In today's world, the volume of cyber attacks grows every year. These attacks can cause many people or companies high financial losses or loss of private data. One of the most common types of attack on the Internet is a DoS (denial-of-service) attack, which, despite its simplicity, can cause catastrophic consequences. A slow DoS attack attempts to make the Internet service unavailable to users. Due to the small data flows, these attacks are very similar to legitimate users with a slow Internet connection. Accurate detection of these attacks is one of the biggest challenges in cybersecurity. In this paper, we implemented our proposal of eleven major and most dangerous slow DoS attacks and introduced an advanced attack generator for testing vulnerabilities of protocols, servers, and services. The main motivation for this research was the absence of a similarly comprehensive generator for testing slow DoS vulnerabilities in network systems. We built an experimental environment for testing our generator, and then we performed a security analysis of the five most used web servers. Based on the discovered vulnerabilities, we also discuss preventive and detection techniques to mitigate the attacks. In future research, our generator can be used for testing slow DoS security vulnerabilities and increasing the level of cyber security of various network systems.

Department of Telecommunications Faculty of Electrical Engineering and Communications Brno University of Technology Technicka 12 616 00 Brno Czech Republic

Zobrazit více v PubMed

Mahjabin T., Xiao Y., Sun G., Jiang W. A survey of distributed denial-of-service attack, prevention, and mitigation techniques. Int. J. Distrib. Sens. Netw. 2017;13:1550147717741463. doi: 10.1177/1550147717741463. DOI

Cambiaso E., Papaleo G., Aiello M. Recent Trends in Computer Networks and Distributed Systems Security. Springer; Berlin/Heidelberg, Germany: 2012. Taxonomy of Slow DoS Attacks to Web Applications; pp. 195–204. DOI

Cambiaso E., Papaleo G., Chiola G., Aiello M. Slow DoS attacks. Int. J. Trust Manag. Comput. Commun. 2013;1:300–319. doi: 10.1504/IJTMCC.2013.056440. DOI

Tripathi N., Hubballi N. Application Layer Denial-of-Service Attacks and Defense Mechanisms: A Survey. ACM Comput. Surv. 2021;54:1–33. doi: 10.1145/3448291. DOI

Shekyan S. Are You Ready for Slow Reading? Qualis 2012. [(accessed on 12 August 2021)]; Available online: https://blog.qualys.com/vulnerabilities-threat-research/2012/01/05/slow-read.

Cline K.R., Kustarz C., Hand C.R., Huston L.B. Method and Protection System for Mitigating Slow HTTP Attacks Using Rate and Time Monitoring. 8,856,913. U.S. Patent. 2014 Oct 7;

Shekyan S. How to Protect Against Slow HTTP Attacks? [(accessed on 12 August 2021)];2011 Qualys. Available online: https://blog.qualys.com/vulnerabilities-threat-research/2011/11/02/how-to-protect-against-slow-http-attacks.

Sikora M., Gerlich T., Malina L. On Detection and Mitigation of Slow Rate Denial of Service Attacks; Proceedings of the 2019 11th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT); Dublin, Ireland. 28–30 October 2019; pp. 1–5. DOI

Cambiaso E., Papaleo G., Aiello M. Slowcomm: Design, development and performance evaluation of a new slow DoS attack. J. Inf. Secur. Appl. 2017;35:23–31. doi: 10.1016/j.jisa.2017.05.005. DOI

Cambiaso E., Papaleo G., Aiello M., Chiola G. International Joint Conference. Springer; Cham, Switzerland: 2015. Designing and Modeling the Slow Next DoS Attack. DOI

Cambiaso E., Aiello M., Mongelli M., Vaccari I. Proceedings of the 15th International Conference on Availability, Reliability and Security (ARES’20) Association for Computing Machinery; New York, NY, USA: 2020. Detection and Classification of Slow DoS Attacks Targeting Network Servers. DOI

Aiello M., Cambiaso E., Mongelli M., Papaleo G. An On-Line Intrusion Detection Approach to Identify Low-Rate DoS Attacks; Proceedings of the 2014 International Carnahan Conference on Security Technology (ICCST); Rome, Italy. 13–16 October 2014; pp. 1–6. DOI

Phan T.V., Gias T.M.R., Islam S.T., Huong T.T., Thanh N.H., Bauschert T. Q-MIND: Defeating Stealthy DoS Attacks in SDN with a Machine-Learning Based Defense Framework; Proceedings of the 2019 IEEE Global Communications Conference (GLOBECOM); Waikoloa, HI, USA. 9–13 December 2019; pp. 1–6. DOI

Hong K., Kim Y., Choi H., Park J. SDN-Assisted Slow HTTP DDoS Attack Defense Method. IEEE Commun. Lett. 2017;22:688–691. doi: 10.1109/LCOMM.2017.2766636. DOI

Punitha V., Mala C., Rajagopalan N. A novel deep learning model for detection of denial of service attacks in HTTP traffic over internet. Int. J. Ad Hoc Ubiquitous Comput. 2020;33:240–256. doi: 10.1504/IJAHUC.2020.106666. DOI

Cambiaso E., Chiola G., Aiello M. Introducing the SlowDrop Attack. Comput. Netw. 2019;150:234–249. doi: 10.1016/j.comnet.2019.01.007. DOI

Belshe M., Peon R., Thomson M. Hypertext Transfer Protocol Version 2 (HTTP/2) RFC Ed. 2015;7540:1–96. doi: 10.17487/RFC7540. DOI

Adi E., Baig Z., Lam C., Hingston P. Low-Rate Denial-of-Service Attacks against HTTP/2 Services; Proceedings of the 2015 5th International Conference on IT Convergence and Security (ICITCS); Kuala Lumpur, Malaysia. 24–27 August 2015; pp. 1–5. DOI

Adi E., Baig Z., Hingston P., Lam C. Distributed denial-of-service attacks against HTTP/2 services. Clust. Comput. 2016;19:79–86. doi: 10.1007/s10586-015-0528-7. DOI

HTTP/2: In-depth Analysis of the Top Four Flaws of the Next Generation Web Protocol. [(accessed on 12 August 2021)];IMPERVA: Hacker Intelligent Initiative. 2016 Available online: https://www.imperva.com/docs/Imperva_HII_HTTP2.pdf.

Winkel S. Network Forensics and HTTP/2. [(accessed on 12 August 2021)];2015 SANS Institute: InfoSec Reading Room. Available online: https://www.sans.org/white-papers/36647/

Tripathi N., Hubballi N. Slow Rate Denial of Service Attacks Against HTTP/2 and Detection. Comput. Secur. 2017;72:255–272. doi: 10.1016/j.cose.2017.09.009. DOI

Adi E., Baig Z., Hingston P. Stealthy Denial of Service (DoS) Attack Modelling and Detection for HTTP/2 Services. J. Netw. Comput. Appl. 2017;91:1–13. doi: 10.1016/j.jnca.2017.04.015. DOI

Ling X., Wu C., Ji S., Han M. Security and Privacy in Communication Networks. Springer International Publishing; Cham, Switzerland: 2018. H2DoS: An Application-Layer DoS Attack Towards HTTP/2 Protocol; pp. 550–570. DOI

Praseed A., Thilagam P. Multiplexed Asymmetric Attacks: Next-Generation DDoS on HTTP/2 Servers. IEEE Trans. Inf. Forensics Secur. 2019;15:1790–1800. doi: 10.1109/TIFS.2019.2950121. DOI

Patni P., Iyer K., Sarode R., Mali A., Nimkar A. Man-in-the-middle attack in HTTP/2; Proceedings of the 2017 International Conference on Intelligent Computing and Control (I2C2); Coimbatore, India. 23–24 June 2017; pp. 1–6. DOI

Vaccari I., Aiello M., Cambiaso E. SlowITe, a Novel Denial of Service Attack Affecting MQTT. Sensors. 2020;20:2932. doi: 10.3390/s20102932. PubMed DOI PMC

Behal S., Saluja K. Characterization and Comparison of DDoS Attack Tools and Traffic Generators—A Review. Int. J. Netw. Secur. 2017;19:383–393. doi: 10.6633/IJNS.201703.19(3).07). DOI

Shekyan S. Slowhttptest. [(accessed on 12 August 2020)];2016 Available online: https://github.com/shekyan/slowhttptest.

Cika P., Clupek V. Stress Tester and Network Emulator in Apache JMeter; Proceedings of the 2019 Photonics & Electromagnetics Research Symposium–Spring (PIERS-Spring); Rome, Italy. 17–20 June 2019; pp. 3722–3726. DOI

Sikora M., Krivulcik A., Fujdiak R., Blazek P. Design of Advanced Slow Denial of Service Attack Generator; Proceedings of the 2020 12th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT); Brno, Czech Republic. 5–7 October 2020; pp. 99–104. DOI

Schuba C.L., Krsul I.V., Kuhn M.G., Spafford E.H., Sundaram A., Zamboni D. Analysis of a denial of service attack on TCP; Proceedings of the 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097); Oakland, CA, USA. 4–7 May 1997; pp. 208–223.

Suroto S. A Review of Defense Against Slow HTTP Attack. JOIV Int. J. Inform. Vis. 2017;1:127–134. doi: 10.30630/joiv.1.4.51. DOI

Dantas Y.G., Nigam V., Fonseca I.E. A Selective Defense for Application Layer DDoS Attacks; Proceedings of the 2014 IEEE Joint Intelligence and Security Informatics Conference; The Hague, The Netherlands. 24–26 September 2014; pp. 75–82.

Park J., Iwai K., Tanaka H., Kurokawa T. Analysis of Slow Read DoS attack; Proceedings of the 2014 International Symposium on Information Theory and Its Applications; Victoria, BC, Canada. 26–29 October 2014; pp. 60–64.

Pollard B. HTTP/2 in Action. Manning; Shelter Island, NY, USA: 2019.

Karimi K., Ahmadi A., Ahmadi M., Bahrambeigy B. Acceleration of IPTABLES Linux Packet Filtering Using GPGPU; Proceedings of the 2013 Symposium on Computer Science and Software Engineering (CSSE); Tehra, Iran. 25 December 2013; DOI

Shekyan S. SlowHTTPTest Package Description. [(accessed on 20 July 2021)]; Available online: https://tools.kali.org/stress-testing/slowhttptest.

Geniar M. Slowloris. [(accessed on 22 July 2021)];2015 Available online: https://github.com/mattiasgeniar/slowloris.

Gilbert C. PyLoris. [(accessed on 22 July 2021)];2009 Available online: https://motoma.io/pyloris/

Chaddha S. Rudyjs. [(accessed on 22 July 2021)];2018 Available online: https://github.com/sahilchaddha/rudyjs.

Usage Statistics of Apache Version 2.4. [(accessed on 31 March 2021)];W3Techs. Available online: https://w3techs.com/technologies/details/ws-apache/2.4.

Kneschke J. Lighttpd 1.4.56. [(accessed on 30 March 2021)];2020 Available online: https://www.lighttpd.net/2020/11/29/1.4.56/

Faria V.S., Gonçalves J.A., Silva C.A.M., Vieira G.B., Mascarenhas D.M. SDToW: A Slowloris Detecting Tool for WMNs. Information. 2020;11:544. doi: 10.3390/info11120544. DOI

Amin Azad B., Starov O., Laperdrix P., Nikiforakis N. Web Runner 2049: Evaluating Third-Party Anti-bot Services. In: Maurice C., Bilge L., Stringhini G., Neves N., editors. Detection of Intrusions and Malware, and Vulnerability Assessment. Springer International Publishing; Cham, Switzerland: 2020. pp. 135–159. DOI