WiP: Slow Rate HTTP Attack Detection with Behavioral Parameters

Sood, Shaurya; Saikia, Manash; Hubballi, Neminath

doi:10.1007/978-3-030-92571-0_2

Cited by 3 publications

(2 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many methods for detecting application layer slow rate DoS attacks use thresholds on the number of connections. Such simple detection methods are easy to evade [27], [28]. The attack mitigation methods come in the form of traffic filtering techniques [13], [11] which filter the incomplete HTTP requests taking into account how many such requests come from a particular IP address.…”

Section: Introductionmentioning

confidence: 99%

“…The mitigation and detection methods proposed for slow rate attacks come in the form of implementation modules like 'Core' [7], 'Antiloris' [24], 'Limitipconn ' [25] and 'mod_reqtimeout ' [26] which are deployed either at server or overlay based techniques [6] that carry the traffic to a third party site for inspection and methods based on extracting the statistics [30]. However, these methods use a limited set of features based on thresholds and are prone to evasion [28]. Taking motivation from these, in this paper we describe SlowTrack 1 a method designed to detect slow rate DoS attacks.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

SlowTrack: Detecting Slow Rate Denial of Service Attacks againstHTTP with Behavioral Parameters

Sood

Hubballi

2022

Preprint

View full text Add to dashboard Cite

Denial of Service (DoS) attacks have evolved from volumetric attacks to target specific applications and can cripple different services with very limited effort. Hypertext Transfer Protocol (HTTP) is vulnerable to a slow rate DoS attack generated through prolonged connections which deliberately send incomplete requests to server. Simple detection methods which use $x$ number of such connections in $y$ time can be easily evaded. In this paper, we present SlowTrack which can detect slow rate DoS attacks against HTTP using a set of behavioral parameters. SlowTrack uses eight behavioral parameters which are validated to be useful in identifying the attack. We correlate these parameters to understand how their values change when attack is launched and subsequently use these observations to propose detection methods. \texttt{SlowTrack} is composed of three detection algorithms which make use of these observations for detecting attacks. We evaluate the detection performance of \texttt{SlowTarck} using experiments done in a testbed and also in a live network to show that these algorithms can detect the slow rate attacks effectively.

show abstract