Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identifying Slow HTTP DoS/DDoS Attacks against Web Servers DEPARTMENT ANDDepartment of Computer Science & Information SPECIALIZATIONTechnology, University.

Published byArman Khan Modified over 5 years ago

Similar presentations

Presentation on theme: "Identifying Slow HTTP DoS/DDoS Attacks against Web Servers DEPARTMENT ANDDepartment of Computer Science & Information SPECIALIZATIONTechnology, University."— Presentation transcript:

1 Identifying Slow HTTP DoS/DDoS Attacks against Web Servers DEPARTMENT ANDDepartment of Computer Science & Information SPECIALIZATIONTechnology, University of Engineering and Technology, Peshawar. MS Computer Science STUDENT NAMEArman Khan FATHER’S NAMEAbdurrahman CONTACT NO.03458557523 EMAILarman@kpja.edu.pkarman@kpja.edu.pk REGISTRATION NONA DATE OF REGISTRATIONFall 2013 RESEARCH SUPERVISORDr Syed Adeel Ali Sh ah

2 Introduction A Slow HTTP DDOS DOS attack is an attempt to make an server unavailable by overwhelming it with malicious client traffic from multiple sources

3 Background Cloud computing eases up the process of the scaling up businesses, especially in IT without investing a lot of money for infrastructure and training engineers. By using Cloud computing capabilities, we can expand the IT’s functionality with existing environments. Despite of all the benefits of using cloud still many enterprises and individuals are reluctant to run their business on the cloud. In February 2015 Anthem Inc, a leading health insurance company suffered a data breached that compromised information related to 80 million customers, Investigators detected that hackers could smuggle data out of cloud-based file sharing. In 2012 Dropbox which is cloud base storage had a data breach and had 68 million user accounts compromise. As you can see a famous company such as Dropbox and Anthem Inc have had huge data breaches so it reminds us security in cloud computing is not a negligible matter.

4 Background

5 Back…

6

7

8

9 Problem Statement There is no mechanism for automated evaluation of client-server applications to slow HTTP attacks. Slow http response attack Exploiting the content- length field of the http request which is used to specify the length of message body in bytes. Slow Read basically sends a legitimate HTTP request and then very slowly reads the response, thus keeping as many open connections as possible and eventually causing a DoS.

10

11

12 PURPOSE OF THE STUDY The primary purpose of the research study will be the identification of slow HTTP DoS/DDoS Attacks against Web Servers and provide effective counter-measures to address the issue.

13 Research Questions Which parameters of a slow HTTP should be considered in an algorithm? Is it possible to use the Local outlier identification cluster for anomaly detection? With the identified parameters for the LOCI algorithm, can we achieve lesser delays in communication?

14 Research Objectives The objective of this research is to design a mechanism to detect and address the issue of slow HTTP detects the Slow HTTP. A thorough analysis of Slow HTTP/DoS attack traffic is to be performed that is generated during client-server communication. By modelling this phase the detection of Slow HTTP DoS detection on Local Outlier Detection Mechanism (LOCI). A server is to be considered that accepts HTTP requests for connections and compromised systems that generate the attack.

15 EXPECTED CONTRIBUTION The expected contribution will be the identification of vulnerabilities and provide an effective mechanism against the slow’ HTTP DOS/DDOS’ attacks.

16 SIGNIFICANCE STATEMENTS The analysis of the direct impact of the slow-moving ‘HTTP header’, slow ‘HTTP DOS/DDOS’ attacks on a system/PC or VM will be tested in a client-server environment. The analysis will further evaluate the direct impact of the slow ‘HTTP DOS/DDOS’ header attacks on the neighbor's system/PC or VM, web server performance, Central Processing Unit (CPU) and Random-access memory (RAM) usage and network load will be closely monitored.

17 LITERATURE REVIEW Studying IDS is human dependent task requiring several hours, the most probable solution is anomaly based IDon Machine learning languages, to observer incoming packets to differentiate malicious and genuine packet, Machine learning techniques: Artificial Neural Network K Mean Clustering Fuzzy logic Genetic Algorithm Design Trees Support Vector Machine Naïve Bayes

18 RESEARCH METHODOLOGY : The lifecycle of a Slow HTTP attack will be analyzed and proposed which will be followed as below: Literature Review: This phase is based on recent work done for detection and analysis of Slow HTTP and DoS-for-hire service attacks. Design: This phase is constructed for the detection of Slow DDoS detection on Local Outlier Detection Mechanism (LOCI). A server is to be considered that accepts HTTP requests for connections and compromised systems that generate the attack

19 Implementation and Evaluation Java (to program the client-server) are to be used to implement the proposed detection scheme. The evaluation concludes that for the detection of Slow HTTP attacks the best features are related to ICMP packets statistics and client-server flow statistics. This phase will also test the performance of the proposed detection scheme along the axis of the selected metric such as response time/delay in detection.

20 Client 3 Client N Client 1 Client 2 Cloud SERVER Check whether the request is a slow http or normal. If slow, the client is malicious otherwise genuine Request Return status/ type of client If client type is malicious, then close connection /refuse request, otherwise Accept/ entertain LOCI Req. Res.

21 DATA COLLECTION The required data for the proposed approach is based on HTTP headers sent slowly by the client to the server in a traditional network environment. Malicious behavior of client depletes all resources of server resources. To test and monitor these packets client-server messages are to be closely analyzed in java program.

22 THANKS

Download ppt "Identifying Slow HTTP DoS/DDoS Attacks against Web Servers DEPARTMENT ANDDepartment of Computer Science & Information SPECIALIZATIONTechnology, University."

Similar presentations

The testbed environment for this research to generate real-world Skype behaviors for analyzation is as follows: A NAT-ed LAN consisting of 7 machines running.

The testbed environment for this research to generate real-world Skype behaviors for analyzation is as follows: A NAT-ed LAN consisting of 7 machines running.
Anomaly Detection Steven M. Bellovin https://www.cs.columbia.edu/~smb Matsuzaki ‘maz’ Yoshinobu 1.

Anomaly Detection Steven M. Bellovin Matsuzaki ‘maz’ Yoshinobu 1.
Proactive Prediction Models for Web Application Resource Provisioning in the Cloud _______________________________ Samuel A. Ajila & Bankole A. Akindele.

Proactive Prediction Models for Web Application Resource Provisioning in the Cloud _______________________________ Samuel A. Ajila & Bankole A. Akindele.
Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.

Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
Introduction To System Analysis and Design

Introduction To System Analysis and Design
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Department Of Computer Engineering

Department Of Computer Engineering
Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray,

Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray,
Lucent Technologies – Proprietary Use pursuant to company instruction Learning Sequential Models for Detecting Anomalous Protocol Usage (work in progress)

Lucent Technologies – Proprietary Use pursuant to company instruction Learning Sequential Models for Detecting Anomalous Protocol Usage (work in progress)
1 Integrating a Network IDS into an Open Source Cloud Computing Environment 1st International Workshop on Security and Performance in Emerging Distributed.

1 Integrating a Network IDS into an Open Source Cloud Computing Environment 1st International Workshop on Security and Performance in Emerging Distributed.
Section 11.1 Identify customer requirements Recommend appropriate network topologies Gather data about existing equipment and software Section 11.2 Demonstrate.

Section 11.1 Identify customer requirements Recommend appropriate network topologies Gather data about existing equipment and software Section 11.2 Demonstrate.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel 434920317 1.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.

Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.
Department of Computer Science Engineering SRM University

Department of Computer Science Engineering SRM University
Niels Provos and Panayiotis Mavrommatis Google Google Inc. Moheeb Abu Rajab and Fabian Monrose Johns Hopkins University 17 th USENIX Security Symposium.

Niels Provos and Panayiotis Mavrommatis Google Google Inc. Moheeb Abu Rajab and Fabian Monrose Johns Hopkins University 17 th USENIX Security Symposium.

Similar presentations

Ads by Google