Detectability of Low-Rate HTTP Server DoS Attacks using Spectral Analysis
2015 (English)In: PROCEEDINGS OF THE 2015 IEEE/ACM INTERNATIONAL CONFERENCE ON ADVANCES IN SOCIAL NETWORKS ANALYSIS AND MINING (ASONAM 2015), Association for Computing Machinery (ACM), 2015, 954-961 p.Conference paper (Refereed)Text
Denial-of-Service (DoS) attacks pose a threat to any service provider on the internet. While traditional DoS flooding attacks require the attacker to control at least as much resources as the service provider in order to be effective, so-called low-rate DoS attacks can exploit weaknesses in careless design to effectively deny a service using minimal amounts of network traffic. This paper investigates one such weakness found within version 2.2 of the popular Apache HTTP Server software. The weakness concerns how the server handles the persistent connection feature in HTTP 1.1. An attack simulator exploiting this weakness has been developed and shown to be effective. The attack was then studied with spectral analysis for the purpose of examining how well the attack could be detected. Similar to other papers on spectral analysis of low-rate DoS attacks, the results show that disproportionate amounts of energy in the lower frequencies can be detected when the attack is present. However, by randomizing the attack pattern, an attacker can efficiently reduce this disproportion to a degree where it might be impossible to correctly identify an attack in a real world scenario.
Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2015. 954-961 p.
Low-rate DoS attack, attack simulator, Apache HTTP Server, attack detection, spectral analysis
Computer and Information Science
IdentifiersURN: urn:nbn:se:kth:diva-185413DOI: 10.1145/2808797.2808810ISI: 000371793500146ScopusID: 2-s2.0-84962601415ISBN: 978-1-4503-3854-7OAI: oai:DiVA.org:kth-185413DiVA: diva2:920263
IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), AUG 25-28, 2015, Paris, FRANCE
QC 201604182016-04-182016-04-182016-04-18Bibliographically approved