capsAEUL: Slow HTTP DoS Attack Detection using Autoencoders through Unsupervised Learning

Abstract

Slow HTTP Denial of Service (DoS) attacks are defined as application layer vulnerabilities that make HTTP services degrade their performance or reach a denial state. The Slow HTTP DoS attacks can evade the generic DoS attack detection techniques because of their low volume but long lasting attack traffic. Existing solutions on Slow HTTP DoS attack detection mainly rely on static threshold based detection techniques or supervised machine learning techniques. However, the use of unsupervised learning techniques has not been widely studied. This paper proposes capsAEUL, which uses multiple Autoencoders as an unsupervised learning technique for detecting all of Slowloris, Slowread, and Slow POST of Slow HTTP DoS attack as an integrated system. The PoC implementation of capsAEUL exhibits the comparable prediction performance in terms of the high accuracy and the decent AUC scores.