HTTP/2 Cannon: Experimental analysis on HTTP/1 and HTTP/2 Request Flood DDoS Attacks

被引:0
|
作者
Beckett, David [1 ]
Sezer, Sakir [1 ]
机构
[1] Queens Univ Belfast, CSIT, Belfast, Antrim, North Ireland
来源
2017 SEVENTH INTERNATIONAL CONFERENCE ON EMERGING SECURITY TECHNOLOGIES (EST) | 2017年
关键词
DDoS; HTTP2; Flood; Attack; Apache; nghttp2; Nginx; Vulnerabilities;
D O I
暂无
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Distributed Denial of Service (DDoS) attacks are a frequent cyber attack vector which cause significant damage to computer systems. Hypertext Transfer Protocol (HTTP), which is the core communication protocol of the internet, has had a major upgrade and is released as RFC 7540. This latest version, HTTP/2, has begun to be deployed in live systems before comprehensive security studies have been carried out on its risk from DDoS. In this piece of research we explore using experimental methodology, the DDoS risk posed by the upgraded functionality of the HTTP/2 protocol, in particular its risk from a flood attack. Our results show that a website implementing HTTP/2, scales up the flood attack magnitude, increasing the risk from DDoS.
引用
收藏
页码:107 / 112
页数:6
相关论文
共 50 条
  • [41] Optimal Specifications for a Protective Framework Against HTTP-based DoS and DDoS Attacks
    Saleh, Mohammed A.
    Manaf, Azizah Abdul
    2014 INTERNATIONAL SYMPOSIUM ON BIOMETRICS AND SECURITY TECHNOLOGIES (ISBAST), 2014, : 263 - 267
  • [42] A Protection System Against HTTP Flood Attacks Using Software Defined Networking
    Goncalves, Diego S. M.
    Couto, Rodrigo S.
    Rubinstein, Marcelo G.
    JOURNAL OF NETWORK AND SYSTEMS MANAGEMENT, 2023, 31 (01)
  • [43] Cloud autoscaling for HTTP/2 workloads
    Calzarossa, Maria Carla
    Massari, Luisa
    Tabash, Momin I. M.
    Tessera, Daniele
    PROCEEDINGS OF 2017 3RD INTERNATIONAL CONFERENCE OF CLOUD COMPUTING TECHNOLOGIES AND APPLICATIONS (CLOUDTECH), 2017, : 166 - 171
  • [44] Are HTTP/2 Servers Ready Yet?
    Jiang, Muhui
    Luo, Xiapu
    Miu, Tungngai
    Hu, Shengtuo
    Rao, Weixiong
    2017 IEEE 37TH INTERNATIONAL CONFERENCE ON DISTRIBUTED COMPUTING SYSTEMS (ICDCS 2017), 2017, : 1661 - 1671
  • [45] Exploitation of HTTP/2 Proxies for Cryptojacking
    Suresh, Meenakshi
    Kumar, V. Anil
    Sethumadhavan, M.
    Amritha, P.P.
    Communications in Computer and Information Science, 2020, 1208 CCIS : 298 - 308
  • [46] Recent progress of HTTP/2 standardization
    Ohtsu, Shigeki, 1600, Institute of Electronics Information Communication Engineers (97):
  • [47] A hands-on gaze on HTTP/3 security through the lens of HTTP/2 and a public dataset
    Chatzoglou, Efstratios
    Kouliaridis, Vasileios
    Kambourakis, Georgios
    Karopoulos, Georgios
    Gritzalis, Stefanos
    COMPUTERS & SECURITY, 2023, 125
  • [48] Mitigating HTTP Flooding Attacks with Meta-data Analysis
    Tang, Charles
    Lee, Edward
    Tang, Andrew
    Tao, Lixin
    2015 IEEE 17TH INTERNATIONAL CONFERENCE ON HIGH PERFORMANCE COMPUTING AND COMMUNICATIONS, 2015 IEEE 7TH INTERNATIONAL SYMPOSIUM ON CYBERSPACE SAFETY AND SECURITY, AND 2015 IEEE 12TH INTERNATIONAL CONFERENCE ON EMBEDDED SOFTWARE AND SYSTEMS (ICESS), 2015, : 1406 - 1411
  • [49] Request Smuggling Via HTTP/2 Cleartext in the Wild: Empirical Testing with Differential Fuzzing
    Li, Yingbo
    Yan, Xiaolong
    Huai, Zhensong
    Liu, Jing
    2023 11TH INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY: IOT AND SMART CITY, ITIOTSC 2023, 2023, : 203 - 206
  • [50] Creation of a DDOS attack using HTTP-GET Flood with the Cyber Kill Chain methodology
    Eleazar Martinez-Lozano, Jeferson
    Sandino Atencio-Ortiz, Pedro
    REVISTA ITECKNE, 2019, 16 (01): : 41 - 47
12345