Analysis and detection of application-independent slow Denial of Service cyber attacks

2021 IEEE International Conference on Intelligence and Security Informatics (ISI) Pub Date : 2021-11-02 DOI:10.1109/ISI53945.2021.9624789

M. Sikora, R. Fujdiak, J. Misurec

{"title":"Analysis and detection of application-independent slow Denial of Service cyber attacks","authors":"M. Sikora, R. Fujdiak, J. Misurec","doi":"10.1109/ISI53945.2021.9624789","DOIUrl":null,"url":null,"abstract":"This paper investigates current application-independent slow Denial of Service (DoS) attacks. We propose Slowcomm and Slow Next attack models and present an attack simulation tool. We used this tool for vulnerability testing of several Internet services, including Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Secure Shell (SSH) servers. We also propose attack signatures and detection methods. We implemented these methods as an Intrusion Detection System (IDS) and tested them in an experimental network. Our testing revealed vulnerabilities in five of the six tested servers that caused the denial of service to legitimate users. Deployment of the proposed attack detector has shown a high detection success. We conclude that there is a need to increase the level of cybersecurity. Internet services are vulnerable to these new DoS attacks. Our analysis can be used for the security development of tested services. Our detector in combination with a network traffic filtering tool can be used to mitigate the attacks and keep the service available to Internet users.","PeriodicalId":347770,"journal":{"name":"2021 IEEE International Conference on Intelligence and Security Informatics (ISI)","volume":"140 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE International Conference on Intelligence and Security Informatics (ISI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISI53945.2021.9624789","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

This paper investigates current application-independent slow Denial of Service (DoS) attacks. We propose Slowcomm and Slow Next attack models and present an attack simulation tool. We used this tool for vulnerability testing of several Internet services, including Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Secure Shell (SSH) servers. We also propose attack signatures and detection methods. We implemented these methods as an Intrusion Detection System (IDS) and tested them in an experimental network. Our testing revealed vulnerabilities in five of the six tested servers that caused the denial of service to legitimate users. Deployment of the proposed attack detector has shown a high detection success. We conclude that there is a need to increase the level of cybersecurity. Internet services are vulnerable to these new DoS attacks. Our analysis can be used for the security development of tested services. Our detector in combination with a network traffic filtering tool can be used to mitigate the attacks and keep the service available to Internet users.

查看原文本刊更多论文

独立于应用程序的慢速拒绝服务网络攻击分析与检测

本文研究了当前与应用无关的慢速拒绝服务(DoS)攻击。提出了Slowcomm和Slow Next攻击模型，并给出了攻击仿真工具。我们使用这个工具对几种互联网服务进行漏洞测试，包括超文本传输协议(HTTP)、文件传输协议(FTP)和SSH服务器。我们还提出了攻击签名和检测方法。我们将这些方法作为入侵检测系统(IDS)来实现，并在实验网络中进行了测试。我们的测试显示，在6个测试服务器中，有5个存在导致合法用户拒绝服务的漏洞。所提出的攻击检测器的部署显示出很高的检测成功率。我们的结论是，有必要提高网络安全水平。互联网服务很容易受到这些新的DoS攻击。我们的分析可用于测试服务的安全性开发。我们的检测器与网络流量过滤工具相结合，可以用来减轻攻击并保持互联网用户可用的服务。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 IEEE International Conference on Intelligence and Security Informatics (ISI)

自引率

0.00%

发文量