کد مقاله | کد نشریه | سال انتشار | مقاله انگلیسی | نسخه تمام متن |
---|---|---|---|---|
6884118 | 1444213 | 2018 | 37 صفحه PDF | دانلود رایگان |
عنوان انگلیسی مقاله ISI
Slow rate denial of service attacks against HTTP/2 and detection
دانلود مقاله + سفارش ترجمه
دانلود مقاله ISI انگلیسی
رایگان برای ایرانیان
کلمات کلیدی
موضوعات مرتبط
مهندسی و علوم پایه
مهندسی کامپیوتر
شبکه های کامپیوتری و ارتباطات
پیش نمایش صفحه اول مقاله
چکیده انگلیسی
HTTP/2 is a newly standardized protocol designed to efficiently utilize the TCP's transmission rate and has other advantages compared to HTTP/1.1. However its threat vectors are not completely understood yet. Our contribution in this paper is threefold. First we describe few new threat vectors of HTTP/2 which are Slow Rate DoS attacks and can be launched by injecting specially crafted HTTP requests. We perform an empirical evaluation of these attacks against popular web servers and report that majority of web servers are vulnerable to these attacks. We also test the effectiveness of proposed attacks using both clear text and encrypted HTTP/2 requests and find that the attack is effective independent of the request type. Second we compare structurally similar attacks with HTTP/1.1 and report that HTTP/2 has more threat vectors compared to its predecessor. Third we propose an anomaly detection scheme which uses chi-square (Ï2) test between traffic profiles generated in normal and attack scenarios to detect these attacks.
ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Computers & Security - Volume 72, January 2018, Pages 255-272
Journal: Computers & Security - Volume 72, January 2018, Pages 255-272
نویسندگان
Nikhil Tripathi, Neminath Hubballi,