Title

Low-rate denial-of-service attacks against HTTP/2 services

Document Type

Conference Proceeding

Publisher

IEEE

School

School of Science

RAS ID

21601

Comments

Originally published as: Adi, E., Baig, Z.A., Lam,C.P., Hingston, P.F. (2015). Low-rate denial-of-service attacks against HTTP/2 services. In 2015 5th International Conference on IT Convergence and Security (ICITCS): Proceedings. Kuala Lumpur, Malaysia: IEEE. Original paper available here

Abstract

HTTP/2 is the second major version of the HTTP protocol approved by the Internet Engineering Steering Group (IESG). Although the semantics of how messages are exchanged between clients and servers remains the same, the protocol demands more computing power than its predecessor, HTTP/1.1. Hence HTTP/2 is more vulnerable to Denial-of-Service (DoS) attacks. A variant of the DoS type of attack is to send low-rate traffic that contains resource-hungry instructions, to a victim node. This low-rate DoS attacks can succeed only if the victim hosts an application that consumes large-scale computing resources once activated. With the introduction of HTTP/2, we showed that the attack can be launched at the protocol level by sending low-rate HTTP/2 packets to a web server. To the best of our knowledge, no study has been done on how DoS attacks can be launched against HTTP/2 services. Results obtained prove the effect of a low-rate DoS attack against HTTP/2 services.

DOI

10.1109/ICITCS.2015.7292994

Access Rights

Not open access

Share

 
COinS