Visible to the public "Detectability of low-rate HTTP server DoS attacks using spectral analysis"Conflict Detection Enabled

Title"Detectability of low-rate HTTP server DoS attacks using spectral analysis"
Publication TypeConference Paper
Year of Publication2015
AuthorsJ. Brynielsson, R. Sharma
Conference Name2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM)
Date PublishedAug
ISBN Number978-1-4503-3854-7
Accession Number15775550
Keywordsadvanced persistent threat, Apache HTTP Server, Apache HTTP Server software, attack detection, attack simulator, Computer crime, computer network security, denial-of-service attacks, DoS attacks, DoS flooding attacks, HTTP 1.1, HTTP server, hypermedia, Instruction sets, Internet, Low-rate DoS attack, network traffic, Operating systems, pubcrawl170101, Servers, Social network services, Spectral analysis, telecommunication traffic, Temperature measurement, transport protocols

Denial-of-Service (DoS) attacks pose a threat to any service provider on the internet. While traditional DoS flooding attacks require the attacker to control at least as much resources as the service provider in order to be effective, so-called low-rate DoS attacks can exploit weaknesses in careless design to effectively deny a service using minimal amounts of network traffic. This paper investigates one such weakness found within version 2.2 of the popular Apache HTTP Server software. The weakness concerns how the server handles the persistent connection feature in HTTP 1.1. An attack simulator exploiting this weakness has been developed and shown to be effective. The attack was then studied with spectral analysis for the purpose of examining how well the attack could be detected. Similar to other papers on spectral analysis of low-rate DoS attacks, the results show that disproportionate amounts of energy in the lower frequencies can be detected when the attack is present. However, by randomizing the attack pattern, an attacker can efficiently reduce this disproportion to a degree where it might be impossible to correctly identify an attack in a real world scenario.

Citation Key7403661