Delays have Dangerous Ends: Slow HTTP/2 DoS attacks into the Wild and their Real-Time Detection using Event Sequence Analysis
share
The robustness principle, written by Jon Postel in an early version of TCP implementation, states that the communicating entities should be liberal while accepting the data. Several entities on the Internet do follow this principle. For instance, in this work, we show that many popular web servers on the Internet are generous as they wait for a substantial time period to receive the remaining portion of an incomplete web request. Unfortunately, this behavior also makes them vulnerable to a class of cyber attacks, commonly known as Slow Rate DoS attacks. HTTP/2, the recent version of HTTP, is recently found vulnerable to these attacks. However, the impact of Slow HTTP/2 DoS attacks on real web servers on the Internet has not been studied yet. Also, to the best of our knowledge, there is no defense scheme known to detect Slow Rate DoS attacks against HTTP/2 in real-time. To bridge these gaps, we first test the behavior of HTTP/2 supporting web servers on the Internet against Slow HTTP/2 DoS attacks. Subsequently, we propose a scheme to detect these attacks in real-time. We show that the proposed detection scheme can detect attacks in real-time with high accuracy and marginal computational overhead.
READ FULL TEXT