Intrusion Tolerance of Stealth DoS Attacks to Web Services

  • Massimo Ficco
  • Massimiliano Rak
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 376)


This paper focuses on one of the most harmful categories of Denial of Service attacks, commonly known in the literature as “stealth” attacks. They are performed avoiding to send significant volumes of data, by injecting into the network a low-rate flow of packets in order to evade rate-controlling detection mechanisms. This work presents an intrusion tolerance solution, which aims at providing minimal level of services, even when the system has been partially compromised by such attacks. It describes all protection phases, from monitoring to diagnosis and recovery. Preliminary experimental results show that the proposed approach results in a better performance of Intrusion Prevention Systems, in terms of reducing service unavailability during stealth attacks.


stealth attacks intrusion tolerance web services 


  1. 1.
    Kuzmanovic, A.: Low-rate tcp-targeted denial of service attacks and counter strategies. IEEE/ACM Trans. on Networking 14(4), 683–696 (2006)CrossRefGoogle Scholar
  2. 2.
    Zhang, Y., Mao, Z.M., Wang, J.: Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing. In: Proc. of the 14th Network and Distributed System Security Symposium, NDSS 2007 (February 2007)Google Scholar
  3. 3.
    Boggs, N., Hiremagalore, S., Stavrou, A., Stolfo, S.J.: Experimental Results of Cross-Site Exchange of Web Content Anomaly Detector Alerts. In: Proc. of the IEEE Int. Conf. on Technologies for Homeland Security, pp. 8–14 (November 2010)Google Scholar
  4. 4.
    Jensen, M., Gruschka, N., Herkenh, R.: A survey of attacks on web services. Computer Science 24(4), 185–197 (2009)Google Scholar
  5. 5.
    Jensen, M., Gruschka, N., Herkenh, R., Luttenberger, N.: SOA and Web Services: New Technologies, New Standards - New Attacks. In: Proc. of the Fifth European Conference on Web Services, pp. 35–44. IEEE CS (2007)Google Scholar
  6. 6.
    Kuzmanovic, A., Knightly, E.W.: Low-Rate TCP Targeted Denial of Service Attacks: the shrew vs. the mice and elephants. In: Proc. of the International Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM). ACM Press (2003)Google Scholar
  7. 7.
    Antonatos, S., Locasto, M., Sidiroglou, S., Keromytis, A.D., Markatos, E.: Defending against next generation through network/endpoint collaboration and interaction. In: Proc. of the 3rd International Conference on Computer Network Defense. LNCS, vol. 30, pp. 131–141. Springer US (2008)Google Scholar
  8. 8.
    Ficco, M., Rak, M.: Intrusion Tolerant Approach for Denial of Service Attacks to Web Services. In: Proc. of the 1st International Conference on Data Compression, Communications and Processing (CCP 2011). IEEE CS Press (June 2011)Google Scholar
  9. 9.
    Ficco, M.: Achieving Security by Intrusion-Tolerance Based on Event Correlation. Journal of Network Protocols and Algorithms (NPA) 2(3), 70–84 (2010)Google Scholar
  10. 10.
    Ficco, M., Romano, L.: A Correlation Approach to Intrusion Detection. In: Chatzimisios, P., Verikoukis, C., Santamaría, I., Laddomada, M., Hoffmann, O. (eds.) MOBILIGHT 2010. LNICST, vol. 45, pp. 203–215. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    TPC Benchmark W (TPC-W),
  12. 12.
    Li, Z., Wang, L., Chen, Y., Fu, Z.: Network-based and Attack-resilient Length Signature Generation for Zero-day Polymorphic Worms. In: Proc. of the IEEE Int. Conf. on Network Protocol, pp. 164–173. IEEE CS Press (October 2007)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Massimo Ficco
    • 1
  • Massimiliano Rak
    • 1
  1. 1.Department of Information EngineeringSecond University of Naples (SUN)Italy

Personalised recommendations