A P4-based content-aware approach to mitigate slow HTTP POST attacks
Authors: 
Chih-Yu Hsieh, Hong-Yen Chen, Shan-Hsiang Shen, Chen-Hsiang Hung, Tsung-Nan LinAuthors Info & Claims
Pages 8 - 14
Abstract
A slow HTTP POST attack is an application-layer distributed denial-of-service attack targeting web servers. The attacker simulates a legitimate user with a slow network speed and continues to send requests, resulting in server resources being unavailable for a long time to other users. The similarity to legitimate behavior makes it challenging to identify such attack traffic. To address this issue, this paper proposes a responsive defense mechanism that exploits programmable network devices to identify attack traffic based on HTTP headers. With information that is not available from legacy network devices, this method can identify different types of requests and apply limitations. This approach achieves a distributed, source-based defense capability by utilizing data plane programmability, making it a scalable solution. The simulation results show that the approach is effective and accurate against slow HTTP POST attacks.
References
[1]
Lawrence Abrams. [n. d.]. DDoS Attack Trends in 2022: Ultra-short, Powerful, Multivector Attacks. Retrieved 2022-07-17 from https://www.bleepingcomputer.com/news/security/ddos-attack-trends-in-2022-ultrashort-powerful-multivector-attacks/
[2]
Pat Bosshart, Dan Daly, Glen Gibb, Martin Izzard, Nick McKeown, Jennifer Rexford, Cole Schlesinger, Dan Talayco, Amin Vahdat, George Varghese, and David Walker. 2014. P4: Programming Protocol-Independent Packet Processors. SIGCOMM Comput. Commun. Rev. 44, 3 (jul 2014), 87--95.
[3]
Evan Damon, Julian Dale, Evaristo Laron, Jens Mache, Nathan Land, and Richard Weiss. 2012. Hands-on Denial of Service Lab Exercises Using SlowLoris and RUDY. In Proceedings of the 2012 Information Security Curriculum Development Conference (Kennesaw, Georgia) (InfoSecCD '12). Association for Computing Machinery, New York, NY, USA, 21--29.
[4]
Aldo Febro, Hannan Xiao, and Joseph Spring. 2019. Distributed SIP DDoS Defense with P4. In 2019 IEEE Wireless Communications and Networking Conference (WCNC). 1--8.
[5]
OpenJS Foundation. 2022. Node.js. Retrieved 2022-07-17 from https://nodejs.org/en/
[6]
The Apache Software Foundation. [n. d.]. Welcome! - The Apache HTTP Server Project. Retrieved 2022-07-17 from https://httpd.apache.org/
[7]
Tetsuya Hirakawa, Kanayo Ogura, Bhed Bahadur Bista, and Toyoo Takata. 2016. A Defense Method against Distributed Slow HTTP DoS Attack. In 2016 19th International Conference on Network-Based Information Systems (NBiS). 152--158.
[8]
Kiwon Hong, Youngjun Kim, Hyungoo Choi, and Jinwoo Park. 2018. SDN-Assisted Slow HTTP DDoS Attack Defense Method. IEEE Communications Letters 22, 4 (2018), 688--691.
[9]
InternetLiveStats. [n. d.]. Total number of Websites - Internet Live Stats. Retrieved 2022-07-17 from https://www.internetlivestats.com/total-number-of-websites/
[10]
Mininet. [n. d.]. Mininet: An Instant Virtual Network on Your Laptop (or Other PC) - Mininet. Retrieved 2022-07-17 from http://mininet.org/
[11]
N. Muraleedharan and B. Janet. 2017. Behaviour analysis of HTTP based slow denial of service attack. In 2017 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET). 1851--1856.
[12]
Netcraft. 2022. June 2022 Web Server Survey | Netcraft News. https://news.netcraft.com/archives/2022/06/30/june-2022-web-server-survey.html
[13]
p4lang. [n.d.]. p4lang/p4runtime-shell: An interactive Python shell for P4Runtime. Retrieved 2022-07-17 from https://github.com/p4lang/p4runtime-shell
[14]
p4language. [n. d.]. p4lang/behavioral-model: The reference P4 software switch. Retrieved 2022-07-17 from https://github.com/p4lang/behavioral-model
[15]
Junhan Park, Keisuke Iwai, Hidema Tanaka, and Takakazu Kurokawa. 2015. Analysis of slow read DoS attack and countermeasures on web servers. International Journal of Cyber-Security and Digital Forensics 4, 2 (4 2015), 339--353.
[16]
RSnake. 2009. Slowloris HTTP DoS. https://web.archive.org/web/20150426090206/http://ha.ckers.org/slowloris
[17]
Sergey Shekyan. [n. d.]. shekyan/slowhttptest: Application Layer DoS attack simulator. Retrieved 2022-07-17 from https://github.com/shekyan/slowhttptest
[18]
You-Chiun Wang and Ren-Xuan Ye. 2021. Credibility-Based Countermeasure Against Slow HTTP DoS Attacks by Using SDN. In 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC). 0890--0895.
[19]
Omer Yoachimik. [n.d.]. DDoS attack trends for 2022 Q2. Retrieved 2022-07-17 from https://blog.cloudflare.com/ddos-attack-trends-for-2022-q2/
Index Terms
- A P4-based content-aware approach to mitigate slow HTTP POST attacks
Recommendations
Machine learning combating DOS and DDOS attacks
In recent years, technology is booming at a breakneck speed as so the need of security. Vulnerabilities in the layers of the OSI model and the networks are paving new ways for intruders and hackers to steal the confidential information. Security attacks ...
HTTPScout: A Machine Learning based Countermeasure for HTTP Flood Attacks in SDN
AbstractNowadays, the number of Distributed Denial of Service (DDoS) attacks is growing rapidly. The aim of these type of attacks is to make the prominent and critical services unavailable for legitimate users. HTTP flooding is one of the most common DDoS ...
Detecting and mitigating DDoS attacks with moving target defense approach based on automated flow classification in SDN networks
AbstractThe Distributed Denial of Service (DDoS) coordinates synchronized attacks on systems on the Internet using a set of infected hosts (bots). Bots are programmed to attack a determined target by firing a lot of synchronized requests, causing ...
Graphical abstractHighlights- DDoS attack mitigation using Software Defined Networking.
- Securing Server using Moving Target Defense (MTD) approach.
- Attack detection system with Machine Learning sensors.
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
December 2022
154 pages
Copyright © 2022 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 06 December 2022
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
CoNEXT '22
Sponsor:
CoNEXT '22: The 18th International Conference on emerging Networking EXperiments and Technologies
December 9, 2022
Rome, Italy
Upcoming Conference
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 512Total Downloads
- Downloads (Last 12 months)228
- Downloads (Last 6 weeks)17
Reflects downloads up to 16 Nov 2024
Other Metrics
Citations
Cited By
View allView Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in