Skip to main content
SpringerLink
Log in

An Accurate and Real-Time Detection Method for Concealed Slow HTTP DoS in Backbone Network

  • Conference paper
  • First Online:
ICT Systems Security and Privacy Protection (SEC 2023)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 679))

  • 52 Accesses

Abstract

Slow HTTP DoS (SHD) is a type of DoS attack based on HTTP/HTTPS. SHD traffic at the application layer may be encrypted. Besides, the interval between packets can reach tens of seconds or more due to its slow sending rate. Therefore, SHD is concealed for detection. The methods for detecting high-speed DoS are not suitable for detecting the attack, making detection for SHD a challenging problem. Some existing SHD detection methods are complex and computationally intensive, making it hard to meet the demand for real-time in backbone networks. In addition, most of these methods are based on bidirectional traffic and do not consider the asymmetry of routing on the Internet. In this paper, based on the traffic characteristics of the most common types of SHD, we extract several representative features from unidirectional flows. These features can still work well under sampling and asymmetric routing scenarios. We also use Slow HTTP DoS Sketch to record the features quickly and accurately. In experiments that used public backbone datasets as background traffic, the results show that even with a large number of unidirectional flows and a sampling rate of 1/64, our method can still accurately detect SHD traffic within 2 min.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Eliyan, L.F., Pietro, R.D.: DoS and DDoS attacks in software defined networks: a survey of existing solutions and research challenges. Future Gener. Comput. Syst. 122, 149–171 (2021)

    Article  Google Scholar 

  2. DDoS attacks reports in 2022. https://securelist.com/ddos-attacks-in-q2-2022/107025. Accessed 5 Mar 2023

  3. Tripathi N., Hubballi N., Singh Y.: How secure are web servers? an empirical study of slow HTTP DoS attacks and detection. In: 11th International Conference on Availability, Reliability and Security (ARES), pp. 454–463. IEEE (2016). https://doi.org/10.1109/ARES.2016.20

  4. Garcia, N., et al.: Distributed real-time SlowDoS attacks detection over encrypted traffic using Artificial Intelligence. J. Netw. Comput. Appl. 173, 102871 (2021)

    Article  Google Scholar 

  5. Rani, S.J., Ioannou, I., Nagaradjane, P., et al.: Detection of DDoS attacks in D2D communications using machine learning approach. Comput. Commun. 198, 32–51 (2023)

    Article  Google Scholar 

  6. Xu, C., Shen, J., Du, X.: Low-rate DoS attack detection method based on hybrid deep neural networks. J. Inf. Secur. Appl. 60, 102879 (2021)

    Google Scholar 

  7. Jazi, H.H., et al.: Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling. Comput. Netw. 121, 25–36 (2017)

    Article  Google Scholar 

  8. Wu H., Chen T., Shao Z., et al.: Accurate and fast detection of DDoS attacks in high-speed network with asymmetric routing. In: IEEE Global Communications Conference (GLOBECOM), pp. 1–6. IEEE (2021). https://doi.org/10.1109/GLOBECOM46510.2021.9685794

  9. Reed A., Dooley L. S., Mostefaoui S. K.: A reliable real-time slow DoS detection framework for resource-constrained IoT networks. In: 2021 IEEE Global Communications Conference (GLOBECOM), pp. 1–6. IEEE (2021). https://doi.org/10.1109/GLOBECOM46510.2021.9685612

  10. MAWI Public Traffic Datasets. https://mawi.wide.ad.jp/mawi. Accessed 5 Mar 2023

  11. SlowHTTPTest Public Tool. https://github.com/shekyan/slowhttptest. Accessed 5 Mar 2023

  12. Lukaseder, T., Maile, L., Erb, B., Kargl, F.: SDN-assisted network-based mitigation of slow DDoS attacks. In: Beyah, R., Chang, B., Li, Y., Zhu, S. (eds.) SecureComm 2018. LNICST, vol. 255, pp. 102–121. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01704-0_6

    Chapter  Google Scholar 

Download references

Acknowledgements

This work was supported by the National Key R &D Program of China (2020YFB1807503).

Author information

Authors and Affiliations

  1. School of Cyber Science and Engineering, Southeast University, Nanjing, China

    Jinfeng Chen, Hua Wu, Suyue Wang, Guang Cheng & Xiaoyan Hu

  2. Jiangsu Province Engineering Research Center of Security for Ubiquitous Network, Nanjing, China

    Hua Wu, Guang Cheng & Xiaoyan Hu

Authors
  1. Jinfeng Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hua Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Suyue Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Guang Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xiaoyan Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hua Wu .

Editor information

Editors and Affiliations

  1. Poznan Supercomputing and Networking Center, Poznań, Poland

    Norbert Meyer

  2. Poznań University of Technology, Poznań, Poland

    Anna Grocholewska-Czuryło

Rights and permissions

Reprints and permissions

Copyright information

© 2024 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chen, J., Wu, H., Wang, S., Cheng, G., Hu, X. (2024). An Accurate and Real-Time Detection Method for Concealed Slow HTTP DoS in Backbone Network. In: Meyer, N., Grocholewska-Czuryło, A. (eds) ICT Systems Security and Privacy Protection. SEC 2023. IFIP Advances in Information and Communication Technology, vol 679. Springer, Cham. https://doi.org/10.1007/978-3-031-56326-3_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-56326-3_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-56325-6

  • Online ISBN: 978-3-031-56326-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation