Abstract
Slow Read DoS attack is a technique which interferes Web server by exhausting resources. There are no effective countermeasures against from this attack nowadays. In this paper, we analyze Slow Read DoS attack, we found that the efficient attack can be realized when the bandwidth is over 500[Kbps]. In addition, we found that attacker can more effective attack by setting the connection rate to be equal to the process capability of Web server. At the same time, we can derive the secure setting of Web server against Slow Read DoS attack.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Anonymous Operation Japan, twitter account “@OP-japan.”
Apache: http://httpd.apache.org. Last Accessed 12 Feb 2017
Anstee D, Bowen P, Chui CF, Sockrider G (2016) Worldwide infrastructure security report, vol 11. ARBOR Networks
Muscat I (2017) How to mitigate slow HTTP DoS attacks in apache HTTP Server. acunetix. https://www.acunetix.com/blog/articles/slow-http-dos-attacks-mitigate-apache-http-server/. Last Accessed 12 Feb 2017
Japanese bulletin board, 2ch.net
Higgins KJ (2017) New denial-of-service attack cripples web server by reading slowly. InformationsWeek DarkReading. http://www.darkreading.com/attacks-breaches/new-denial-of-service-attack-cripples-we/232301367. Last Accessed 12 Feb 2017
Constantin L (2017) Researcher devises hard-to-detect DoS attack against HTTP servers. InfoWorld. http://www.infoworld.com/article/2618359/security-management/researcher-devises-hard-to-detect-dos-attack-against-http-servers.html. Last Accessed 12 Feb 2017
Zelasko M: DDoS attacks rose significantly in 2016.”, COLOCROSSING Dec 21. 2016. https://blog.colocrossing.com/ddos-attacks-rising-2016/. Last Accessed 12 Feb 2017
Shekyan S (2017) Are you ready for slow reading?. https://blog.qualys.com/securitylabs/2012/01/05/slowread. Last Accessed 12 Feb 2017
Shekyan S (2017) Application layer DoS attack simulator. https://github.com/shekyan/slowhttptest. Last Accessed 12 Feb 2017
VMware. https://my.vmware.com/jp/web/vmware/details?productId=524&downloadGroup=WKST-1210-WIN. Last Accessed 12 Feb 2017
W3Techs: Most popular web servers. http://w3techs.com. Last Accessed 12 Feb 2017
Enrico C, Gianluca P, Giovanni C, Maurizio A (2013) Slow DoS attacks: definition and categorisation. Int. J. Trust Manage Comput Commun 1(3/4):300–319
Li JJ, Savor T (2014) Detecting DoS attacks on notification services. In: Software security and reliability-companion, pp 192–198
Park J, Iwai K, Tanaka H, Kurokawa T (2014) Analysis of slow read DoS attack. In: Information Theory and its Applications, pp 60–64
Park Junhan, Iwai Keisuke, Tanaka Hidema, Kurokawa Takakazu (2015) Analysis of slow read DoS attack and countermeasures on web servers. Int J Cyber-Secur Digital Forensics (IJCSDF) 4(2):339–353
Tripathi N, Hubballi N, Singh Y (2016) How secure are web servers? An empirical study of slow HTTP DoS attacks and detection. In: Availability, reliability and security, pp. 454–463
Oshima S, Nakashima T, Sueyoshi T (2010) Early DoS/DDoS detection method using short-term statistics. In: Complex, intelligent and software intensive systems, pp. 168–174
Tayama S, Tanaka H (2016) A study on the relationship between communication environment and effectiveness of slow read DoS attack. In: Proceeding of the computer security symposium, vol 2016(2), pp 749–755
Hirakawa T, Ogura K, Bista BB, Taketa T A defense method against distributed slow HTTP DoS attack. In: Network-based information system, pp 152–158 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Science+Business Media Singapore
About this paper
Cite this paper
Tayama, S., Tanaka, H. (2018). Analysis of Slow Read DoS Attack and Communication Environment. In: Kim, K., Joukov, N. (eds) Mobile and Wireless Technologies 2017. ICMWT 2017. Lecture Notes in Electrical Engineering, vol 425. Springer, Singapore. https://doi.org/10.1007/978-981-10-5281-1_38
Download citation
DOI: https://doi.org/10.1007/978-981-10-5281-1_38
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-5280-4
Online ISBN: 978-981-10-5281-1
eBook Packages: EngineeringEngineering (R0)