Abstract
Slow HTTP DoS (SHD) is a type of DoS attack based on HTTP/HTTPS. SHD traffic at the application layer may be encrypted. Besides, the interval between packets can reach tens of seconds or more due to its slow sending rate. Therefore, SHD is concealed for detection. The methods for detecting high-speed DoS are not suitable for detecting the attack, making detection for SHD a challenging problem. Some existing SHD detection methods are complex and computationally intensive, making it hard to meet the demand for real-time in backbone networks. In addition, most of these methods are based on bidirectional traffic and do not consider the asymmetry of routing on the Internet. In this paper, based on the traffic characteristics of the most common types of SHD, we extract several representative features from unidirectional flows. These features can still work well under sampling and asymmetric routing scenarios. We also use Slow HTTP DoS Sketch to record the features quickly and accurately. In experiments that used public backbone datasets as background traffic, the results show that even with a large number of unidirectional flows and a sampling rate of 1/64, our method can still accurately detect SHD traffic within 2 min.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Eliyan, L.F., Pietro, R.D.: DoS and DDoS attacks in software defined networks: a survey of existing solutions and research challenges. Future Gener. Comput. Syst. 122, 149–171 (2021)
DDoS attacks reports in 2022. https://securelist.com/ddos-attacks-in-q2-2022/107025. Accessed 5 Mar 2023
Tripathi N., Hubballi N., Singh Y.: How secure are web servers? an empirical study of slow HTTP DoS attacks and detection. In: 11th International Conference on Availability, Reliability and Security (ARES), pp. 454–463. IEEE (2016). https://doi.org/10.1109/ARES.2016.20
Garcia, N., et al.: Distributed real-time SlowDoS attacks detection over encrypted traffic using Artificial Intelligence. J. Netw. Comput. Appl. 173, 102871 (2021)
Rani, S.J., Ioannou, I., Nagaradjane, P., et al.: Detection of DDoS attacks in D2D communications using machine learning approach. Comput. Commun. 198, 32–51 (2023)
Xu, C., Shen, J., Du, X.: Low-rate DoS attack detection method based on hybrid deep neural networks. J. Inf. Secur. Appl. 60, 102879 (2021)
Jazi, H.H., et al.: Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling. Comput. Netw. 121, 25–36 (2017)
Wu H., Chen T., Shao Z., et al.: Accurate and fast detection of DDoS attacks in high-speed network with asymmetric routing. In: IEEE Global Communications Conference (GLOBECOM), pp. 1–6. IEEE (2021). https://doi.org/10.1109/GLOBECOM46510.2021.9685794
Reed A., Dooley L. S., Mostefaoui S. K.: A reliable real-time slow DoS detection framework for resource-constrained IoT networks. In: 2021 IEEE Global Communications Conference (GLOBECOM), pp. 1–6. IEEE (2021). https://doi.org/10.1109/GLOBECOM46510.2021.9685612
MAWI Public Traffic Datasets. https://mawi.wide.ad.jp/mawi. Accessed 5 Mar 2023
SlowHTTPTest Public Tool. https://github.com/shekyan/slowhttptest. Accessed 5 Mar 2023
Lukaseder, T., Maile, L., Erb, B., Kargl, F.: SDN-assisted network-based mitigation of slow DDoS attacks. In: Beyah, R., Chang, B., Li, Y., Zhu, S. (eds.) SecureComm 2018. LNICST, vol. 255, pp. 102–121. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01704-0_6
Acknowledgements
This work was supported by the National Key R &D Program of China (2020YFB1807503).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 IFIP International Federation for Information Processing
About this paper
Cite this paper
Chen, J., Wu, H., Wang, S., Cheng, G., Hu, X. (2024). An Accurate and Real-Time Detection Method for Concealed Slow HTTP DoS in Backbone Network. In: Meyer, N., Grocholewska-Czuryło, A. (eds) ICT Systems Security and Privacy Protection. SEC 2023. IFIP Advances in Information and Communication Technology, vol 679. Springer, Cham. https://doi.org/10.1007/978-3-031-56326-3_15
Download citation
DOI: https://doi.org/10.1007/978-3-031-56326-3_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-56325-6
Online ISBN: 978-3-031-56326-3
eBook Packages: Computer ScienceComputer Science (R0)