Credibility-Based Countermeasure Against Slow HTTP DoS Attacks by Using SDN
You‐Chiun Wang, Ren-Xuan Ye
Abstract
In slow HTTP DoS (SHD) attacks, the attacker sends HTTP requests in pieces slowly, one at a time to a web server to exhaust its resource and achieve denial of service. Such attacks are easy to launch but hard to defend by conventional solutions like firewall. By exploiting the software-defined networking (SDN) technique, the paper proposes a credibility-based countermeasure against SHD attacks (CCSA), which appraises each client by its connections and the frequency that it sends fragmented requests. The connections of low-credibility clients will be blocked to avoid them depleting resource. When the server is short of resource, suspicious connections are then suspended to ensure the server's availability. Simulation results verify that CCSA can efficiently stop SHD attacks and keep low memory usage for the controller.