Analysis and detection of application-independent slow Denial of Service cyber attacks

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26220%2F21%3APU142406" target="_blank" >RIV/00216305:26220/21:PU142406 - isvavai.cz</a>

Výsledek na webu

<a href="https://doi.org/10.1109/ISI53945.2021.9624789" target="_blank" >https://doi.org/10.1109/ISI53945.2021.9624789</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/ISI53945.2021.9624789" target="_blank" >10.1109/ISI53945.2021.9624789</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Analysis and detection of application-independent slow Denial of Service cyber attacks

Popis výsledku v původním jazyce

This paper investigates current applicationindependent slow Denial of Service (DoS) attacks. We propose Slowcomm and Slow Next attack models and present an attack simulation tool. We used this tool for vulnerability testing of several Internet services, including Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Secure Shell (SSH) servers. We also propose attack signatures and detection methods. We implemented these methods as an Intrusion Detection System (IDS) and tested them in an experimental network. Our testing revealed vulnerabilities in five of the six tested servers that caused the denial of service to legitimate users. Deployment of the proposed attack detector has shown a high detection success. We conclude that there is a need to increase the level of cybersecurity. Internet services are vulnerable to these new DoS attacks. Our analysis can be used for the security development of tested services. Our detector in combination with a network traffic filtering tool can be used to mitigate the attacks and keep the service available to Internet users.

Název v anglickém jazyce

Analysis and detection of application-independent slow Denial of Service cyber attacks

Popis výsledku anglicky

This paper investigates current applicationindependent slow Denial of Service (DoS) attacks. We propose Slowcomm and Slow Next attack models and present an attack simulation tool. We used this tool for vulnerability testing of several Internet services, including Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Secure Shell (SSH) servers. We also propose attack signatures and detection methods. We implemented these methods as an Intrusion Detection System (IDS) and tested them in an experimental network. Our testing revealed vulnerabilities in five of the six tested servers that caused the denial of service to legitimate users. Deployment of the proposed attack detector has shown a high detection success. We conclude that there is a need to increase the level of cybersecurity. Internet services are vulnerable to these new DoS attacks. Our analysis can be used for the security development of tested services. Our detector in combination with a network traffic filtering tool can be used to mitigate the attacks and keep the service available to Internet users.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

20203 - Telecommunications

Projekt

<a href="/cs/project/FW01010474" target="_blank" >FW01010474: Analýza, detekce a mitigace hrozeb dostupnosti síťových služeb</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2021

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

2021 IEEE International Conference on Intelligence and Security Informatics (ISI)

ISBN

978-1-6654-3838-4

ISSN

—

e-ISSN

—

Počet stran výsledku

6

Strana od-do

1-6

Název nakladatele

IEEE

Místo vydání

San Antonio, Texas, USA

Místo konání akce

San Antonio

Datum konání akce

2. 11. 2021

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—