Low-rate denial-of-service attacks against HTTP/2 services

Authors

Erwin Adi, Edith Cowan University
Zubair Baig, Edith Cowan University
Chiou Peng Lam, Edith Cowan University
Philip Hingston, Edith Cowan University

Document Type

Conference Proceeding

Publisher

IEEE

School

School of Science

RAS ID

21601

Comments

Adi, E., Baig, Z.A., Lam,C.P., Hingston, P.F. (2015). Low-rate denial-of-service attacks against HTTP/2 services. In 2015 5th International Conference on IT Convergence and Security (ICITCS): Proceedings. Kuala Lumpur, Malaysia: IEEE. Available here

Abstract

HTTP/2 is the second major version of the HTTP protocol approved by the Internet Engineering Steering Group (IESG). Although the semantics of how messages are exchanged between clients and servers remains the same, the protocol demands more computing power than its predecessor, HTTP/1.1. Hence HTTP/2 is more vulnerable to Denial-of-Service (DoS) attacks. A variant of the DoS type of attack is to send low-rate traffic that contains resource-hungry instructions, to a victim node. This low-rate DoS attacks can succeed only if the victim hosts an application that consumes large-scale computing resources once activated. With the introduction of HTTP/2, we showed that the attack can be launched at the protocol level by sending low-rate HTTP/2 packets to a web server. To the best of our knowledge, no study has been done on how DoS attacks can be launched against HTTP/2 services. Results obtained prove the effect of a low-rate DoS attack against HTTP/2 services.

DOI

10.1109/ICITCS.2015.7292994

Related Publications

Adi, E. (2017). Denial-of-service attack modelling and detection for HTTP/2 services. Retrieved from http://ro.ecu.edu.au/theses/1953

Access Rights

subscription content