Litcius/Paper detail

<i>Delays Have Dangerous Ends:</i> Slow HTTP/2 DoS Attacks Into the Wild and Their Real-Time Detection Using Event Sequence Analysis

Nikhil Tripathi

2023IEEE Transactions on Dependable and Secure Computing15 citationsDOI

Abstract

Jon Postel's robustness principle states that the communicating entities should be liberal while accepting the data. Several web servers on the Internet do follow this principle as they wait to receive the remaining portion of an incomplete web request. Unfortunately, this behaviour also makes them vulnerable to Slow Rate DoS attacks. A few approaches are known to counter Slow Rate DoS attacks against HTTP/1.1. However, those defence approaches are incompatible with HTTP/2 because of several operation differences between HTTP/1.1 and its successor, HTTP/2. Also, to the best of our knowledge, no defence scheme is known to detect Slow Rate DoS attacks against an HTTP/2 supporting web server in <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">real-time</i> . To bridge this gap, in this article, we propose an event sequence analysis-based scheme to detect Slow HTTP/2 DoS attacks. Using extensive experiments, we show that the scheme can detect attacks in real-time with high accuracy and marginal computational overhead. As an aside, we also present a study on the behaviour of popular HTTP/2 servers on the Internet against Slow HTTP/2 DoS attacks. Surprisingly, we noticed that several of them are vulnerable to these attacks, thereby justifying the requirement for an effective real-time detection strategy.

Topics & Concepts

Event (particle physics)Sequence (biology)Computer scienceComputer securityReal-time computingPhysicsBiologyGeneticsQuantum mechanicsNetwork Security and Intrusion DetectionInternet Traffic Analysis and Secure E-votingAdvanced Malware Detection Techniques