the performance of the proposed approach. The proposed approach accurately detects the EDoS attack and mitigates its effect as well with reduced cost. It is observed that the approach provides competitive response time, victim service downtime, and attack reporting time. Thus, the overall performance is improved.

show abstract

Section: Cost Estimationmentioning

confidence: 99%

“…So far, many variants of sophisticated attacks have been introduced, namely, Shrew attack, 11,12 Reduction-of-Quality (RoQ) attack, 13 Low Rate DDoS Attack against Application Server (LoRDAS), 14,15 and EDoS attack. [16][17][18] These attacks have slightly less traffic volume than the detection threshold.…”

mentioning

confidence: 99%

A proactive defense method for the stealthy EDoS attacks in a cloud environment

Agrawal

Tapaswi

2020

Int J Network Mgmt

View full text Add to dashboard Cite

show abstract

“…These three categories are generated using specific vulnerabilities in POST and GET request methods. Although these attacks were created first to target vulnerabilities of HTTP/1.1, they are still effective on the updated HTTP/2 [30]. A detailed categorization of slow HTTP DDoS attacks can be found in [31].…”

Section: Http Ddos Attacksmentioning

confidence: 99%

Detection System of HTTP DDoS Attacks in a Cloud Environment Based on Information Theoretic Entropy and Random Forest

Idhammad

Afdel

Belouch

2018

Security and Communication Networks

View full text Add to dashboard Cite

Cloud Computing services are often delivered through HTTP protocol. This facilitates access to services and reduces costs for both providers and end-users. However, this increases the vulnerabilities of the Cloud services face to HTTP DDoS attacks. HTTP request methods are often used to address web servers’ vulnerabilities and create multiple scenarios of HTTP DDoS attack such as Low and Slow or Flooding attacks. Existing HTTP DDoS detection systems are challenged by the big amounts of network traffic generated by these attacks, low detection accuracy, and high false positive rates. In this paper we present a detection system of HTTP DDoS attacks in a Cloud environment based on Information Theoretic Entropy and Random Forest ensemble learning algorithm. A time-based sliding window algorithm is used to estimate the entropy of the network header features of the incoming network traffic. When the estimated entropy exceeds its normal range the preprocessing and the classification tasks are triggered. To assess the proposed approach various experiments were performed on the CIDDS-001 public dataset. The proposed approach achieves satisfactory results with an accuracy of 99.54%, a FPR of 0.4%, and a running time of 18.5s.

show abstract

“…Figure 1 [9] show the transfer of frames which are usually done during the normal working of HTTP/2 protocol.…”

Section: Http/2 Protocol Overviewmentioning

confidence: 99%

“…• 1 st Payload from Client to Server: Once the TCP connection is established after the 3-way handshake, client will send Connection Preface, SETTINGS frame and WINDOW UPDATE frame on a stream with identification number 0 while the HEADERS frame is sent on another stream with identification number 1. Both these streams are a part of the 1 st HTTP/2 payload [9]. • 2 nd Payload from Server to Client: As soon as the server receives the 1 st HTTP/2 payload, it confirms the SETTINGS frame by sending an empty SETTINGS frame on the stream 0 as an acknowledgement.…”

Section: Http/2 Protocol Overviewmentioning

confidence: 99%

An Investigation on HTTP/2 Security

Suresh

Amritha

Mohan

et al. 2018

JCSM

View full text Add to dashboard Cite

In the current world scenario where everyone is using the Internet, it is becoming a strenuous task to preserve security. Furthermore the world is becoming progressively digital by the passing of each minute. A large portion of the Internet is conducted using the Hyper Text Transfer Protocol (HTTP). But in 2015, it underwent a consequential enhancement and was released as HTTP/2. HTTP/2 includes pipelining, response multiplexing, server push and header compression using HPACK besides the properties of HTTP/1.1. These properties make it difficult for the eavesdroppers to monitor or fingerprint a website running on HTTP/2. This paper deals with the research on how strong the HTTP/2 protocol keeps the user information hidden and secure. By monitoring a live network traffic, its properties with HTTP/2 is assessed. This study helps understand the different aspects of the protocol and its influence on the network and browsers.

show abstract

Slow rate denial of service attacks against HTTP/2 and detection

Cited by 64 publications

References 12 publications

A proactive defense method for the stealthy EDoS attacks in a cloud environment

A proactive defense method for the stealthy EDoS attacks in a cloud environment

Detection System of HTTP DDoS Attacks in a Cloud Environment Based on Information Theoretic Entropy and Random Forest

An Investigation on HTTP/2 Security

Contact Info

Product

Resources

About