Evaluation of a low-rate DoS attack against application servers

In the network security field there is a need to identify new movements and trends that attackers might adopt, in order to anticipate their attempts with defense and mitigation techniques. The present study explores new approaches that attackers could use in order to make denial of service attacks against application servers. We show that it is possible to launch such attacks by using low-rate traffic directed against servers, and apply the proposed techniques to defeat a persistent HTTP server. The low-rate feature is highly beneficial to the attacker for two main reasons: firstly, because the resources needed to carry out the attack are considerably reduced, easing its execution. Secondly, the attack is more easily hidden to security mechanisms that rely on the detection of high-rate traffic. In this paper, a mechanism that allows the attacker to control the attack load in order to bypass an IDS is contributed. We present the fundamentals of the attack, describing its strategy and design issues. The performance is also evaluated in both simulated and real environments. Finally, a study of possible improvement techniques to be used by the attackers is contributed.