Stealthy Denial of Service (DoS) attack modelling and detection for HTTP/2 services

A malicious attack that can prevent establishment of Internet connections to web servers is termed as a Denial of Service (DoS) attack; volume and intensity of which is rapidly growing thanks to the readily available attack tools and the ever-increasing network bandwidths. Contemporary web servers are increasingly vulnerable to such attacks. With the emergence of HTTP/2 as the successor of HTTP/1.x, existing techniques for detecting DoS attacks will not be entirely effective. Though nearly 90% of all contemporary web servers as yet have not migrated to HTTP/2, DoS attack modelling and detection is essential to prevent impending attacks of such kind from the adversary class. This study presents a model of DoS attack traffic that can be directed towards HTTP/2 web servers. The research conducted also extends previous studies that provided DoS attack models against HTTP/2 services, to present a novel and stealthy DoS attack variant that can disrupt routine web services, covertly. The attack traffic analysis conducted in this study employed four machine learning techniques, namely Naïve Bayes, Decision Tree, JRip and Support Vector Machines, and stealthy traffic properties are shown through having higher percentages of False Alarms. Results obtained through simulation show promise, and arguments are put forth on how future work can extend the proposed model to create further attack traffic models that may cause severe web service disruptions.