• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Computers & Security >Slow rate denial of service attacks against HTTP/2 and detection
【24h】

Slow rate denial of service attacks against HTTP/2 and detection

机译:针对HTTP / 2和检测的慢速拒绝服务攻击

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

HTTP/2 is a newly standardized protocol designed to efficiently utilize the TCP's transmission rate and has other advantages compared to HTTP/1.1. However its threat vectors are not completely understood yet. Our contribution in this paper is threefold. First we describe few new threat vectors of HTTP/2 which are Slow Rate DoS attacks and can be launched by injecting specially crafted HTTP requests. We perform an empirical evaluation of these attacks against popular web servers and report that majority of web servers are vulnerable to these attacks. We also test the effectiveness of proposed attacks using both clear text and encrypted HTTP/2 requests and find that the attack is effective independent of the request type. Second we compare structurally similar attacks with HTTP/1.1 and report that HTTP/2 has more threat vectors compared to its predecessor. Third we propose an anomaly detection scheme which uses chi-square (x~2) test between traffic profiles generated in normal and attack scenarios to detect these attacks.
机译:HTTP / 2是一种新的标准化协议,旨在有效利用TCP的传输速率,并且与HTTP / 1.1相比具有其他优势。但是,它的威胁向量尚未完全被理解。我们在本文中的贡献是三方面的。首先,我们介绍几种新的HTTP / 2威胁向量,它们是慢速DoS攻击,可以通过注入特制HTTP请求来启动。我们对流行的Web服务器的这些攻击进行了实证评估,并报告大多数Web服务器容易受到这些攻击。我们还使用明文和加密的HTTP / 2请求测试了提出的攻击的有效性,并发现该攻击有效与请求类型无关。其次,我们将结构相似的攻击与HTTP / 1.1进行了比较,并报告HTTP / 2与其前身相比具有更多的威胁向量。第三,我们提出了一种异常检测方案,该方案使用在正常和攻击情形下生成的流量配置文件之间的卡方(x〜2)测试来检测这些攻击。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号