Evaluating security controls against HTTP-based DDoS attacks

Author

Moustis, Dimitrios ; Kotzanikolaou, P.

Author_Institution

Inf. Security Group, Univ. of London, London, UK

fYear

2013

fDate

10-12 July 2013

Firstpage

1

Lastpage

6

Abstract

Distributed Denial of Service attacks generally require a botmaster controlling a large number of infected systems (bots) in order to take down a target service. However, more recent DDoS attacks targeting at the HTTP layer can be very effective even with a small number of infected bots. In this paper we analyze DDoS attacks which require only a small number of bots to render a web server unavailable. In order to study their behavior, we implement a Botnet system in a test environment. We simulate bots by using both Linux and Windows-based systems infected with Slowloris, an HTTP syn-flooder, targeting to a vulnerable Apache web server. We apply several security controls in order to test their effectiveness against such attacks. Our results show that only a combination of carefully selected anti-DDoS controls can significantly reduce the exposure to such attacks without affecting the provided service.

Keywords

IP networks; Linux; Web services; computer network security; invasive software; transport protocols; Botnet system; HTTP synflooder; HTTP-based DDoS attack; Linux; Slowloris; Web server rendering; Windows-based system; anti-DDoS control; botmaster control; distributed denial of service; infected bots; infected system; security control evaluation; vulnerable Apache Web server; Computer crime; Electronic mail; IP networks; Protocols; Web servers; Distributed Denial of Service; botnet; http flooding;

fLanguage

English

Publisher

ieee

Conference_Titel

Information, Intelligence, Systems and Applications (IISA), 2013 Fourth International Conference on

Conference_Location

Piraeus

Print_ISBN

978-1-4799-0770-0

Type

conf

DOI

10.1109/IISA.2013.6623707

Filename

6623707