Proceedings ArticleDOI
How Secure are Web Servers? An Empirical Study of Slow HTTP DoS Attacks and Detection
Nikhil Tripathi,Neminath Hubballi,Yogendra Singh +2 more
- pp 454-463
Reads0
Chats0
TLDR
This paper does an empirical study on different HTTP servers for their vulnerability against slow HTTP DoS attacks and proposes a method to detect Slow HTTP Dos attack, an anomaly detection system which measures the Hellinger distance between two probability distributions generated in training and testing phases.Abstract:
Slow HTTP Denial of Service (DoS) is an application layer DoS attack in which large number of incomplete HTTP requests are sent. If number of such open connections in the server exhaust a preset threshold, server does not accept any new connections thus creating DoS. In this paper we make twofold contributions. We do an empirical study on different HTTP servers for their vulnerability against slow HTTP DoS attacks. Subsequently we propose a method to detect Slow HTTP Dos attack. The proposed detection system is an anomaly detection system which measures the Hellinger distance between two probability distributions generated in training and testing phases. In the training phase it creates a normal profile as a probability distribution comprising of complete and incomplete HTTP requests. In case of Slow HTTP attack the proportion of incomplete messages is increased in the overall traffic and detection system leverages this for detection by generating another probability distribution and finding difference between two probability distributions. We experiment by collecting data from a real web server and report the detection performance of proposed detection system.read more
Citations
More filters
The Self-Organizing Map
TL;DR: An overview of the self-organizing map algorithm, on which the papers in this issue are based, is presented in this article, where the authors present an overview of their work.
Journal ArticleDOI
DDoS Attacks at the Application Layer: Challenges and Research Perspectives for Safeguarding Web Applications
Amit Praseed,P. Santhi Thilagam +1 more
TL;DR: This paper attempts to explore the entire spectrum of application layer DDoS attacks using critical features that aid in understanding how these attacks can be executed to help researchers understand why a particular group of features are useful in detecting a particular class of attacks.
Journal ArticleDOI
Distributed denial of service attacks and its defenses in IoT: a survey
TL;DR: This survey is a comprehensive approach which includes general DDoS attack motivations and specific reasons why attackers prefer IoT devices to launch DDoS attacks, and proposes to implement an essential first line of defense for IoT devices.
Journal ArticleDOI
SDN-Assisted Slow HTTP DDoS Attack Defense Method
TL;DR: Simulation results show that the proposed network-based Slow HTTP DDoS attack defense method successfully protects Web servers against Slow HTTPDDoS attacks.
Journal ArticleDOI
Software-defined Networking-based DDoS Defense Mechanisms
TL;DR: A detailed study on DDoS threats prevalent in SDN is presented, and an extensive review towards the advancement of the SDN security is provided to the researchers and IT communities.
References
More filters
Journal ArticleDOI
The self-organizing map
TL;DR: The self-organizing map, an architecture suggested for artificial neural networks, is explained by presenting simulation experiments and practical applications, and an algorithm which order responses spatially is reviewed, focusing on best matching cell selection and adaptation of the weight vectors.
The Self-Organizing Map
TL;DR: An overview of the self-organizing map algorithm, on which the papers in this issue are based, is presented in this article, where the authors present an overview of their work.
Journal ArticleDOI
NOX: towards an operating system for networks
TL;DR: The question posed here is: Can one build a network operating system at significant scale?
Proceedings ArticleDOI
Lightweight DDoS flooding attack detection using NOX/OpenFlow
TL;DR: This work presents a lightweight method for DDoS attack detection based on traffic flow features, in which the extraction of such information is made with a very low overhead compared to traditional approaches.
Journal ArticleDOI
An Overview of IP Flow-Based Intrusion Detection
TL;DR: The paper provides a classification of attacks and defense techniques and shows how flow-based techniques can be used to detect scans, worms, Botnets and (DoS) attacks.