Measurement-Based Analysis of a DoS Defense Module for an Open Source Web Server

Denial of Service (DoS) attacks represent an ever evolving landscape, which ranges from bruteforce flooding approaches to more sophisticated low-bandwidth slow techniques. DoS has become a major threat to the availability of modern web servers because of the large number of attack tools across the Internet. In spite of the increasing number of security modules that can be usefully deployed in production servers, there is not a one-fits-all defense solution against DoS. This paper proposes a measurement-based analysis of a well-established defense module for the Apache web server. The module is tested against both flooding and slow DoS attacks in order to quantify its capability at assuring correct service to legitimate clients. Results indicate that the module can mitigate flooding DoS attacks while causing some performance loss of the server; however, it is ineffective against slow attacks. The findings of our analysis are useful to support the deployment of proper defense mechanisms.