Cluster Computing

, Volume 19, Issue 1, pp 79–86 | Cite as

Distributed denial-of-service attacks against HTTP/2 services

  • Erwin Adi
  • Zubair A. Baig
  • Philip Hingston
  • Chiou-Peng Lam


HTTP/2 is the second major version of the HTTP protocol published by the internet engineering steering group. The protocol is designed to improve reliability and performance Such enhancements have thus delineated the protocol as being more vulnerable to distributed denial-of-service (DDoS) attacks when compared to its predecessor. Recent phenomenon showed that legitimate traffic or flash crowds could have high-traffic flow characteristics as seen in DDoS attacks. In this paper, we demonstrate that legitimate HTTP/2 flash crowd traffic can be launched to cause denial of service. To the best of our knowledge, no previous study has been conducted to analyse the effect of both DDoS as well as flash crowd traffic against HTTP/2 services. Results obtained prove the effect of such attacks when tested under four varying protocol-dependant attack scenarios.


DDoS attacks HTTP/2 attack Modeling 


  1. 1.
    Agrawal, P., Gupta, B., Jain, S.: SVM based scheme for predicting number of zombies in a DDoS attack. In: Intelligence and Security Informatics Conference (EISIC), 2011 European, pp. 178–182. IEEE (2011)Google Scholar
  2. 2.
    Barthakur, P., Dahal, M., Ghose, M.K.: An efficient machine learning based classification scheme for detecting distributed command & control traffic of P2P botnets. Int. J. Mod. Educ. Comput. Sci. (IJMECS) 5(10), 9 (2013)CrossRefGoogle Scholar
  3. 3.
    Belshe, M., Peon, R., Thomson, M.: Hypertext Transfer Protocol version 2 (HTTP/2). Report RFC 7540, Internet Engineering Task Force (May 2015)Google Scholar
  4. 4.
  5. 5.
    Chang, R.K.: Defending against flooding-based distributed denial-of-service attacks: a tutorial. Commun. Mag., IEEE 40(10), 42–51 (2002)CrossRefGoogle Scholar
  6. 6.
    Choi, J., Choi, C., Ko, B., Kim, P.: A method of DDoS attack detection using HTTP packet pattern and rule engine in cloud computing environment. Soft Comput. 18, 1–7 (2014)CrossRefGoogle Scholar
  7. 7.
    Crosby, S.A., Wallach, D.S.: Denial of service via algorithmic complexity attacks. In: Usenix Security, vol. 2 (2003)Google Scholar
  8. 8.
    Garg, S., Singh, A.K., Sarje, A.K., Peddoju, S.K.: Behaviour analysis of machine learning algorithms for detecting P2P botnets. In: Advanced Computing Technologies (ICACT), 2013 15th International Conference on, pp. 1–4. IEEE (2013)Google Scholar
  9. 9.
    Grigorik, I.: High Performance Browser Networking: what Every Web Developer should Know About Networking and Web Performance. ” O’Reilly Media, Inc”., New York (2013)Google Scholar
  10. 10.
    Heron, S.: Denial of service: motivations and trends. Netw. Secur. 2010(5), 10–12 (2010)CrossRefGoogle Scholar
  11. 11.
    Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites. In: Proceedings of the 11th international conference on World Wide Web, pp. 293–304. ACM (2002)Google Scholar
  12. 12.
    Liu, H., Zhang, Y., Lin, H., Wu, J., Wu, Z., Zhang, X.: How many zombies around you? In: Data Mining (ICDM), 2013 IEEE 13th International Conference on, pp. 1133–1138. IEEE (2013)Google Scholar
  13. 13.
    Malialis, K., Kudenko, D.: Large-scale DDoS response using cooperative reinforcement learning. In: 11th European Workshop on Multi-Agent Systems (EUMAS) (2013)Google Scholar
  14. 14.
    Mansfield-Devine, S.: DDoS: threats and mitigation. Netw. Secur. 2011(12), 5–12 (2011)CrossRefGoogle Scholar
  15. 15.
    Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)CrossRefGoogle Scholar
  16. 16.
    Ni, T., Gu, X., Wang, H., Li, Y.: Real-time detection of application-layer DDoS attack using time series analysis. J. Control Sci. Eng. 2013, 4 (2013)CrossRefzbMATHGoogle Scholar
  17. 17.
    Rahmani, H., Sahli, N., Kamoun, F.: Distributed denial-of-service attack detection scheme-based joint-entropy. Secur. Commun. Netw. 5(9), 1049–1061 (2012)CrossRefGoogle Scholar
  18. 18.
    Salah, K., Sattar, K., Sqalli, M., Al-Shaer, E.: A potential low-rate DoS attack against network firewalls. Secur. Commun. Netw. 4(2), 136–146 (2011)CrossRefGoogle Scholar
  19. 19.
    Tsujikawa, T.: Nghttp2: HTTP/2 C library (2015).
  20. 20.
    Ye, C., Zheng, K.: Detection of application layer distributed denial of service. In: Computer Science and Network Technology (ICCSNT), 2011 International Conference on, vol. 1, pp. 310–314. IEEE (2011)Google Scholar
  21. 21.
    Yu, S., Zhou, W., Jia, W., Guo, S., Xiang, Y., Tang, F.: Discriminating DDoS attacks from flash crowds using flow correlation coefficient. Parallel Distrib. Syst., IEEE Trans. 23(6), 1073–1080 (2012)CrossRefGoogle Scholar
  22. 22.
    Zhou, W., Jia, W., Wen, S., Xiang, Y., Zhou, W.: Detection and defense of application-layer DDoS attacks in backbone web traffic. Futur. Gener. Comput. Syst. 38, 36–46 (2014)CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2016

Authors and Affiliations

  • Erwin Adi
    • 1
  • Zubair A. Baig
    • 2
  • Philip Hingston
    • 1
  • Chiou-Peng Lam
    • 1
  1. 1.School of ScienceEdith Cowan UniversityJoondalupAustralia
  2. 2.School of Science and Security Research InstituteEdith Cowan UniversityJoondalupAustralia

Personalised recommendations