Identifying Slow HTTP DoS/DDoS Attacks against Web Servers DEPARTMENT ANDDepartment of Computer Science & Information SPECIALIZATIONTechnology, University.

Slides:



Advertisements
Similar presentations
The testbed environment for this research to generate real-world Skype behaviors for analyzation is as follows: A NAT-ed LAN consisting of 7 machines running.
Advertisements

Anomaly Detection Steven M. Bellovin Matsuzaki ‘maz’ Yoshinobu 1.
Proactive Prediction Models for Web Application Resource Provisioning in the Cloud _______________________________ Samuel A. Ajila & Bankole A. Akindele.
Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
Introduction To System Analysis and Design
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Department Of Computer Engineering
Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray,
Lucent Technologies – Proprietary Use pursuant to company instruction Learning Sequential Models for Detecting Anomalous Protocol Usage (work in progress)
1 Integrating a Network IDS into an Open Source Cloud Computing Environment 1st International Workshop on Security and Performance in Emerging Distributed.
Section 11.1 Identify customer requirements Recommend appropriate network topologies Gather data about existing equipment and software Section 11.2 Demonstrate.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.
Department of Computer Science Engineering SRM University
Niels Provos and Panayiotis Mavrommatis Google Google Inc. Moheeb Abu Rajab and Fabian Monrose Johns Hopkins University 17 th USENIX Security Symposium.
Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
Jhih-sin Jheng 2009/09/01 Machine Learning and Bioinformatics Laboratory.
An Overview of Intrusion Detection Using Soft Computing Archana Sapkota Palden Lama CS591 Fall 2009.
DISTRIBUTED tcpdump CAPABILITY FOR LINUX Research Paper EJAZ AHMED SYED Dr. JIM MARTIN Internet Research Group. Department Of Computer Science – Clemson.
HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.
A System for Denial-of- Service Attack Detection Based on Multivariate Correlation Analysis.
A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
Automatic Detection of Emerging Threats to Computer Networks Andre McDonald.
Bradley Cowie Supervised by Barry Irwin Security and Networks Research Group Department of Computer Science Rhodes University DATA CLASSIFICATION FOR CLASSIFIER.
Automated Worm Fingerprinting Authors: Sumeet Singh, Cristian Estan, George Varghese and Stefan Savage Publish: OSDI'04. Presenter: YanYan Wang.
Speaker:Chiang Hong-Ren An Investigation and Implementation of Botnet Detection Schemes.
Role Of Network IDS in Network Perimeter Defense.
Logging and Monitoring. Motivation Attacks are common (see David's talk) – Sophisticated – hard to reveal, (still) quite limited in our environment –
KEYNOTE OF THE FUTURE 3: DAVID BECKETT CSIT PhD Student QUEEN’S UNIVERSITY BELFAST.
DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.
Improving Security Over Ipv6 Authentication Header Protocol using IP Traceback and TTL Devon Thomas, Alex Isaac, Majdi Alharthi, Ali Albatainah & Abdelshakour.
DOWeR Detecting Outliers in Web Service Requests Master’s Presentation of Christian Blass.
PART1 Data collection methodology and NM paradigms 1.
Some Great Open Source Intrusion Detection Systems (IDSs)
Virtualization of Infrastructure as a Service (IaaS): Redundancy Mechanism of the Controller Node in OpenStack Cloud Computing Platform BY Shahed murshed.
Network Data Collection Infrastructure to Detect Security Anomalies
Application Communities
TMG Client Protection 6NPS – Session 7.
Under the Guidance of V.Rajashekhar M.Tech Assistant Professor
MadeCR: Correlation-based Malware Detection for Cognitive Radio
Distributed Network Traffic Feature Extraction for a Real-time IDS
Real-time protection for web sites and web apps against ATTACKS
Speaker : YUN–KUAN,CHANG Date : 2009/11/17
Authors – Johannes Krupp, Michael Backes, and Christian Rossow(2016)
OblivP2P: An Oblivious Peer-to-Peer Content Sharing System
Chapter 3 Internet Applications and Network Programming
Hybrid Cloud Architecture for Software-as-a-Service Provider to Achieve Higher Privacy and Decrease Securiity Concerns about Cloud Computing P. Reinhold.
Presented by Munezero Immaculee Joselyne PhD in Software Engineering
OblivP2P: An Oblivious Peer-to-Peer Content Sharing System
Defending Against DDoS
DHCP Starvation Attack and its Detection
Introduction to Networking
Optical Networks & Smart Grid Lab.
Defending Against DDoS
Roland Kwitt & Tobias Strohmeier
12/6/2018 Honeypot ICT Infrastructure Sashan
Cloud computing mechanisms
2019/1/1 High Performance Intrusion Detection Using HTTP-Based Payload Aggregation 2017 IEEE 42nd Conference on Local Computer Networks (LCN) Author: Felix.
Introduction to Operating Systems
AIMS Equipment & Automation monitoring solution
DDoS Attack and Its Defense
The Case for DDoS Resistant Membership Management in P2P Systems
When Machine Learning Meets Security – Secure ML or Use ML to Secure sth.? ECE 693.
Presentation transcript:

Identifying Slow HTTP DoS/DDoS Attacks against Web Servers DEPARTMENT ANDDepartment of Computer Science & Information SPECIALIZATIONTechnology, University of Engineering and Technology, Peshawar. MS Computer Science STUDENT NAMEArman Khan FATHER’S NAMEAbdurrahman CONTACT NO REGISTRATION NONA DATE OF REGISTRATIONFall 2013 RESEARCH SUPERVISORDr Syed Adeel Ali Sh ah

Introduction A Slow HTTP DDOS DOS attack is an attempt to make an server unavailable by overwhelming it with malicious client traffic from multiple sources

Background Cloud computing eases up the process of the scaling up businesses, especially in IT without investing a lot of money for infrastructure and training engineers. By using Cloud computing capabilities, we can expand the IT’s functionality with existing environments. Despite of all the benefits of using cloud still many enterprises and individuals are reluctant to run their business on the cloud. In February 2015 Anthem Inc, a leading health insurance company suffered a data breached that compromised information related to 80 million customers, Investigators detected that hackers could smuggle data out of cloud-based file sharing. In 2012 Dropbox which is cloud base storage had a data breach and had 68 million user accounts compromise. As you can see a famous company such as Dropbox and Anthem Inc have had huge data breaches so it reminds us security in cloud computing is not a negligible matter.

Background

Back…

Problem Statement There is no mechanism for automated evaluation of client-server applications to slow HTTP attacks. Slow http response attack Exploiting the content- length field of the http request which is used to specify the length of message body in bytes. Slow Read basically sends a legitimate HTTP request and then very slowly reads the response, thus keeping as many open connections as possible and eventually causing a DoS.

PURPOSE OF THE STUDY The primary purpose of the research study will be the identification of slow HTTP DoS/DDoS Attacks against Web Servers and provide effective counter-measures to address the issue.

Research Questions Which parameters of a slow HTTP should be considered in an algorithm? Is it possible to use the Local outlier identification cluster for anomaly detection? With the identified parameters for the LOCI algorithm, can we achieve lesser delays in communication?

Research Objectives The objective of this research is to design a mechanism to detect and address the issue of slow HTTP detects the Slow HTTP. A thorough analysis of Slow HTTP/DoS attack traffic is to be performed that is generated during client-server communication. By modelling this phase the detection of Slow HTTP DoS detection on Local Outlier Detection Mechanism (LOCI). A server is to be considered that accepts HTTP requests for connections and compromised systems that generate the attack.

EXPECTED CONTRIBUTION The expected contribution will be the identification of vulnerabilities and provide an effective mechanism against the slow’ HTTP DOS/DDOS’ attacks.

SIGNIFICANCE STATEMENTS The analysis of the direct impact of the slow-moving ‘HTTP header’, slow ‘HTTP DOS/DDOS’ attacks on a system/PC or VM will be tested in a client-server environment. The analysis will further evaluate the direct impact of the slow ‘HTTP DOS/DDOS’ header attacks on the neighbor's system/PC or VM, web server performance, Central Processing Unit (CPU) and Random-access memory (RAM) usage and network load will be closely monitored.

LITERATURE REVIEW Studying IDS is human dependent task requiring several hours, the most probable solution is anomaly based IDon Machine learning languages, to observer incoming packets to differentiate malicious and genuine packet, Machine learning techniques: Artificial Neural Network K Mean Clustering Fuzzy logic Genetic Algorithm Design Trees Support Vector Machine Naïve Bayes

RESEARCH METHODOLOGY : The lifecycle of a Slow HTTP attack will be analyzed and proposed which will be followed as below: Literature Review: This phase is based on recent work done for detection and analysis of Slow HTTP and DoS-for-hire service attacks. Design: This phase is constructed for the detection of Slow DDoS detection on Local Outlier Detection Mechanism (LOCI). A server is to be considered that accepts HTTP requests for connections and compromised systems that generate the attack

Implementation and Evaluation Java (to program the client-server) are to be used to implement the proposed detection scheme. The evaluation concludes that for the detection of Slow HTTP attacks the best features are related to ICMP packets statistics and client-server flow statistics. This phase will also test the performance of the proposed detection scheme along the axis of the selected metric such as response time/delay in detection.

Client 3 Client N Client 1 Client 2 Cloud SERVER Check whether the request is a slow http or normal. If slow, the client is malicious otherwise genuine Request Return status/ type of client If client type is malicious, then close connection /refuse request, otherwise Accept/ entertain LOCI Req. Res.

DATA COLLECTION The required data for the proposed approach is based on HTTP headers sent slowly by the client to the server in a traditional network environment. Malicious behavior of client depletes all resources of server resources. To test and monitor these packets client-server messages are to be closely analyzed in java program.

THANKS

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.