Top

Published in:

2024 | OriginalPaper | Chapter

An Accurate and Real-Time Detection Method for Concealed Slow HTTP DoS in Backbone Network

Authors : Jinfeng Chen, Hua Wu, Suyue Wang, Guang Cheng, Xiaoyan Hu

Published in: ICT Systems Security and Privacy Protection

Publisher: Springer Nature Switzerland

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Slow HTTP DoS (SHD) is a type of DoS attack based on HTTP/HTTPS. SHD traffic at the application layer may be encrypted. Besides, the interval between packets can reach tens of seconds or more due to its slow sending rate. Therefore, SHD is concealed for detection. The methods for detecting high-speed DoS are not suitable for detecting the attack, making detection for SHD a challenging problem. Some existing SHD detection methods are complex and computationally intensive, making it hard to meet the demand for real-time in backbone networks. In addition, most of these methods are based on bidirectional traffic and do not consider the asymmetry of routing on the Internet. In this paper, based on the traffic characteristics of the most common types of SHD, we extract several representative features from unidirectional flows. These features can still work well under sampling and asymmetric routing scenarios. We also use Slow HTTP DoS Sketch to record the features quickly and accurately. In experiments that used public backbone datasets as background traffic, the results show that even with a large number of unidirectional flows and a sampling rate of 1/64, our method can still accurately detect SHD traffic within 2 min.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Automated and Improved Detection of Cyber Attacks via an Industrial IDS Probe

next chapter Towards an Information Privacy Competency Model for the Usage of Mobile Applications

Eliyan, L.F., Pietro, R.D.: DoS and DDoS attacks in software defined networks: a survey of existing solutions and research challenges. Future Gener. Comput. Syst. 122, 149–171 (2021)CrossRef

DDoS attacks reports in 2022. https://securelist.com/ddos-attacks-in-q2-2022/107025. Accessed 5 Mar 2023

Tripathi N., Hubballi N., Singh Y.: How secure are web servers? an empirical study of slow HTTP DoS attacks and detection. In: 11th International Conference on Availability, Reliability and Security (ARES), pp. 454–463. IEEE (2016). https://doi.org/10.1109/ARES.2016.20

Garcia, N., et al.: Distributed real-time SlowDoS attacks detection over encrypted traffic using Artificial Intelligence. J. Netw. Comput. Appl. 173, 102871 (2021)CrossRef

Rani, S.J., Ioannou, I., Nagaradjane, P., et al.: Detection of DDoS attacks in D2D communications using machine learning approach. Comput. Commun. 198, 32–51 (2023)CrossRef

Xu, C., Shen, J., Du, X.: Low-rate DoS attack detection method based on hybrid deep neural networks. J. Inf. Secur. Appl. 60, 102879 (2021)

Jazi, H.H., et al.: Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling. Comput. Netw. 121, 25–36 (2017)CrossRef

Wu H., Chen T., Shao Z., et al.: Accurate and fast detection of DDoS attacks in high-speed network with asymmetric routing. In: IEEE Global Communications Conference (GLOBECOM), pp. 1–6. IEEE (2021). https://doi.org/10.1109/GLOBECOM46510.2021.9685794

Reed A., Dooley L. S., Mostefaoui S. K.: A reliable real-time slow DoS detection framework for resource-constrained IoT networks. In: 2021 IEEE Global Communications Conference (GLOBECOM), pp. 1–6. IEEE (2021). https://doi.org/10.1109/GLOBECOM46510.2021.9685612

10.

MAWI Public Traffic Datasets. https://mawi.wide.ad.jp/mawi. Accessed 5 Mar 2023

11.

SlowHTTPTest Public Tool. https://github.com/shekyan/slowhttptest. Accessed 5 Mar 2023

12.

Lukaseder, T., Maile, L., Erb, B., Kargl, F.: SDN-assisted network-based mitigation of slow DDoS attacks. In: Beyah, R., Chang, B., Li, Y., Zhu, S. (eds.) SecureComm 2018. LNICST, vol. 255, pp. 102–121. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01704-0_6CrossRef

Title: An Accurate and Real-Time Detection Method for Concealed Slow HTTP DoS in Backbone Network
Authors: Jinfeng Chen
Hua Wu
Suyue Wang
Guang Cheng
Xiaoyan Hu
Publisher: Springer Nature Switzerland
Book: ICT Systems Security and Privacy Protection
Print ISBN: 978-3-031-56325-6

Electronic ISBN: 978-3-031-56326-3

Copyright Year: 2024
DOI: https://doi.org/10.1007/978-3-031-56326-3_15

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"