HTTP/2 Cannon: Experimental analysis on HTTP/1 and HTTP/2 Request Flood DDoS Attacks

被引:0
|
作者
Beckett, David [1 ]
Sezer, Sakir [1 ]
机构
[1] Queens Univ Belfast, CSIT, Belfast, Antrim, North Ireland
来源
2017 SEVENTH INTERNATIONAL CONFERENCE ON EMERGING SECURITY TECHNOLOGIES (EST) | 2017年
关键词
DDoS; HTTP2; Flood; Attack; Apache; nghttp2; Nginx; Vulnerabilities;
D O I
暂无
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Distributed Denial of Service (DDoS) attacks are a frequent cyber attack vector which cause significant damage to computer systems. Hypertext Transfer Protocol (HTTP), which is the core communication protocol of the internet, has had a major upgrade and is released as RFC 7540. This latest version, HTTP/2, has begun to be deployed in live systems before comprehensive security studies have been carried out on its risk from DDoS. In this piece of research we explore using experimental methodology, the DDoS risk posed by the upgraded functionality of the HTTP/2 protocol, in particular its risk from a flood attack. Our results show that a website implementing HTTP/2, scales up the flood attack magnitude, increasing the risk from DDoS.
引用
收藏
页码:107 / 112
页数:6
相关论文
共 50 条
  • [31] Concatenation, Embedding and Sharding: Do HTTP/1 Performance Best Practices Make Sense in HTTP/2?
    Marx, Robin
    Quax, Peter
    Faes, Axel
    Lamotte, Wim
    WEBIST: PROCEEDINGS OF THE 13TH INTERNATIONAL CONFERENCE ON WEB INFORMATION SYSTEMS AND TECHNOLOGIES, 2017, : 160 - 173
  • [32] Analysis of HTTP requests for anomaly detection of web attacks
    Zolotukhin, Mikhail
    Hamalainen, Timo
    Kokkonen, Tero
    Siltanen, Jarmo
    2014 IEEE 12TH INTERNATIONAL CONFERENCE ON DEPENDABLE, AUTONOMIC AND SECURE COMPUTING (DASC)/2014 IEEE 12TH INTERNATIONAL CONFERENCE ON EMBEDDED COMPUTING (EMBEDDEDCOM)/2014 IEEE 12TH INTERNATIONAL CONF ON PERVASIVE INTELLIGENCE AND COMPUTING (PICOM), 2014, : 406 - +
  • [33] An Early Benchmark of Quality of Experience Between HTTP/2 and HTTP/3 using Lighthouse
    Saif, Darius
    Lung, Chung-Horng
    Matrawy, Ashraf
    IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS (ICC 2021), 2021,
  • [34] HTTP/1.1 pipelining vs HTTP2 in-the-clear: performance comparison
    Corbel, Romuald
    Stephan, Emile
    Omnes, Nathalie
    2016 13TH INTERNATIONAL CONFERENCE ON NEW TECHNOLOGIES FOR DISTRIBUTED SYSTEMS (NOTERE), 2016,
  • [35] Push or Request: An Investigation of HTTP/2 Server Push for Improving Mobile Performance
    Rosen, Sanae
    Han, Bo
    Hao, Shuai
    Mao, Z. Morley
    Qian, Feng
    PROCEEDINGS OF THE 26TH INTERNATIONAL CONFERENCE ON WORLD WIDE WEB (WWW'17), 2017, : 459 - 468
  • [36] Experimental analysis of the correlation of HTTP GET invocations
    Reinecke, Philipp
    van Moorsel, Aad P. A.
    Wolter, Katinka
    FORMAL METHODS AND STOCHASTIC MODELS FOR PERFORMANCE EVALUATION, 2006, 4054 : 226 - 237
  • [37] Distributed denial-of-service attacks against HTTP/2 services
    Adi, Erwin
    Baig, Zubair A.
    Hingston, Philip
    Lam, Chiou-Peng
    CLUSTER COMPUTING-THE JOURNAL OF NETWORKS SOFTWARE TOOLS AND APPLICATIONS, 2016, 19 (01): : 79 - 86
  • [38] Distributed denial-of-service attacks against HTTP/2 services
    Erwin Adi
    Zubair A. Baig
    Philip Hingston
    Chiou-Peng Lam
    Cluster Computing, 2016, 19 : 79 - 86
  • [39] Slow rate denial of service attacks against HTTP/2 and detection
    Tripathi, Nikhil
    Hubballi, Neminath
    COMPUTERS & SECURITY, 2018, 72 : 255 - 272
  • [40] A Protection System Against HTTP Flood Attacks Using Software Defined Networking
    Diego S. M. Gonçalves
    Rodrigo S. Couto
    Marcelo G. Rubinstein
    Journal of Network and Systems Management, 2023, 31
12345