SlowTrack: detecting slow rate Denial of Service attacks against HTTP with behavioral parameters.

Saved in:
Bibliographic Details
Title: SlowTrack: detecting slow rate Denial of Service attacks against HTTP with behavioral parameters.
Authors: Sood, Shaurya1 (AUTHOR), Hubballi, Neminath1 (AUTHOR) neminath@iiti.ac.in
Source: Journal of Supercomputing. Jan2024, Vol. 80 Issue 2, p1788-1817. 30p.
Subjects: Denial of service attacks, HTTP (Computer network protocol)
Abstract: Denial of Service (DoS) attacks have evolved from volumetric attacks to target specific applications and can cripple different services with very limited effort. Hypertext Transfer Protocol (HTTP) is vulnerable to a slow rate DoS attack generated through prolonged connections which deliberately send incomplete requests to server. Simple detection methods which use x number of such connections in y time can be easily evaded. In this paper, we present SlowTrack which can detect slow rate DoS attacks against HTTP using a set of behavioral parameters. SlowTrack uses eight behavioral parameters which are validated to be useful in identifying the attack. We correlate these parameters to understand how their values change when attack is launched and subsequently use these observations to propose detection methods. SlowTrack is composed of three detection algorithms which make use of these observations for detecting attacks. We evaluate the detection performance of SlowTarck using experiments done in a testbed and also in a live network to show that these algorithms can detect the slow rate attacks effectively. [ABSTRACT FROM AUTHOR]
Copyright of Journal of Supercomputing is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Engineering Source
Full text is not displayed to guests.
Description
Abstract:Denial of Service (DoS) attacks have evolved from volumetric attacks to target specific applications and can cripple different services with very limited effort. Hypertext Transfer Protocol (HTTP) is vulnerable to a slow rate DoS attack generated through prolonged connections which deliberately send incomplete requests to server. Simple detection methods which use x number of such connections in y time can be easily evaded. In this paper, we present SlowTrack which can detect slow rate DoS attacks against HTTP using a set of behavioral parameters. SlowTrack uses eight behavioral parameters which are validated to be useful in identifying the attack. We correlate these parameters to understand how their values change when attack is launched and subsequently use these observations to propose detection methods. SlowTrack is composed of three detection algorithms which make use of these observations for detecting attacks. We evaluate the detection performance of SlowTarck using experiments done in a testbed and also in a live network to show that these algorithms can detect the slow rate attacks effectively. [ABSTRACT FROM AUTHOR]
ISSN:09208542
DOI:10.1007/s11227-023-05453-3