"Detectability of low-rate HTTP server DoS attacks using spectral analysis"
Title | "Detectability of low-rate HTTP server DoS attacks using spectral analysis" |
Publication Type | Conference Paper |
Year of Publication | 2015 |
Authors | J. Brynielsson, R. Sharma |
Conference Name | 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM) |
Date Published | Aug |
Publisher | IEEE |
ISBN Number | 978-1-4503-3854-7 |
Accession Number | 15775550 |
Keywords | advanced persistent threat, Apache HTTP Server, Apache HTTP Server software, attack detection, attack simulator, Computer crime, computer network security, denial-of-service attacks, DoS attacks, DoS flooding attacks, HTTP 1.1, HTTP server, hypermedia, Instruction sets, Internet, Low-rate DoS attack, network traffic, Operating systems, pubcrawl170101, Servers, Social network services, Spectral analysis, telecommunication traffic, Temperature measurement, transport protocols |
Abstract | Denial-of-Service (DoS) attacks pose a threat to any service provider on the internet. While traditional DoS flooding attacks require the attacker to control at least as much resources as the service provider in order to be effective, so-called low-rate DoS attacks can exploit weaknesses in careless design to effectively deny a service using minimal amounts of network traffic. This paper investigates one such weakness found within version 2.2 of the popular Apache HTTP Server software. The weakness concerns how the server handles the persistent connection feature in HTTP 1.1. An attack simulator exploiting this weakness has been developed and shown to be effective. The attack was then studied with spectral analysis for the purpose of examining how well the attack could be detected. Similar to other papers on spectral analysis of low-rate DoS attacks, the results show that disproportionate amounts of energy in the lower frequencies can be detected when the attack is present. However, by randomizing the attack pattern, an attacker can efficiently reduce this disproportion to a degree where it might be impossible to correctly identify an attack in a real world scenario. |
URL | http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7403661&isnumber=7403513 |
DOI | 10.1145/2808797.2808810 |
Citation Key | 7403661 |
- hypermedia
- transport protocols
- Temperature measurement
- telecommunication traffic
- Spectral analysis
- Social network services
- Servers
- pubcrawl170101
- operating systems
- network traffic
- Low-rate DoS attack
- internet
- Instruction sets
- advanced persistent threat
- HTTP server
- HTTP 1.1
- DoS flooding attacks
- DoS attacks
- denial-of-service attacks
- computer network security
- Computer crime
- attack simulator
- Attack detection
- Apache HTTP Server software
- Apache HTTP Server