Delays Have Dangerous Ends: Slow HTTP/2 DoS Attacks Into the Wild and Their Real-Time Detection Using Event Sequence Analysis
2023; IEEE Computer Society; Volume: 21; Issue: 3 Linguagem: Inglês
10.1109/tdsc.2023.3276062
ISSN2160-9209
Autores Tópico(s)Advanced Malware Detection Techniques
ResumoJon Postel's robustness principle states that the communicating entities should be liberal while accepting the data. Several web servers on the Internet do follow this principle as they wait to receive the remaining portion of an incomplete web request. Unfortunately, this behaviour also makes them vulnerable to Slow Rate DoS attacks. A few approaches are known to counter Slow Rate DoS attacks against HTTP/1.1. However, those defence approaches are incompatible with HTTP/2 because of several operation differences between HTTP/1.1 and its successor, HTTP/2. Also, to the best of our knowledge, no defence scheme is known to detect Slow Rate DoS attacks against an HTTP/2 supporting web server in real-time . To bridge this gap, in this article, we propose an event sequence analysis-based scheme to detect Slow HTTP/2 DoS attacks. Using extensive experiments, we show that the scheme can detect attacks in real-time with high accuracy and marginal computational overhead. As an aside, we also present a study on the behaviour of popular HTTP/2 servers on the Internet against Slow HTTP/2 DoS attacks. Surprisingly, we noticed that several of them are vulnerable to these attacks, thereby justifying the requirement for an effective real-time detection strategy.
Referência(s)